/* ]]> */
Aug 312012

Imagine this scene, repeated a million times across the country, all within five minutes. Here’s how it could happen.

Let’s mix together a couple of known vulnerabilities and see what might happen.

The first known vulnerability is the ‘just in time’ system whereby no supermarkets or pretty much any other business keeps a reserve stock of goods, relying instead on deliveries timed to arrive just as stocks are about to run out.  This is very dependent on the smooth predictable operating of our transportation system.  Ordering new supplies of a product that are three trucking days away involves the assumption/expectation that the trucks will indeed cover the journey in the three days anticipated.

The second known vulnerability is for viruses to infect computers and other computer controlled devices.  We’ve written about this several times – you can see a list of relevant articles about the vulnerabilities in computers and control systems here.

Now, let’s join these two risks together.  Did you know that just about all modern cars and trucks are computer controlled?  A modern vehicle has a dozen or more computer subsystems within it, controlling just about everything the vehicle can do.  These days, even the gas pedal isn’t an ‘analog’ control device such as it used to be.  In the past, when you stomped on the gas pedal, a series of link rods or a cable transferred your movement of the gas pedal to eventually a movement in the carburetor valves, increasing the flow of the fuel/air mix into the engine proportional to your gas pedal movement.  Sure, the cable could break, the link rods could stick, but there’s no way that some other person, in another country, could do something to interfere with your car (and everyone else’s car simultaneously) to stop it accelerating when needed.

But these days when you move your gas pedal, a rheostat sends an electrical signal from the gas pedal to the engine management computer.  The engine management computer interprets that signal and decides what to do in response.

We sometimes now have situations involving mysterious things like unintended acceleration.  The real cause of these is hard to establish, but one of the factors that is a possibility is a glitch in the programming that runs the engine management computers and how they interpret and respond to things in different scenarios.  We all know there’s no such thing as bug-free software, after all.

But let’s move beyond that to a less benign thing.  What say hackers deliberately infected the engine management computers of as many vehicles as they could, loading in a secret bit of code that would instruct the vehicles to maybe simply just die at a specific time.  More malignantly, they could instruct the vehicles to switch to full throttle acceleration at that time, and also make the vehicles ignore any attempts to kill the engine by turning off the ignition switch.  Depending on the sophistication of your vehicle, it might also be able to interfere with your attempts to brake, and it might even lock all the doors and roll up the windows, trapping you inside.

Such a sequence of events would either destroy the vehicle engine or the vehicle entirely, and possibly both.  It wouldn’t be very good for the people in the vehicle at the time, either!

How could this be done?  How could a hacker in, for example, Bulgaria or Turkey or anywhere somehow load a virus into your car, and into many millions of others, too?  Unfortunately, that isn’t as impossible as you might think.  Sure, your car is probably not connected to the internet.  But it regularly connects to devices which are connected to the internet, such as diagnosis computers when you take your car in for servicing.  You probably don’t realize that many times, part of a routine servicing will be uploading new patches and fixes to your car’s computer systems.  If the hacker has managed to get into the General Motors (or any other manufacturer’s) system and infect that with his virus, it will get transferred to your car as part of the update.

Alternatively, another way into your car is to infect the computer programs that run the diagnostic machines.  If the hackers can’t get into the auto manufacturers’ computer systems, maybe they can instead get into the diagnostic machines and attack your car that way.

There are lots of other ways to achieve the same objective, even loading bogus software onto a CD or DVD that powers your sat-nav system, or which simply runs in your car-stereo might do the job.

Let’s say the hackers do succeed in getting some virus code into several of the major car manufacturers vehicle lines.  Then they just program the code so that it will simultaneously fail all the vehicles at very close to the same time.  One minute, traffic is flowing smoothly across the nation, then over the course of ten minutes or so, cars and trucks start careering wildly across freeway lanes, running off roads, having multiple vehicle collisions, and blocking major freeways and arterials with the wreckage caused.

How long would it take to clear the roads – remember that the vehicles used for road clearing may be affected and inoperable too?  How long would it take to replace the disabled vehicles – either their control systems or the vehicles entirely?

There’s just not the inventory of spare vehicles or spare computer controls ready to be deployed.  Sure, we’d all rush to the nearest second-hand car dealer to get a replacement, but many of these vehicles will also be infected, and there isn’t enough inventory of second-hand cars (and, more importantly, second-hand trucks) available to quickly resupply our needs.

How long would it take to urgently build millions more control computers?  That could be somewhere between months and years.

And that three day delivery time for fresh food?  That ain’t gonna happen, is it.  Not in three days.  Not even in three weeks, and even three months is probably way too optimistic a hope.

Such a scenario is far from impossible to put together and create, and even if it only disabled one half or one third of all the vehicles out there, the effects would be much greater than a one half or one third diminution from normal.

Let’s also remember that emergency service vehicles would also be disabled.  As soon as rioting breaks out (which it inevitably would) neither the police nor fire services will be able to adequately respond.

And next time a power line goes down, will the utility company’s truck be working to go repair it?  Will it even be able to get there due to stalled vehicles blocking the road.

Sure, some food supplies could be air freighted around the country – but think through the entire process involved there.  The food and other essential goods would first have to be taken from where they were grown or made and trucked to the airport – how’s that going to happen?  Then, upon arriving at their destination, they still have 10 – 100 miles from the airport to wherever they ultimately need to get to.  So that’s not going to be an adequate or effective solution.

Let’s say that freight capabilities drop by two thirds.  What would you do if you could only get one third the food you need?  And what will your neighbors do?  Don’t say ‘we’ll live off the food in the freezer’ because the power might fail, and with tankers not being able to deliver adequate fuel to your local gas station, your generator has a problem too.


People often like to ask us ‘So what all are you worried about?’ and it isn’t always an easy question to answer, because the short answer is ‘everything’ – a response which sounds foolish to someone how hasn’t really thought through the terrible vulnerabilities that are rife in our current system and society.

We know about and can list the ‘big’ deals that could destroy our society in a flash (literally in the case of nuclear war, figuratively in other cases) but the thing is the list of risks is very open-ended, and it doesn’t just include the things we can easily think of.  It includes all sorts of other things too – things we can’t conveniently think of today.  (Maybe just point them to our entire vulnerabilities section.)

A hostile nation hacking the vehicle management computers of our nation’s vehicles, and then commanding them all to fail at the same time is a viable attack that could be conducted, and a great example of a risk that few people ever stop to consider.  How many other obscure risks are also out there?  Ten?  A hundred?  A thousand?  It is anyone’s guess, with the short answer being ‘too many’.  Prepping is essential.

This article takes a positive approach to the challenge – it tells us how Intel (and others) are trying their hardest to close vulnerabilities and make it harder to get viruses into cars.  But if they succeed in making a virus-proof computer, that would be one for the record-books – to date every virus-proof computer has always been proven to be vulnerable.

This is another reason why, in choosing bug-out vehicles, we need to favor vehicles that are as low-tech as possible.

Sure, all the modern computerization does wonderful things for our vehicles, their fuel economy and reliability, and everything else.  But they add new risks and wild-cards, and make it harder for us to manage and maintain our vehicles, by ourselves (in an emergency).  They force us to become more reliant on uncontrolled and uncontrollable third-party sources of support, which is the exact opposite of what we seek to do as prudent preppers.


David Spero[suffusion-the-author display='description']

Leave a Reply

/* ]]> */