Car Hacking & Data Collection

Uploaded on 2019-03-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the start of this trend. Connectivity, apps, smartphone integration and autonomous driving are on an upward sweep taking us toward widespread public use of driverless vehicles, just a few years away. 

As these developments unfold, the auto and tech industries, as well as US State and Federal Regulators, are scrambling to fully understand and address newfound safety and privacy concerns. 

“The threats to the connected cars of today, and to the autonomous cars of the future, include not only the vehicles, but also the ecosystem they operate in,” said Stacy Janes, chief security architect of the connected transport division of Irdeto, a supplier of software anti-piracy systems.

Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.
The core security and privacy challenges are daunting. A viable level of trust must be established between multiple connected systems intensively collecting a tsunami of sensitive data.

Interestingly, it is the same threshold of trust that must be met to bring the budding Internet of Things economy to full fruition.

Redoubled Innovation
Modern cars rely on a growing bank of computing devices called electronic control units, or ECUs, linked together to control braking, acceleration, steering, engine performance, door locks, climate control, navigation and infotainment.

In 2003, a model of the Toyota Prius came along that featured automatic parallel parking assistance. It took Ford and BMW six years to come up with something similar. And then the pace of innovation shifted into high gear. Today, parking-assist, lane-guidance and collision-avoidance systems are commonplace. Level 5 vehicles, in which human driving is completely eliminated, may arrive as soon as 2020. In the meantime, computer-assisted controls are becoming more pervasive even as infotainment systems are being continually upgraded. 

Safety First and Foremost
It has been more than three years since researchers Charlie Miller and Chris Valasek remotely hacked their Jeep Cherokee as an experiment. Using a laptop and sitting 10 miles distant, the duo took control of the digital display screen, engaged the brakes, cut the transmission and killed the engine.Since the Jeep hack, there have been a number of instances of hackers overcoming the electronic door locks of parked cars. But hacks of moving vehicles has mainly been done by researchers in controlled settings. 

Privacy Matters
USA Today has reported that rental-car companies routinely fail to delete personally identifiable information that renters type into infotainment systems. CBS News recently reported that carmakers have experimented with reselling blocks of location data to mapping vendors, stoking privacy advocates’ concerns about third parties moving to auction information collected from onboard cameras and sensors to the highest bidders.

Already, the move by 17 US States to restrict use of EDR-collected data is reinforcing criticism about the insurance industry leveraging data collected by connected vehicles in ways that might be unfair to individual citizens. 

Threatpost

You Might Also Read:

Cybersecurity In Self-Driving Cars:

« Triton Malware Is Spreading
Knowing How Your Data Behaves Is The Key To Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

SQN Banking Systems

SQN Banking Systems

SQN Banking Systems fraud detection software products are a critical step towards overcoming the growing problem of fraud across the various payment channels.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Black Girls In Cyber (BGiC)

Black Girls In Cyber (BGiC)

Black Girls In Cyber's mission is to increase industry awareness and diversity in cybersecurity, privacy, and STEM for women of color.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.