Skip to Content

Your Car Could Learn to Recognize Hackers

New software protects autos against hackers by figuring out what normal Internet traffic should look like.
June 21, 2016

If malware seems like a nuisance on your PC, just wait until it hits the 3,000-pound piece of metal you ride around in every day.

Fortunately, your car might soon learn to spot malevolent code before it can run amok. At an automotive conference last week, Symantec announced a product designed to catch malware by learning what patterns of data traffic should look like inside a car and raising flags if it spots something unusual. This could enable the system to spot previously unseen, or “zero day,” automotive exploits, says Brian Witten, senior director of IoT Security at Symantec.

“We learn what’s normal for how [the computers in a car] talk to each other, and we capture that,” Witten says. “If some of the modules are forced to interact with each other in a different way, the car knows it’s gone into a potentially dangerous state, and then it can try to do some remediation, or send the information back to automaker headquarters.”

Car hacking is still theoretical. But cars have proven very vulnerable to hacking by security researchers (see “Taking Control of Cars from Afar”). As vehicles become more computerized and connected, it seems inevitable that miscreants will eventually target them (see “Rebooting the Automobile”).

This March, in fact, the FBI and the National Highway Transportation Safety Authority issued a public service announcement warning that many modern cars are vulnerable to hacking. This followed headline-grabbing demonstrations performed at major security conferences. Academic experts have also warned that greater automation, built on top of many new computer systems and sensors, will introduce further security risks (see “Your Future Self-Driving Car Will Be Way More Hackable”).

Carmakers and security companies are rapidly stepping up efforts to protect cars against hackers. But the big question the industry faces is how best to protect vehicles against hackers, without following the model that has left personal computers and corporate IT systems so vulnerable. That model has hardly proven very robust, with high-profile hacking incidents alarmingly common.

“Are those the types of outcomes we want in this new domain, where nearly 100 percent of the cars we have on the road have some kind of cybersecurity event in the span of a year?” asks Beau Woods, a computer security expert who is part of I Am the Cavalry, a nonprofit dedicated to raising awareness about automotive security issues. “I think by and large the answer from policy makers, the general public, from insurers, from health-care providers, from carmakers is going to be no.”

Other security companies, as well as many carmakers themselves, are developing various security countermeasures. These include new designs for automotive computer systems and networks that encrypt code as well as additional protections like firewalls and intrusion detection systems designed to block or catch suspicious traffic, and antivirus-like software that would spot the signature of a malicious piece of code.

There is, however, plenty of evidence that carmakers could step up their game when it comes to implementing security from scratch. At a recent industry conference, Corey Thuen, a researcher at IOActive who specializes in automotive issues, presented a survey of automotive exploits demonstrated by various researchers. It showed that automotive security is now woeful. Thuen found that 45 percent of vulnerabilities would be avoided if engineers had used basic best practices, such as avoiding default passwords, not installing simple backdoors, and using secure coding methods. “Securing it in the design phase is definitely where most of the effort should be put now,” Thuen says.

Carmakers are addressing these problems and also designing future systems to be more secure, says Craig Smith, cofounder of Open Garages and author of The Car Hacker’s Handbook. Smith adds that the growing sophistication of vehicles actually presents a good opportunity to build in security. “This is what most automotive companies are working toward,” he says. “As new vehicles come to market, there is a greater emphasis on protecting the vehicle from malicious attacks.”

And for those who might wonder why anyone would want to hack a car, Thuen of IOActive makes an alarming point. “It’s not as interesting as hacking a bank, from a monetary perspective,” he says. “But if you’re talking about remote untraceable assassination, in some kind of worst case, that’s certainly a possibility.”

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.