Data-driven Attacks on Automobiles
Security conference DeepSec broaches the issue of automobile security
Vienna – Hacking attacks on cars sound like something out of a Hollywood blockbuster. However, they’re possible today and pose a real threat for individuals and the automotive industry. The international security conference DeepSec, which takes place between the 15th and 18th of November 2011 chose the security of mobile phones, cars and their users as central topics for this year’s conference.
„As in the years before we want to present exciting and controversial topics which concern not only experts, but most of us directly or indirectly in 7 workshops and 34 talks.The liability of modern cars to attacks is on of our topics.” says René Pfeiffer, organiser of DeepSec. “DeepSec acts as neutral platform to connect the hacker-community with IT and security companies, users, officials and researchers.” explains René Pfeiffer.
Hear the music playin’: Hacker attacks via audio files transform cars into “zombies”
Modern cars rely to a large part on sensors, which are connected to brakes, control displays, lights, motor and navigation. Members of the research group Autosec.org found out that cars can be attacked on various ways: whether it’s an MP3 audio file on a CD or on a USB stick, Bluetooth, Wi-Fi or mobile radio frequencies via built in 2G/3G modem, the car and its computer system can be compromised by hackers.
That way one can give commands to the car from outside, it was even possible to install an IRC client over a mobile network connection and with that build a connection that can be used to control bot-nets. The cars act as “zombies” and may infect other vehicles over Wi-Fi capabilities.
In their talk “Patching Vehicle Insecurity” Constantinos Patsakis and Kleanthis Dellios from the University of Piraeus will address those dangers and show how to mitigate the risks.
“Studies show that the automotive industry definitely has a problem which needs to be taken care of. Just imagine what happens if the brakes on a car are blocked or controls manipulated.” says security expert Rene Pfeiffer. “Since it’s already normal to build 2G/3g-modems into cars, attackers can resort to the well-tried “war dialling” to find cars which offer themselves as potential targets. Car manufacturers still have to invest lots of work in securing their technologies.”
Further topics of DeepSec 2011 are: encryption techniques used by modern terrorists after 9/11, attacks on GSM/GPRS networks, security risks with IPv6, code review, digital espionage, digital forensics, incident response, malware research, secure communication, network protocols, patch & upgrade Management, secure software development, security management, social engineering, web application security and mobile radio technologies.