Data Protection in the Car - Part 1

More and more, the car is turning into a network on wheels. This raises concerns regarding data protection and data security.

IT specialists from the University of Southern California investigated the security of electronic control systems in cars. They discovered that it is possible to trigger numerous dangerous actions by hacking into the electronics of modern cars. For example, the brakes could be deactivated and the ignition could be switched off while the car was in motion. Also, a spontaneous full application of the brakes was possible through external manipulation.

Until now, experiments in this area focused on the vulnerability of the car's internal networking, such as that involved in the common Controller Area Network (CAN). The scientists have now identified the data-exchange between CAN-bus controllers and the wirelessly linked tire pressure sensors as a weak spot. By tampering with this, it is possible to feed misleading data into the car, as well as to record movement profiles for the respective vehicle from the transmitted radio signals.

The researchers were able to manipulate the transmitted data of the tire pressure sensors by simple means. They found that the system works without any encryption and that the on-board electronics of the examined cars blindly trust the received signals.

The system's setup permits deceptive hacker attacks as well as other activities designed to drain the sensors' batteries. The researchers could easily read the sensors from a 10 meter distance. When they used an antenna booster, they were able to do this within an extended range of 40 meters (44 yards) from a parked car. The 32-bit sensor IDs obtained in this way provide a similar opportunity for tracking vehicles within road traffic and for contributing to the detection of movement profiles as video technology does. The drivers of the vehicles cannot deactivate the sensors and are, therefore, defenseless against this type of monitoring.

In the selection of company vehicles, the security of the BUS systems should definitely play a role. Admittedly, the use of a vehicle will often last longer than the data security of a system will last. Your data protection expert will be able to tell you what to look out for and at which points further data protection related problems might be lurking in the operation of a fleet of vehicles.

Sources:

www.heise.de/newsticker/meldung/An-der-Felge-erkannt-1057409.html

www.heise.de/autos/artikel/Auto-Manipulation-via-CANbus-Forscher-decken-Sicherheitsluecken-auf-1059012.html