Saturday, June 22, 2024

The Relatively Unknown Car Hacking Threat

Right now, automotive cybersecurity has to be considered a challenge. Automakers need to protect the vehicles they sell and hackers actively pursue vehicles as a hacking target. At the same time, most car owners do not know how vulnerable they are and how personal security is under attack.

According to Alissa Knight, security expert, cars are practically networks on wheels. At the same time, the huge problem is that customers do not really have many options when referring to vehicle security. You practically buy a vehicle and you are left with having to protect it alone.

Unfortunately, the only thing that we can do is to rely on the automakers. Also, it is very important that we get protected by everything we can, from something as simple as Mazda extended warranty options to specific insurance policies that cover against hacking. With the latter, things can be complicated since not many insurance providers actually offer such an opportunity.

We should understand that suppliers are highly limited in terms of what security can be offered to the automakers. It is not possible to harden codes on vehicles because these codes are the property of the automakers. Suppliers can only build devices that can monitor or/add block all inappropriate traffic.

To put things as simple as possible, the automakers own the coding used in cars. The companies that want to increase the security of the vehicles need to gain access to that code. Without the access, they can just do some simple things, like adding a firewall and limiting how a vehicle connects to the internet.

Everyday drivers have to understand the risks associated with driving a modern vehicle but this will take time. Most people do not really understand personal computers and associated security risks. Just think about the fact that these have been very common for thirty years or more. The number of people that ask the right questions, like whether or not the head unit can communicate with all life-safety units in a proper, secured way, is limited. This was also true in the past whenever something new was developed.

What is certain right now is that in the near future, it is impossible to have a 100% secured vehicle. At the same time, the coronavirus pandemic stopped many businesses in the security industry to stop hacking.

A spokesperson for GuardKnox, Israeli security company, declared that their product is not currently used in vehicles and that announcements for partnerships with carmakers will follow, even if evolution happens at a slow pace, with the company being launched in 2015.

A huge problem with automakers is that they seem to be much more interested right now in keeping their technology secret. The excuse is that car IT security is a very sensitive topic. Many security experts say that the real reason why automakers do not want to talk about vehicle security is that they do not want to end up being sued.

GuardKnox is a very interesting solution that was created because of the belief that there needs to be a separation between the systems that are critical for safety and all the other ones used inside vehicles. This can be very useful. For instance, when the car’s infotainment system is hacked, the hacker would not be able to get access to other systems if a solution like GuardKnox is in place. To put it as simple as possible, this security solution aims to protect vehicle communication.

To sum up, car hacking is a huge threat for people but few automakers are aware of it. Make sure you stay up-to-date with everything that happens.

Website

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles