Solutions To Automotive Cyber Hacking Risks

Uploaded on 2016-08-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Hackers

Audi TT Infotainment Disply 

Hacking has become one of the auto industry’s biggest concerns, especially as modern cars add more electronic controls and infotainment systems. Last March, the FBI and US National Highway Traffic Safety Administration already warned that motor vehicles are “increasingly vulnerable” to hacking.

There are growing indications the “black hat” world of what’s known as the “dark internet” is shifting attention from computer and smartphone targets to automotive ones, according NBC News.

It’s not uncommon for a modern vehicle to use more than 100 million lines of code to control everything from the engine management system to the onboard infotainment technology. By comparison, there are about 8 million lines of code on the latest F-35 fighter jet.

Modern vehicles are adding a variety of wireless communications systems, such as onboard 4G LTE WiFi hot spots. Even the wireless tire pressure monitoring systems, or TPMS, required on all new vehicles, could give hackers a path into the vehicle, experts warn.

According to Saar Dickman, an executive with Harman International, the multinational electronics firm and CEO of TowerSec, the Israeli firm he founded that is considered a leader in vehicle electronic security, “You’re providing more services and more access… You want to embrace innovation, but you have to understand the risks that come with it.”

Towards the major cybersecurity conference scheduled for this coming week in Detroit, Fiat Chrysler Automobiles has announced a “bug bounty” for hackers who can find and help it patch vulnerabilities in its vehicles’ software.

“The idea is to go out to the hacker community itself and ask for help,” explained Casey Ellis, CEO and founder of Bugcrowd, a San Francisco-based collective that can draw on their knowledge and efforts of an estimated 32,000 hackers around the world. “Crowdsourcing is very effective when applied to this sort of problem.”

So far, most of the reported incidents have been the result of security experts uncovering vehicle vulnerabilities. That has led to recalls by a number of manufacturers including FCA and BMW, with Nissan shutting down a smartphone app used to control the Leaf battery-car because of potential problems.

The issue of cybersecurity “is real, critical, and here to stay,” warned Ellis, whose firm tries to harness hacker skills for good – but who admits one of the challenges is not opening the door for “black hat” hackers to find new ways to crack into vehicle software code.

The concern is that thieves might have found a way to pair their own electronic car keys with the digital engine control systems in the vehicles they target.

The situation is only getting worse, says Dickman. He and other experts point to a number of potential concerns: Hackers could take control of a vehicle remotely, shutting the vehicle down or causing steering or brakes to fail; that would become even more of a risk with self-driving vehicles, e.g. hackers will be able to kidnap or kill motorists by programming in their own destinations; and also personal data could become vulnerable.

Moreover, it’s also a challenge to set up anti-hacking systems that can be constantly updated to block newly discovered threats. Tesla has built into its battery-electric vehicles a system that allows it to use over-the-air, or OTA, updates, and that is likely to become the norm, rather than the exception in years to come. OTA also allows automakers to correct defective software code without issuing recalls forcing customer to drive into showroom service bays.
TowerSec and other cybersecurity firms are also working on new approaches, unique to automobiles, that would automatically lock out suspect software and revert to the original, factory code, if something unusual begins to happen.

I-HLS

« Cyber Insurance: A Digital Necessity
Cyber Spying All At Sea »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.