Car computer security is now turning into a bona fide discipline. Rad herself was recently hired as an embedded-systems engineer at the nonprofit research group Battelle, where she is part of a new six-person team that will begin testing cars at an automobile laboratory in Aberdeen, Maryland, this year. Rad’s team will be assessing known security flaws, looking to see how common they are across different car models, and evaluating whether auto thieves could exploit them.
“If it’s a known vulnerability, it needs to be addressed,” she says. Her own research includes helping to demonstrate last year that systems controlling prison-cell gates can be hacked remotely. Similarly, researchers have already shown how to manipulate a car’s brakes and produce false dashboard readings. Rad’s group will be looking for new flaws as well.
The way manufacturers build cars may make it difficult for them to identify security vulnerabilities on their own, researchers say. Modern cars are put together with electronic parts from numerous third parties, which makes it hard to weed out hardware glitches.
Researchers say it’s not clear whether carmakers will avoid the pitfalls encountered by other high-tech manufacturers, who have often created security holes by adding new features and leaving security as an afterthought. “The answer is to develop a sound security architecture instead of making the old mistakes of trying to ‘bolt on’ security widgets,” says Battelle senior research director Karl Heimer, who leads research on automobile cybersecurity.