Connected cars could be massive cyber security risk
Manufacturers have been warned that design flaws could allow hackers to take control of vehicles.
A whitepaper by the cybersecurity division of IOActive reported that half of cyber vulnerabilities found in leading manufacturer designs could be exploited in this way.
It also found that 71 per cent of vulnerabilities could be exploited without much difficulty or are almost certain to be exploited as knowledge of it is in the public domain.
The research in the ‘Commonalities in Vehicle Vulnerabilities’ whitepaper was based on real-world security assessments and three years’ worth of data and active vulnerabilities.
Technologies which could be targeted by hackers include cellular radio, Bluetooth, Vehicle to Vehicle (V2V) Radio, on-board diagnostics equipment, Wi-Fi, Infotainment Media, ZigbeeRadio and companion apps.
“The days when a rogue street urchin wielding a coat hanger was the main threat to vehicle security are long gone,” said the research’s author Corey Thuen, senior security consultant at IOActive.
“As the report shows, we have uncovered a number of ‘hair-on-fire’ vulnerabilities that could easily be exploited at any moment.
“Manufacturers really need to wake up to the risks they face in the connected world.”
A BusinessCloud roundtable talked through some of the problems with the rise in the Internet of Things.
Thuen added that the majority of vulnerabilities could not be solved down the line and were dependent on sound engineering, software development practices and cyber security best practices to protect customers.
“The most effective cyber security work occurs during the planning, design and early implementation phases of the products, with the difficulty and cost of remediation increasing in correlation with product age and complexity,” he said.
Thuen said that failure to address the issue in this way could lead to product recalls and leave manufacturers in financial trouble.
Businesses have been warned that a security flaw in Android devices exposes them to cyber attacks.
And after a fightback against the huge rise in ransomware, companies could soon see more and malicious attacks.