The chief technology officer and vice president at integrator Northrop Grumman Information Systems said most cars contain 50, perhaps 100 or more tiny computers accessed through a diagnostic port that could be used to “take over a car by controlling the brakes, the accelerator, the steering wheel, despite whatever the driver might want to do.” A paper, Experimental Security Analysis of a Modern Automobile, delivered earlier this year at an IEEE journal symposium, said the potential attack window could widen as more automakers provide vehicle-to-vehicle and vehicle-to-infrastructure communications networks to third-party development: “An attacker who is able to infiltrate virtually any electronic control unit can leverage this ability to completely circumvent a broad array of safety-critical systems,” the paper said. In the lab and road tests, the researchers took control of a number of a car’s functions and the driver could do nothing about it. They bypassed basic network security protection within the car, and embedded malicious code in its telematics unit to erase any evidence of the hack’s presence after a crash. The Northrop Grumman CEO sees the threat to cars as more theoretical than practical. But he said it shows people must think about cybersecurity more broadly than they have in the past.

Comments? Tweet Security Magazine at