View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 8, 2011

Modern cars vulnerable to remote malicious attacks: McAfee

Hackers could turn off your car engine, inflate airbags, while you're driving, warns technology security company  

By CBR Staff Writer

Ever growing use of software and wireless technology in modern cars exposes users to unknown risks to personal safety while driving, according to security technology company McAfee.

In a new report on emerging risks in automotive system security, McAfee said that researchers have already demonstrated potential attacks on running cars such as opening doors and starting car engines by using text messages. The risk of losing control and privacy increases if hackers gain access to the cars physically, but malicious hacking could target drivers remotely as well, said the report.

The report said that "researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters."

The report, ‘Caution: Malware Ahead’, published in conjunction with Wind River and ESCRYPT, examines the security of electrical systems that have become commonplace in today’s cars.

Modern cars have become ever more reliant on wireless systems such as Bluetooth and software to function. McAfee said that software is embedded in several car parts now including airbags, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication.

McAfee senior vice-president and general manager Stuart McClure said as more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

McClure added, "Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."

The automobile industry is continually adding features and technologies that deliver new conveniences such as Internet access and the ability to further personalise the driving experience. However, in the rush to add features, security has often been an afterthought, the report said.

The report studies risks associated with cybercriminal activity in modern cars including: remotely unlocking and starting a car via cell phone; disabling a car remotely; tracking a driver’s location, activities and routines; stealing personal data from a Bluetooth system; disrupting navigation systems; and disabling emergency assistance.

Wind Riversenior director Georg Doll said, "The auto industry is experiencing a convergence of consumer and automotive electronics. Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.