Solutions To Automotive Cyber Hacking Risks

Uploaded on 2016-08-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel, TECHNOLOGY--Hackers

Audi TT Infotainment Disply 

Hacking has become one of the auto industry’s biggest concerns, especially as modern cars add more electronic controls and infotainment systems. Last March, the FBI and US National Highway Traffic Safety Administration already warned that motor vehicles are “increasingly vulnerable” to hacking.

There are growing indications the “black hat” world of what’s known as the “dark internet” is shifting attention from computer and smartphone targets to automotive ones, according NBC News.

It’s not uncommon for a modern vehicle to use more than 100 million lines of code to control everything from the engine management system to the onboard infotainment technology. By comparison, there are about 8 million lines of code on the latest F-35 fighter jet.

Modern vehicles are adding a variety of wireless communications systems, such as onboard 4G LTE WiFi hot spots. Even the wireless tire pressure monitoring systems, or TPMS, required on all new vehicles, could give hackers a path into the vehicle, experts warn.

According to Saar Dickman, an executive with Harman International, the multinational electronics firm and CEO of TowerSec, the Israeli firm he founded that is considered a leader in vehicle electronic security, “You’re providing more services and more access… You want to embrace innovation, but you have to understand the risks that come with it.”

Towards the major cybersecurity conference scheduled for this coming week in Detroit, Fiat Chrysler Automobiles has announced a “bug bounty” for hackers who can find and help it patch vulnerabilities in its vehicles’ software.

“The idea is to go out to the hacker community itself and ask for help,” explained Casey Ellis, CEO and founder of Bugcrowd, a San Francisco-based collective that can draw on their knowledge and efforts of an estimated 32,000 hackers around the world. “Crowdsourcing is very effective when applied to this sort of problem.”

So far, most of the reported incidents have been the result of security experts uncovering vehicle vulnerabilities. That has led to recalls by a number of manufacturers including FCA and BMW, with Nissan shutting down a smartphone app used to control the Leaf battery-car because of potential problems.

The issue of cybersecurity “is real, critical, and here to stay,” warned Ellis, whose firm tries to harness hacker skills for good – but who admits one of the challenges is not opening the door for “black hat” hackers to find new ways to crack into vehicle software code.

The concern is that thieves might have found a way to pair their own electronic car keys with the digital engine control systems in the vehicles they target.

The situation is only getting worse, says Dickman. He and other experts point to a number of potential concerns: Hackers could take control of a vehicle remotely, shutting the vehicle down or causing steering or brakes to fail; that would become even more of a risk with self-driving vehicles, e.g. hackers will be able to kidnap or kill motorists by programming in their own destinations; and also personal data could become vulnerable.

Moreover, it’s also a challenge to set up anti-hacking systems that can be constantly updated to block newly discovered threats. Tesla has built into its battery-electric vehicles a system that allows it to use over-the-air, or OTA, updates, and that is likely to become the norm, rather than the exception in years to come. OTA also allows automakers to correct defective software code without issuing recalls forcing customer to drive into showroom service bays.
TowerSec and other cybersecurity firms are also working on new approaches, unique to automobiles, that would automatically lock out suspect software and revert to the original, factory code, if something unusual begins to happen.

I-HLS

« Cyber Insurance: A Digital Necessity
Cyber Spying All At Sea »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

C5 Capital

C5 Capital

C5 Capital is a specialist investment firm that exclusively invests in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Infosec Institute

Infosec Institute

Infosec is a leading cybersecurity training company, we help IT and security professionals advance their careers with skills development and certifications.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.