Connected Cars: Risks for Automated Vehicles.

broadcom-connectedcar_slide.jpg

Every day more devices are being connected to the Internet and connected cars are growing in number each year. These cars are well equipped with automatic notification of crashes, notification of speeding and safety alerts, but reports suggest that they are prone to cyber attacks because not enough measures have been taken to adequately protect these connected cars from hackers.  
The connected car could make our cloud services, e-mail, text messages, contacts, and other personal, financial, and work data vulnerable to hackers. Burglars could determine vehicle location provided by the vehicle’s e-email, text messages, contacts, and other personal, financial, and work data vulnerable to hackers. Burglars could determine vehicle location provided by the vehicle’s GPS to monitor when a home’s occupants are miles away. Hackers can gain access to vehicle networks and wreak havoc on traffic and even threaten the safety of vehicle occupants.
Connected cars can share information for a C2C (car-to-car) or a C2I (Car-to-Infrastructure) connections in real-time. Cars are becoming part of IoT (Internet of Things). Experts predict that (car-to-car) or a C2I (Car-to-Infrastructure) connections in real-time. Experts predict that IOT risks are going to increase drastically this year. How data is fetched from the Internet or data requests that are going from the car should be analyzed and evaluated. So, the focus is going to be in the cloud.
And with all the time we spend in where cars on the road will automatically swap data such as speed and direction, sending alerts to avoid crashes or traffic snarls. And with all the time we spend in our cars, it makes sense that they should become personalized digital assistants. 
Recently, German auto outfit announced it was sending an over-the-air update to cars featuring its SIM-based ConnectedDrive module. This allows drivers to remotely unlock their car, but the German automobile club ADAC had reverse-engineered the telematics software and warned BMW that a flaw made it possible for third parties to unlock vehicles. The update, which introduces HTTPS encryption to the car’s connection with BMW’s servers, is automatically downloaded as soon as the car module talks to that system.
Hackers were in theory able to dupe the car into unlocking by creating a fake mobile network, according to Reuters. There is no evidence that the flaw has been exploited, though it was present in up to 2.2 million BMWs, Minis and Rolls-Royces. Though, the vulnerability was patched on time by the company, there is always a learning from such an event. The majority of all automakers transmit data to third parties.
Recently, Oracle developed a platform to develop an application for cars using JAVA. Similarly, Qualcomm, AT&T and others are bringing in new platforms exclusively for connected cars. With such great technologies, we are creating a vast new attack surface for the hackers. The future is going to depend on the way we are going to provide Security awareness and security development for these connected cars.
Security Affairs http://bit.ly/1EXU3Y4

 

« 5 Essential Truths of The Internet Of Things
Drones: The Looming Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Exterro

Exterro

Exterro is a leading provider of e-discovery and information governance software specifically designed for in-house legal, privacy and IT teams at Global 2000 and Am Law 200 organizations.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.