Ford Motor Company has recently announced that later this year it will be producing cars with built-in WiFi capabilities. Since 2008, the first generation of this system enabled owners of certain Ford, Lincoln & Mercury vehicles to connect media players & bluetooth devices to their entertainment systems. This second generation of its so called Sync technology will include a full Windows CE operating system which includes the ability to surf the Internet when the car is stationary.
Interestingly, Ford has made a point of announcing that they have developed a set of security features to ensure the integrity of the system, despite using a relatively mainstream operating system with browser functionality. Historically Windows operating systems and all browser applications have been prime targets for the bad guys, with vulnerabilities being discovered on a semi-regular basis. Ford says that the WiFi network will be protected by WPA2 encryption, and on board firewalls will protect the network. I find it interesting that public awareness of computer security issues has reached a level where Ford feel it is important to point out the security features they are building into their systems.
With the increasing application of electronics and the electronic control of engine & chassis components, the reliability & integrity of those electronic controls is becoming more and more paramount. It is one thing for the electronics in your car to have a problem that causes your sound system to not be able to play your songs from your iPod. It is an entirely different thing if those electronics cause a sudden loss of brakes or a loss of control of the throttle. Problems such as that can be life threatening. Recently we have seen many news reports about the apparent problem with a "software glitch" in the anti-lock braking system of Toyota Prius vehicles, resulting in a recall of over 430,000 cars all over the world.
I'd like to think the entertainment and communications system that sychronizes external devices with the vehicle's systems is kept completely physically separate from the vehicle control systems. The last thing anybody wants is for the possibility of malware infecting a vehicle's control systems and causing a driver to lose control of the vehicle as a result of that infection.
Hmmm, it may just give a whole new meaning to the computer virus term of "auto-infection", "autorun" and maybe even "mobile security"!
It may be taking things a little too far to envision scenes similar to those in the move "Christine", where a dilapidated 1958 Plymouth Fury is possessed by supernatural forces. Christine (that's the name of the car) goes on a killing spree in suburban Pennsylvania. I can't see things becoming that bad if a car managed to become infected by malware, but it is technically feasible that a car that has had its vehicle control systems compromised by malware could prove just as deadly.
It's yet another an example of how our real world is moving closer to the fiction and science fiction worlds that we see in movies. More than many of us would realize!
We've seen the movie "Snakes On A Plane". Will we one day see a movie called "Worms In A Car"?
Senior Cybercrime Research Analyst
Author ESET Research, We Live Security