MCAFEE REPORT ON AUTOMOTIVE SYSTEMS FINDS PREVELANT LACK OF SECURITY IN TODAY’S VEHICLES
Partners with Wind River and ESCRYPT to Provide Analysis of Emerging Risks in Automotive Embedded Systems
SANTA CLARA, Calif., Sept. 7, 2011 – McAfee, in partnership with Wind River and ESCRYPT, today released a new report “Caution: Malware Ahead,” an analysis of emerging risks in automotive system security. The first-of-its kind report examines the security of electrical systems that have become commonplace in today’s cars. These embedded devices are used in almost all areas of automobiles including airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication.
Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available. Other researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters.
“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” said Stuart McClure, senior vice president and general manager, McAfee. “Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”
The automobile industry is continually adding features and technologies that deliver new conveniences such as Internet access and the ability to further personalize the driving experience. Consumers want to stay connected, even in their cars, which is motivating automobile manufacturers to increase integration between cars and consumer devices such as smartphones and tablets. However, in the rush to add features, security has often been an afterthought. The report highlights examples of how automotive systems have been compromised.
The new report from McAfee examines risks associated with cybercriminal activity including:
- Remotely unlock and start car via cell phone
- Disable car remotely
- Track a driver’s location, activities and routines
- Steal personal data from a Bluetooth system
- Disrupt navigation systems
- Disable emergency assistance
“The auto industry is experiencing a convergence of consumer and automotive electronics. Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities,” said Georg Doll, senior director for automotive solutions at Wind River. “The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
For the full report, please visit www.mcafee.com/autoreport.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.