[Paleopsych] NYT: Can a Virus Hitch a Ride in Your Car?
checker at panix.com
Thu Apr 14 19:07:35 UTC 2005
Can a Virus Hitch a Ride in Your Car?
By TOM ZELLER Jr. and NORMAN MAYERSOHN
A VIRUS can wreak havoc on computer files, hard drives and networks,
but its malicious effects tend to be measured in wasted time, lost
sales and the occasional unfinished novel that evaporates into the
digital ozone. But what if viruses, worms or other forms of malware
penetrated the computers that control ever more crucial functions in
Could you find yourself at the wheel of two tons of rolling steel that
has malevolent code coursing through its electronic veins?
That frightening prospect has had Internet message boards buzzing this
year, amid rumors that a virus had infected Lexus cars and S.U.V.'s.
The virus supposedly entered the cars over the Bluetooth wireless link
that lets drivers use their cellphones to carry on hands-free
conversations through the cars' microphones and speakers.
The prospect is not so implausible. A handful of real if fairly benign
cellphone viruses have already been observed, in antivirus industry
parlance, "in the wild."
Still, a virus in a cellphone might muck up an address book or, at
worst, quietly dial Vanuatu during peak hours. But malicious code in
cars, which rely on computers for functions as benign as seat
adjustment and as crucial as antiskid systems that seize control of
the brakes and throttle to prevent a crash, could do far more harm.
The Lexus tale, based on murky reporting and a speculative statement
by Kaspersky Labs, a Moscow antivirus company, seems to have been
unfounded. "Lexus and its parent companies, Toyota Motor Sales USA
Inc. and Toyota Motor Corporation in Japan, have investigated this
rumor," the carmaker said in a statement last month, "and have
determined it to be without foundation."
But the question lingers: Could a car be infected by a virus passed
along from, say, your cellphone or hand-held computer? Or worse, by a
hacker with a Bluetooth device within range of the car's antennas?
The short answer is, not yet.
"Right now this is a lot of hype rather than reality, the idea that
cars could be turning against us," said Thilo Koslowski, a vice
president and lead analyst for auto-based information and
communication technologies at Gartner G2, a technology research firm.
"We won't see John Carpenter's 'Christine' becoming a reality anytime
But Mr. Koslowski and others are quick to point out that the elements
for mischief are slowly falling into place:
First, vehicles are increasingly controlled by electronics - to the
point that even the simple mechanical link between the gas pedal and
engine throttle is giving way to "drive by wire" systems.
Second, more data is being exchanged with outside sources, including
cellphones and real-time traffic reports.
Finally, the interlinking of car electronics opens up the possibility
that automotive worms could burrow into a memory storage area in ways
that engineers never imagined.
Since the early 1990's, the various computers that manage a car's
engine, transmission, brakes, air bags and entertainment systems have
been increasingly linked in networks much like the ones that offices
use to let workers share printers, scanners and backup storage drives.
Benefits of interconnecting the electronic devices include less wiring
- a luxury car can contain miles of copper cables - and reduced
weight, an important factor in improving performance and fuel economy.
Less obvious are the advantages of having the components communicate:
an antiskid system, designed to help keep a car from spinning out of
control, links sensors in the steering, brakes and throttle, and can
effectively seize control from the driver.
Other systems in which computers essentially take over, if only for a
second, include emergency-brake assist, which provides maximum braking
force when sensors detect the need for a panic stop, and "active
steering," a feature now exclusive to BMW in which computers can
compensate for a driver's recklessness.
The latest versions of in-car information systems, known as
telematics, include the ability to diagnose vehicle maladies. General
Motors' OnStar can forward readings from sensors throughout the car
for troubleshooting, a process called remote diagnostics. (All G.M.
cars will include OnStar by the end of 2007.)
The data, read from the engine-control computer, is transmitted over
the OnStar cellphone link. Several automakers have discussed plans to
use this conduit to update a vehicle's software or even perform
electronic repairs, though no automaker is currently doing this
regularly. Microsoft has entered this business, too, having recently
signed a deal to provide software for a telematics and diagnostics
system to be installed in all Fiats, starting this year.
By design, the various controls are not isolated from other in-car
processors, since they need to share information to operate
effectively and avoid the need for redundant sensors, wiring and
microprocessors. Also, automakers have begun to share in-car
processing power and memory capacity over the network, said Paul
Hansen, the publisher of an industry newsletter, The Hansen Report on
In a car with a stand-alone cellphone installation there would be no
pathway for pernicious computer code to enter the vital electronic
systems. But as automakers work to take advantage of linked
processors, ready exchanges of data - and malware - become possible.
Possible does not, however, mean easy. Unlike the anonymous and remote
world of PC viruses delivered over the Internet, a ne'er-do-well would
need, in most cases, a few moments alone with a car to impregnate it
with malware - for now.
Marko Wolf, a research associate at Ruhr-Universität in Bochum,
Germany, and co-author of a recent study of security in automotive
networks, said a rogue mechanic with under-the-hood access could make
short work of planting malicious code. And as internal networking
reaches the exposed extremities of a car - its side mirrors, say, or
its lights - the number of potential access points increases.
"Cars have extended their bus wires and controllers even into their
electronic mirrors" and to receivers for global-positioning signals,
Mr. Wolf said, conjuring a "Mission: Impossible" plot: "One can easily
hack into the internal communication system just by breaking away that
outside part and connecting the bare bus wires with a P.D.A. or
laptop." (A bus is essentially a collection of wires linking one part
of a computer - or a car - to another.)
Looking ahead, a proliferation of remote access points - OnStar-type
services, for instance, or short-range Bluetooth connections - will
raise the odds that virus writers will eventually try to beam a bug
across the ether. Just as such services let the car send data to the
outside world, malware writers could try to use those wireless
conduits to send destructive payloads into cars.
Systems like OnStar, known for providing emergency assistance or
concierge services (its operators will make restaurant reservations
for you), in fact hold deep conversations with the car's networks.
Besides the ability to provide engine diagnostics and unlock the doors
by remote to rescue forgotten keys, an advanced level of OnStar - now
on about a dozen G.M. models - will report detailed data about a
collision to emergency medical personnel.
Navigation systems, which have used only a time signal from satellites
to determine a car's location, are adding traffic information. The
Acura RL is the first with this service; updates about congestion or
construction delays are sent to the car and displayed on the
Despite these potential pathways, creating a virus that would spread
within the car would be no small feat. In the Windows-dominated PC
universe, "the programmer only has to know the PC processor" to do
damage, said Egil Juliussen of Telematics Research Group of
Minnetonka, Minn., a firm that tracks the rise of in-car networking.
"The auto is a very different environment," he said. "The infotainment
system may have multiple processors and operating systems. The
navigation system has one processor or operating system, the
telematics system may have another one and the radio may have a third
Getting a virus to propagate from one system to another would be akin
to designing malware that could pass from a Windows environment to a
Macintosh system and on to a Linux machine - infecting them all.
"The point is that the virus writer needs to expand his knowledge by a
factor of 10 or more over the PC world," Mr. Juliussen said. Even
then, he said, with operating systems - particularly those that
control crucial mechanical systems - remaining varied and proprietary,
a successful virus could function in only a small fraction of cars.
"It's feasible," Mr. Juliussen said, "just a lot harder."
Whether virus writers can overcome the hurdles remains an open
question, but evidence from the PC world suggests that as on-board
networking becomes more widespread and standardized, they will
certainly try. Early speculation, like the Lexus rumors, may help
focus attention on the potential problem before car malware has a
chance to flourish.
"I am very happy to see as many rumors of that sort as believable as
possible as soon as possible," said Peter B. Ladkin, a professor of
computer networks and distributed systems at the University of
Bielefeld in Germany. "Because it means that more automakers will pay
attention to what they're doing."
More information about the paleopsych