Solutions To Automotive Cyber Hacking Risks

Uploaded on 2016-08-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Hackers

Audi TT Infotainment Disply 

Hacking has become one of the auto industry’s biggest concerns, especially as modern cars add more electronic controls and infotainment systems. Last March, the FBI and US National Highway Traffic Safety Administration already warned that motor vehicles are “increasingly vulnerable” to hacking.

There are growing indications the “black hat” world of what’s known as the “dark internet” is shifting attention from computer and smartphone targets to automotive ones, according NBC News.

It’s not uncommon for a modern vehicle to use more than 100 million lines of code to control everything from the engine management system to the onboard infotainment technology. By comparison, there are about 8 million lines of code on the latest F-35 fighter jet.

Modern vehicles are adding a variety of wireless communications systems, such as onboard 4G LTE WiFi hot spots. Even the wireless tire pressure monitoring systems, or TPMS, required on all new vehicles, could give hackers a path into the vehicle, experts warn.

According to Saar Dickman, an executive with Harman International, the multinational electronics firm and CEO of TowerSec, the Israeli firm he founded that is considered a leader in vehicle electronic security, “You’re providing more services and more access… You want to embrace innovation, but you have to understand the risks that come with it.”

Towards the major cybersecurity conference scheduled for this coming week in Detroit, Fiat Chrysler Automobiles has announced a “bug bounty” for hackers who can find and help it patch vulnerabilities in its vehicles’ software.

“The idea is to go out to the hacker community itself and ask for help,” explained Casey Ellis, CEO and founder of Bugcrowd, a San Francisco-based collective that can draw on their knowledge and efforts of an estimated 32,000 hackers around the world. “Crowdsourcing is very effective when applied to this sort of problem.”

So far, most of the reported incidents have been the result of security experts uncovering vehicle vulnerabilities. That has led to recalls by a number of manufacturers including FCA and BMW, with Nissan shutting down a smartphone app used to control the Leaf battery-car because of potential problems.

The issue of cybersecurity “is real, critical, and here to stay,” warned Ellis, whose firm tries to harness hacker skills for good – but who admits one of the challenges is not opening the door for “black hat” hackers to find new ways to crack into vehicle software code.

The concern is that thieves might have found a way to pair their own electronic car keys with the digital engine control systems in the vehicles they target.

The situation is only getting worse, says Dickman. He and other experts point to a number of potential concerns: Hackers could take control of a vehicle remotely, shutting the vehicle down or causing steering or brakes to fail; that would become even more of a risk with self-driving vehicles, e.g. hackers will be able to kidnap or kill motorists by programming in their own destinations; and also personal data could become vulnerable.

Moreover, it’s also a challenge to set up anti-hacking systems that can be constantly updated to block newly discovered threats. Tesla has built into its battery-electric vehicles a system that allows it to use over-the-air, or OTA, updates, and that is likely to become the norm, rather than the exception in years to come. OTA also allows automakers to correct defective software code without issuing recalls forcing customer to drive into showroom service bays.
TowerSec and other cybersecurity firms are also working on new approaches, unique to automobiles, that would automatically lock out suspect software and revert to the original, factory code, if something unusual begins to happen.

I-HLS

« Cyber Insurance: A Digital Necessity
Cyber Spying All At Sea »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.