McAfee, in partnership with Wind River and ESCRYPT has released a new report “Caution: Malware Ahead,” an analysis of emerging risks in automotive system security.  The first-of-its kind report examines the security of electrical systems that have become commonplace in today’s cars. These embedded devices are used in almost all areas of automobiles including airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication. 

Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available. Other researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters.  

The automobile industry is continually adding features and technologies that deliver new conveniences such as Internet access and the ability to further personalize the driving experience.  Consumers want to stay connected, even in their cars, which is motivating automobile manufacturers to increase integration between cars and consumer devices such as smartphones and tablets.  However, in the rush to add features, security has often been an afterthought.  The report highlights examples of how automotive systems have been compromised. 

The new report from McAfee examines risks associated with cybercriminal activity including: 

• Remotely unlock and start car via cell phone
• Disable car remotely
• Track a driver’s location, activities and routines
• Steal personal data from a Bluetooth system
• Disrupt navigation systems
• Disable emergency assistance