One evening recently my wife yelled for me from her home office. Unfortunately, a virus had infiltrated her notebook pc and had taken the whole system over.
Like other pediatricians, she has been working long hours due to the nasty spread of H1N1. Ironically, standing in the way of her dictating the huge stack of patient charts was an entirely different type of destructive virus.
As some loyal readers know, long before I was an automotive writer I was a tech geek. I was first exposed to computer viruses in the 1980s when my high school became the first in the world to get hit with a system-wide virus — the dreaded nVIR, which took down the school’s fledgling Mac network. After college, I ran the business and technical operations of an early internet provider, Cyberspace.com, which in 1995 provided me the opportunity of working in cooperation with the FBI Computer Crimes Division in an attempt (make that “failed attempt”) to apprehend one of the world’s most wanted hackers and phreakers (one who hacks telecommunications networks and phone systems). I also later worked for web, system management and security software companies.
Ridding computers of malware (the name for malicious software viruses, worms, adware, etc…) is very similar to fixing problems with a car. One simply tries to methodically isolate the symptoms and problems. It is generally a tedious process, but with a great sense of accomplishment when the system is returned to good working order. It’s not surprising that I take as much pride in ridding a computer of a virus as I do synchronizing a pair of SU carbs.
Just like with automotive technology, computer viruses have become far more advanced and complex. I marveled at this specific virus’ ability to lock out the Task Manager and Registry Editor functions, prevent .exe files from running, all while elegantly blocking any web site with any mention of the name of the top anti-virus software applications.
At roughly 1:30AM in the midst of running a scan my train of thought segued from tampering with computers to hacking cars. I chuckled as I remembered when my friends wired the brake light circuit of a guy’s Miata to the horn, so the horn blew every time he hit the brakes.
Then almost immediately I got a sinking feeling in my gut. It occurred to me that the day when an elegantly-designed, yet very malicious virus targeted towards cars and trucks is far closer than any analyst or auto manufacturer have seemingly acknowledged.
Hackers and virus designers utilize two elements to work their evil magic: a host (a vulnerable system) and access (the ability to remotely install software to said host system). As far as the former, cars have been developing as host systems since ECUs of electronic ignition and fuel injection systems replaced points and carburetion in the 1980s. When the 1997 C5 Corvette first appeared, it did so with more on board computers than the first NASA Space Shuttle.
Access to car-based computer management, however, has been lacking. Over the last twenty years automotive systems have essentially been closed systems with access available only via mechanics’ scanners. While scanners do have downloadable updates, the manufacturers ensure that these are also fundamentally closed systems.
The biggest gift to hackers in terms of access is the Internet. By web-enabling cars and trucks to upload and download data from the ‘Net, this can certainly provide the right mind with a key to create mass vehicular chaos.
Let’s face it — the worst thing that can happen to your home computer is that all the data is erased and a full reformat and reload of software is required. All one needs to do is have a creepy imagination (like I do) to see the infinite opportunities for wreaking far greater damage on daily life that viruses could have in the automotive world as compared to personal and business computing. Think of it like Hootie and The Blowfish versus The Beatles in terms of global impact.
New vehicles feature drive-by-wire throttle control, computer-managed variable ratio steering, software-driven transmission, data-processing for stability control (yaw, ABS braking and traction control), and of course on-the-fly manipulation of fuel, spark and air induction. If these systems were to be insecurely tied (even indirectly) to a seemingly innocuous web-enabled process – any or all systems could be hacked and reprogrammed with a virus created by a guy sitting in his parent’s basement with a couple computers and a stack of empty pizza and Mountain Dew bottles.
Imagine if your car had a virus that sporadically reversed the drive-by-wire gas pedal to make wide-open-throttle at the standard idle position. Maybe someone’s idea of “funny” would be to constantly vary the variable ratio steering or deploy all the airbags given a certain odometer reading. My nightmare, though, is that a hacker would write a virus to utilize throttle position data and stability control to simply speed a car up, apply one brake and disable all airbags to ensure a catastrophic collision.
How much web-enabling is enough to open the Box in Pandora’s Camaro? I have no idea. Since manufacturers are already touting in ads the ability for cars to send emails to dealers and text to owners when service is necessary, the window of opportunity seems to be opening. If I were a betting man, I’d guess that the moment one can browse the web or check email via a factory-installed navigation system, the games will be on.
I hope I’m wrong. Maybe the worst thing that will happen is that the nav system in all Dodge Chargers will instantly show all Hooters restaurants and adult theaters in the US. Of course, given that car’s demographic, this would probably be considered a well-appreciated benefit.
And don’t expect anti-virus software to help your car. Most system administrators will tell you that the consumer security software products like Norton are useless, because they are reactionary. They are even less valuable than a car alarm, because at least a car alarm annoys people into noticing a vehicle has been broken into before they throw rocks at the car in hopes of shutting off the noise. In the case of consumer anti-virus software, it just sits there eating RAM totally unaware that the system has been taken over.
As I recall in my discussions with the FBI Computer Crimes guru, the challenge is that there are lonely people spending twenty hours seven days per week trying to hack software, but in the best case scenarios, the engineers are only working eight to twelve hours Monday through Friday to prevent them. Maybe I’m a cynic, but I don’t trust that auto manufacturers right now are taking to heart the old precept: hope for the best, plan for the worst.