Story image

Trend Micro & Panasonic launch mission to advance connected car security

15 Feb 18

Trend Micro and Panasonic are on a joint mission to thwart cyber risks that jeopardise connected car safety - they will develop a solution that can stop attacks on Electronic Control Units (ECUs).

ECUs control driving behaviour such as acceleration, steering and braking, as well as in-vehicle systems such as navigation, telematics and infotainment systems.

Hackers could potentially take control of steering and braking systems in connected cars – a threat that is ‘very real’, Trend Micro says.

Similar risks have been demonstrated by security researchers Chris Valasek and Charlie Miller. They were able to successfully conduct a remote hack against a 2014 Jeep Cherokee without any physical access to the vehicle.

Security vulnerabilities are discovered daily and pose risks that could result in remote exploitation, Trend Micro says.

In a blog posted in August 2017, Trend Micro senior threat researcher Federico Maggi notes that many car hacking proof-of-concepts are ignored because they require physical access to the car, but the Jeep case in particular shows that is not the case anymore. Maggi also says even local attacks should not be disregarded.

“Traditionally, the scenario in which an attacker could access a car that way is not only rare, but is also very risky to the attacker. This may have been true back then, but with current transportation trends such as ride-sharing, carpooling, and car renting, the scenario where many people can have local access to the same car is now more commonplace. As such, a paradigm shift in terms of vehicle cybersecurity must happen,” Maggi says.

Trend Micro and Panasonic will design a solution that can detect and prevent the intrusions into ECUs. Panasonic’s Control Area Network intrusion detection and prevention technology and Trend Micro’s IoT Security will form the base of the solutions.

Panasonic’s intrusion and detection will be able to detect any unauthorised commands to ECUs related to driving control. Trend Micro’s IoT Security will provide security intelligence and malware analysis on in-vehicle infotainment devices and navigation systems to detect attacks via the internet.

The partnership will also seek to jointly collect security events for analysis in the cloud. This will help detect and block suspicious traffic.

The companies hope to progress the overall development of cybersecurity solutions for autonomous and connected cars, particularly for in-vehicle and cloud systems.

“It is more important than ever to not only implement security measures in each vehicle but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilise the results to implement countermeasures against cyber-attacks to all vehicles,” Trend Micro states.

Trend Micro and Panasonic hope to launch the security solution commercially after 2020.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.