Thursday, March 28, 2024

The Relatively Unknown Car Hacking Threat

Right now, automotive cybersecurity has to be considered a challenge. Automakers need to protect the vehicles they sell and hackers actively pursue vehicles as a hacking target. At the same time, most car owners do not know how vulnerable they are and how personal security is under attack.

According to Alissa Knight, security expert, cars are practically networks on wheels. At the same time, the huge problem is that customers do not really have many options when referring to vehicle security. You practically buy a vehicle and you are left with having to protect it alone.

Unfortunately, the only thing that we can do is to rely on the automakers. Also, it is very important that we get protected by everything we can, from something as simple as Mazda extended warranty options to specific insurance policies that cover against hacking. With the latter, things can be complicated since not many insurance providers actually offer such an opportunity.

We should understand that suppliers are highly limited in terms of what security can be offered to the automakers. It is not possible to harden codes on vehicles because these codes are the property of the automakers. Suppliers can only build devices that can monitor or/add block all inappropriate traffic.

To put things as simple as possible, the automakers own the coding used in cars. The companies that want to increase the security of the vehicles need to gain access to that code. Without the access, they can just do some simple things, like adding a firewall and limiting how a vehicle connects to the internet.

Everyday drivers have to understand the risks associated with driving a modern vehicle but this will take time. Most people do not really understand personal computers and associated security risks. Just think about the fact that these have been very common for thirty years or more. The number of people that ask the right questions, like whether or not the head unit can communicate with all life-safety units in a proper, secured way, is limited. This was also true in the past whenever something new was developed.

What is certain right now is that in the near future, it is impossible to have a 100% secured vehicle. At the same time, the coronavirus pandemic stopped many businesses in the security industry to stop hacking.

A spokesperson for GuardKnox, Israeli security company, declared that their product is not currently used in vehicles and that announcements for partnerships with carmakers will follow, even if evolution happens at a slow pace, with the company being launched in 2015.

A huge problem with automakers is that they seem to be much more interested right now in keeping their technology secret. The excuse is that car IT security is a very sensitive topic. Many security experts say that the real reason why automakers do not want to talk about vehicle security is that they do not want to end up being sued.

GuardKnox is a very interesting solution that was created because of the belief that there needs to be a separation between the systems that are critical for safety and all the other ones used inside vehicles. This can be very useful. For instance, when the car’s infotainment system is hacked, the hacker would not be able to get access to other systems if a solution like GuardKnox is in place. To put it as simple as possible, this security solution aims to protect vehicle communication.

To sum up, car hacking is a huge threat for people but few automakers are aware of it. Make sure you stay up-to-date with everything that happens.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles