July 28, 2015

Barrett assists with research into 'car hacking' threat

Patrick Barrett, director of transportation services, demonstrates the new automated auto rental system available on City and East campuses. Barrett was honored by the National Association of College and University Business Officers for the implementation of the Keyosk system.
Troy Fedderson | University Communications

Troy Fedderson | University Communications
Patrick Barrett, director of transportation services, demonstrates UNL's automated auto rental system. Barrett is part of a national organization that examined the threat of "car hacking" last year.

Just as organizations have computer security and network policies to prevent viruses, hacks and other threats, in the future it may be necessary to adopt business policies to prevent “car hacking,” according to Patrick Barrett, director of transportation services at UNL.

On July 24, Chrysler announced a recall of 1.4 million vehicles that may be affected by a software vulnerability in the automaker’s Uconnect dashboard computers.

The vulnerability was demonstrated to WIRED.com earlier in July when security researchers Charlie Miller and Chris Valasek hacked a Jeep being driven by reporter Andy Greenberg. Among other things, the Jeep went into a ditch when the hackers remotely disabled its brakes.

Late last year, a group representing administrators of business car fleets raised similar concerns. Barrett, educational development chair for the NAFA Fleet Management Association, was among those who studied the potential threat.

“Hopefully, ‘car hacking’ never becomes a reality, but if you think about it, not that many years ago we didn’t password protect personal computers and nobody imagined computer viruses,” Barrett said. “With this in mind, I believe now is the time to start protecting our fleets from the future we hope never occurs.”

Preventive measures might include:

  • Capping on-board diagnostic system ports to prevent easy access.

  • Installing anti-virus software, if available, in vehicles.

  • Replacing factory sound systems and GPS with aftermarket equipment that operates independently of factory-installed on-board computers, in cars that have “drive-by-wire” controls instead of traditional hydraulic and mechanical controls for brakes, throttle or steering.

  • Disabling Bluetooth in equipped vehicles.

  • Regularly screening vehicles for possible security breaches.

Barrett stressed that those proposed prevention measures are purely speculation and said much research is required to develop a realistic policy. For one thing, he doubts that anti-virus software for the automotive industry will ever be available or necessary.

“But a proactive approach is better than a reactive approach if car hacking becomes a reality,” he said.