McAfee warns of hacker threat to autos

The first-of-its-kind report, entitled "Caution: Malware Ahead" and released late Tuesday, warned that security is lagging as vehicles are enhanced with embedded chips and sensors for a growing array of purposes.

"As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases," said McAfee senior vice president and general manager Stuart McClure.

"It's one thing to have your email or laptop compromised, but having your car hacked could translate to dire risks to your personal safety," he added.

Chips are embedded in almost all parts of cars from airbags, brakes, and power seats to cruise controls, anti-theft gadgets, and communications systems, according to McClure.

Researchers have demonstrated that computers controlling functions in automobiles can be hacked if attackers get into vehicles and, in some cases, from afar.

A security consultant with iSEC Partners showed peers at a recent Black Hat security conference in Las Vegas that it is possible to unlock or start cars by sending commands in the form of text messages from smartphones.

Sensors used by roadside emergency services to find cars or by car owners to make sure vehicles are being driven safely, can give cyber stalkers ways to track someone's movements, according to the report.

Hackers could disrupt car navigation systems, steal personal data through Bluetooth connections, or disable vehicles remotely, the findings indicated.

"The automobile industry is continually adding features and technologies that deliver new conveniences such as Internet access and the ability to further personalize the driving experience," the report said.

"However, in the rush to add features, security has often been an afterthought," it said.

There were no indications that hackers have yet taken advantage of computer vulnerabilities in cars, according to McAfee.

McAfee and smart gadget software specialty firm Wind River, both owned by US chip colossus Intel, collaborated with embedded device security firm ESCRYPT on the study.

"As the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities," said Wind River senior director for automotive solutions Georg Doll.

"The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them," Doll added.

Researchers cited industry projections that the number of Internet connected devices will climb to 50 billion in the year 2020 from a billion last year.

The bulk of those gadgets are expected to be embedded devices such as airport ticket kiosks, cash registers, key card readers, and controls for factory machinery.

"Today, we're seeing bold new experiments, including Google's auto-piloted cars and smart roads with sensors that report on traffic conditions and vehicle speeds," the report said.

"Experiments like these show the ongoing possibilities... But there is a concern that as the industry advances, there has been little done to ensure the security of these systems."