Car Hacking & Data Collection

Uploaded on 2019-03-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the start of this trend. Connectivity, apps, smartphone integration and autonomous driving are on an upward sweep taking us toward widespread public use of driverless vehicles, just a few years away. 

As these developments unfold, the auto and tech industries, as well as US State and Federal Regulators, are scrambling to fully understand and address newfound safety and privacy concerns. 

“The threats to the connected cars of today, and to the autonomous cars of the future, include not only the vehicles, but also the ecosystem they operate in,” said Stacy Janes, chief security architect of the connected transport division of Irdeto, a supplier of software anti-piracy systems.

Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.
The core security and privacy challenges are daunting. A viable level of trust must be established between multiple connected systems intensively collecting a tsunami of sensitive data.

Interestingly, it is the same threshold of trust that must be met to bring the budding Internet of Things economy to full fruition.

Redoubled Innovation
Modern cars rely on a growing bank of computing devices called electronic control units, or ECUs, linked together to control braking, acceleration, steering, engine performance, door locks, climate control, navigation and infotainment.

In 2003, a model of the Toyota Prius came along that featured automatic parallel parking assistance. It took Ford and BMW six years to come up with something similar. And then the pace of innovation shifted into high gear. Today, parking-assist, lane-guidance and collision-avoidance systems are commonplace. Level 5 vehicles, in which human driving is completely eliminated, may arrive as soon as 2020. In the meantime, computer-assisted controls are becoming more pervasive even as infotainment systems are being continually upgraded. 

Safety First and Foremost
It has been more than three years since researchers Charlie Miller and Chris Valasek remotely hacked their Jeep Cherokee as an experiment. Using a laptop and sitting 10 miles distant, the duo took control of the digital display screen, engaged the brakes, cut the transmission and killed the engine.Since the Jeep hack, there have been a number of instances of hackers overcoming the electronic door locks of parked cars. But hacks of moving vehicles has mainly been done by researchers in controlled settings. 

Privacy Matters
USA Today has reported that rental-car companies routinely fail to delete personally identifiable information that renters type into infotainment systems. CBS News recently reported that carmakers have experimented with reselling blocks of location data to mapping vendors, stoking privacy advocates’ concerns about third parties moving to auction information collected from onboard cameras and sensors to the highest bidders.

Already, the move by 17 US States to restrict use of EDR-collected data is reinforcing criticism about the insurance industry leveraging data collected by connected vehicles in ways that might be unfair to individual citizens. 

Threatpost

You Might Also Read:

Cybersecurity In Self-Driving Cars:

« Triton Malware Is Spreading
Knowing How Your Data Behaves Is The Key To Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Airlock Digital

Airlock Digital

Airlock Digital was created after many years of experience in implementing whitelisting/ allowlisting solutions in Federal Government and various enterprises in Australia.