McAfee: Modern cars can be hacked and disabled remotely

Security firm states that modern cars can be disabled and tracked remotely, using standard consumer computer equipment

Modern cars' reliance on computer systems makes them vulnerable to cyber attack, which could allow hackers to be disable them remotely, according to a report from McAfee released today.

The report was released in conjunction with mobile software firm Wind River and embedded security firm Escrypt. It stated that on-board safety systems could be hacked, citing a recent demonstration of this.

"Last year, researchers of the University of California, San Diego, and the University of Washington demonstrated that critical safety components of a vehicle can be hacked if physical access to the vehicle's electronic components inside the passenger cabin is available," said the report.

The report added that this type of attack could also be conducted remotely by exploiting the BlueTooth capabilities installed in many modern cars.

"Web-based vehicle-immobilisation systems that can remotely disable a car could be manipulated [by hackers].

"The immobilisation system is meant to be a theft deterrent but could be used maliciously to disable cars belonging to unsuspecting owners," it said.

Privacy issues also arise from the use of radio frequency identification (RFID) tags, which are used in car tyres to provide sensor data over wireless short-distance communication to the vehicle.

"The researchers showed that an attack can be mounted by tracking the RFID tags using powerful long-distance readers at around 40 metres," stated the report.

While car manufacturers view electronic features as selling points, Stuart McClure, senior vice president and general manager at McAfee, said they also represent risks.

"Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It's one thing to have your email or laptop compromised but having your car hacked could expose you to dire risks," he said.