Solutions To Automotive Cyber Hacking Risks

Audi TT Infotainment Disply 

Hacking has become one of the auto industry’s biggest concerns, especially as modern cars add more electronic controls and infotainment systems. Last March, the FBI and US National Highway Traffic Safety Administration already warned that motor vehicles are “increasingly vulnerable” to hacking.

There are growing indications the “black hat” world of what’s known as the “dark internet” is shifting attention from computer and smartphone targets to automotive ones, according NBC News.

It’s not uncommon for a modern vehicle to use more than 100 million lines of code to control everything from the engine management system to the onboard infotainment technology. By comparison, there are about 8 million lines of code on the latest F-35 fighter jet.

Modern vehicles are adding a variety of wireless communications systems, such as onboard 4G LTE WiFi hot spots. Even the wireless tire pressure monitoring systems, or TPMS, required on all new vehicles, could give hackers a path into the vehicle, experts warn.

According to Saar Dickman, an executive with Harman International, the multinational electronics firm and CEO of TowerSec, the Israeli firm he founded that is considered a leader in vehicle electronic security, “You’re providing more services and more access… You want to embrace innovation, but you have to understand the risks that come with it.”

Towards the major cybersecurity conference scheduled for this coming week in Detroit, Fiat Chrysler Automobiles has announced a “bug bounty” for hackers who can find and help it patch vulnerabilities in its vehicles’ software.

“The idea is to go out to the hacker community itself and ask for help,” explained Casey Ellis, CEO and founder of Bugcrowd, a San Francisco-based collective that can draw on their knowledge and efforts of an estimated 32,000 hackers around the world. “Crowdsourcing is very effective when applied to this sort of problem.”

So far, most of the reported incidents have been the result of security experts uncovering vehicle vulnerabilities. That has led to recalls by a number of manufacturers including FCA and BMW, with Nissan shutting down a smartphone app used to control the Leaf battery-car because of potential problems.

The issue of cybersecurity “is real, critical, and here to stay,” warned Ellis, whose firm tries to harness hacker skills for good – but who admits one of the challenges is not opening the door for “black hat” hackers to find new ways to crack into vehicle software code.

The concern is that thieves might have found a way to pair their own electronic car keys with the digital engine control systems in the vehicles they target.

The situation is only getting worse, says Dickman. He and other experts point to a number of potential concerns: Hackers could take control of a vehicle remotely, shutting the vehicle down or causing steering or brakes to fail; that would become even more of a risk with self-driving vehicles, e.g. hackers will be able to kidnap or kill motorists by programming in their own destinations; and also personal data could become vulnerable.

Moreover, it’s also a challenge to set up anti-hacking systems that can be constantly updated to block newly discovered threats. Tesla has built into its battery-electric vehicles a system that allows it to use over-the-air, or OTA, updates, and that is likely to become the norm, rather than the exception in years to come. OTA also allows automakers to correct defective software code without issuing recalls forcing customer to drive into showroom service bays.
TowerSec and other cybersecurity firms are also working on new approaches, unique to automobiles, that would automatically lock out suspect software and revert to the original, factory code, if something unusual begins to happen.

I-HLS

« Cyber Insurance: A Digital Necessity
Cyber Spying All At Sea »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

SECURITI.ai

SECURITI.ai

SECURITI.ai's PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Downdetector

Downdetector

Downdetector helps people all over the world understand disruptions to vital services such as the internet, social media, web hosting platforms, banks, games, entertainment, and more.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.