Story image

The evolution of connected vehicles: Security critical when lives are at stake

30 May 17

The Cloud Security Alliance is taking a close look at connected car security and how it unfolds in the future, covering everything from design to possible ways attackers can take control.

The CSA released its first research report on the topic this month, titled Observations and Recommendations on Connected Vehicle Security, provides in-depth details about vehicle security connectivity design, possible attack vectors of concern and recommendations about how to better secure the environment.

The ultimate goal is to create a vehicle security design that can be flexible in adapting to future challenges and cognisant of unanticipated threats that disruptive technologies they bring.

“In the near future, connected vehicles will operate in a complex ecosystem that connecting vehicles not only with each other and the traffic infrastructure, but also with new forms of connectivity and relationships to cloud-based services, smart homes, and even smart cites,” comments Brian Russell, chair of the CSA IoT Working Group.

He believes that for a secure and safe system, policies, designs and operations that incorporate security must be implemented in the development stages.

Preventing systems from possible attack vectors must also be front of mind - the report proposed 20 different attack vectors and what could happen in each case.

Those attack vectors include monitoring the vehicle's messaging traffic, which could result in unauthorised tracking, reverse engineering firmware to hijack the safety-critical operations, and infecting it with malware to disable the vehicle entirely.

The report cites cases in which Fiat Chrysler recalled 1.4 million cars and trucks after hackers were able to remotely disrupt a Jeep Cherokee. In another attack, researchers managed to control a Tesla Model S car and turn it off at low speed. Tesla has fixed the issue.

“There are a number of motivations for bad actors to compromise connected vehicle components and technologies, ranging from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales,” explains John Yeoh, senior research analyst at the CSA.

“Only through the thoughtful use of disruptive technologies such as big data, machine learning and artificial intelligence can we help build a better, safer and more secure connected vehicle ecosystem.”

Even older cars that are being fitted with connected devices are not immune. Security researchers have been able to gain access to sensitive functions through direct or remote access, including USB, diagnostics, Bluetooth, wi-fi and infotainment consoles.

The report provides a number of recommendations, including strong boundary defence, interface filtering, securing update processes, aftermarket protection, data integrity, privacy protection, malware defence and continued R&D.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.