Story image

Trend Micro & Panasonic launch mission to advance connected car security

15 Feb 2018

Trend Micro and Panasonic are on a joint mission to thwart cyber risks that jeopardise connected car safety - they will develop a solution that can stop attacks on Electronic Control Units (ECUs).

ECUs control driving behaviour such as acceleration, steering and braking, as well as in-vehicle systems such as navigation, telematics and infotainment systems.

Hackers could potentially take control of steering and braking systems in connected cars – a threat that is ‘very real’, Trend Micro says.

Similar risks have been demonstrated by security researchers Chris Valasek and Charlie Miller. They were able to successfully conduct a remote hack against a 2014 Jeep Cherokee without any physical access to the vehicle.

Security vulnerabilities are discovered daily and pose risks that could result in remote exploitation, Trend Micro says.

In a blog posted in August 2017, Trend Micro senior threat researcher Federico Maggi notes that many car hacking proof-of-concepts are ignored because they require physical access to the car, but the Jeep case in particular shows that is not the case anymore. Maggi also says even local attacks should not be disregarded.

“Traditionally, the scenario in which an attacker could access a car that way is not only rare, but is also very risky to the attacker. This may have been true back then, but with current transportation trends such as ride-sharing, carpooling, and car renting, the scenario where many people can have local access to the same car is now more commonplace. As such, a paradigm shift in terms of vehicle cybersecurity must happen,” Maggi says.

Trend Micro and Panasonic will design a solution that can detect and prevent the intrusions into ECUs. Panasonic’s Control Area Network intrusion detection and prevention technology and Trend Micro’s IoT Security will form the base of the solutions.

Panasonic’s intrusion and detection will be able to detect any unauthorised commands to ECUs related to driving control. Trend Micro’s IoT Security will provide security intelligence and malware analysis on in-vehicle infotainment devices and navigation systems to detect attacks via the internet.

The partnership will also seek to jointly collect security events for analysis in the cloud. This will help detect and block suspicious traffic.

The companies hope to progress the overall development of cybersecurity solutions for autonomous and connected cars, particularly for in-vehicle and cloud systems.

“It is more important than ever to not only implement security measures in each vehicle but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilise the results to implement countermeasures against cyber-attacks to all vehicles,” Trend Micro states.

Trend Micro and Panasonic hope to launch the security solution commercially after 2020.

ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.