Cars are now a genuine target for cybercriminals, and it is possible for attackers to gain control of a vehicle while it is in motion – with disastrous consequences.
Alex Fidgen, a director at IT security company MWR InfoSecurity, comments: “It is feasible that an exploitation of any number of embedded devices within a car might allow an attacker to gain control. For instance, this would have serious consequences if the brakes were applied at high speed.”
The comment was made after Volkswagen allegedly sued the University of Birmingham to stop it from publishing how it had hacked anti-theft systems on luxury cars such as Lamborghinis and Porsches.
“Vendors should not try to block security research, they should work together with the researchers to understand the nature and potential consequences of the threats they are facing,” says Fidgen.
“Resorting to legal action to block such details from being published is the wrong approach. Manufacturers should instead incorporate strong security research in the design process.”
He adds “Manufacturers do not seem to have considered the security threat when using embedded computer systems. Cars are becoming increasingly more computerised, particularly supercars which sell for hundreds of thousands of pounds. But not enough thought appears to have gone into securing the systems which leaves the cars wide open to theft and the misuse of computer information.”
Fidgen indicates that such IT vulnerabilities could potentially have very serious impacts, both from security and financial perspectives, as cyber criminals target companies on a daily basis.