Researchers from Rutgers University and the University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged. While the potential for misuse may be minimal, this vulnerability points to a troubling lack of rigor with secure software development for new automobiles, said a co-lead on the study. The researchers presented their findings at the Usenix Security Symposium in Washington D.C. The system that the researchers tested monitors the air pressure of each tire on an automobile. The researchers had found that each sensor has a unique 32-bit ID and that communication between the radio frequency identification tag and the electronic control unit (ECU) was unencrypted, meaning it could be intercepted by third parties from as far away as 131 feet. An attacker could flood the control unit with low pressure readings that would repeatedly set off the warning light. An attacker could also send nonsensical messages to the control unit, confusing or possibly even breaking the unit. Component manufacturers could take some easy steps to strengthen the security of these systems, the researchers conclude. Communications could be encrypted. Also the ECU should filter incoming messages so that any with unexpected payloads should be discarded, so they do not corrupt the system.
Email your comments to email@example.com