Warning issued by FBI over dangers of car hacking – Naked Security
Naked Security
Post navigation
The FBI and the US National Highway Traffic Safety Administration have put out a public safety announcement about the dangers of cars getting hacked.
The bureau noted that risks come with the enhancing number of computers in vehicles, in the form of electronic control units (ECUs) that control a broad array of functions, from steering, braking, acceleration, on up to lights and windshield wipers.
Many of those components also have wireless capability, be it keyless entry, ignition control, tire pressure monitoring, and diagnostic, navigation, and entertainment systems.
Security researchers have been able to take over cars remotely because automakers don’t always do a good job at limiting how car systems interact with wireless communications. What’s more, even cars that aren’t internet-enabled can be taken over via third-party devices that introduce connectivity, such as through the diagnostics port.
When security hackers very first began remotely screwing with cars, sending them plowing out of parking lots and into the weeds by tinkering with speedometers, killing the engine or messing with brakes, the automobile industry said “Bah!”
“You needed physical access!” they scoffed. “Might as well say that crooks can cut cables if they’re nearby. Our cars are safe from purely remote attacks.”
Because crimson flags are joy to wave in front of security researchers.
Forward to now, and remote exploits have included security researchers Chris Valasek and Charlie Miller demonstrating how they could take over a two thousand fourteen Jeep Cherokee remotely, controlling the car’s brakes, accelerator, steering and more by wireless connection.
Good thing autonomous, driverless cars are immune from hacking, right?
Not necessarily. A researcher has proved that self-driving cars can be coerced to stop all of a sudden with a laser pointer.
Sophos Home
Free home computer security software for all the family
These exploits have made the auto industry sit up and take notice. For one thing, the exploit on the Jeep last year led to more than one million Fiat Chrysler vehicles being recalled for patching. While, this past autumn, the US government and the state of Virginia sponsored research into cybersecurity for police cruisers.
Car makers General Motors and Tesla have launched bug bounty programs, Congress has quizzed automakers about how safe their cars are against cyber attacks, and car-hacking abilities have turned into a hot commodity at garments like Uber and Canada’s defense research arm.
Another lump of reassuring news: this past week, twenty automakers announced that automatic emergency braking would be standard in 99% of cars by 2022.
Mind you, the dangers of cyber attacks on cars has all been theoretical so far: at this point, there’ve been no real-world attacks, as far as we know.
Only security researchers have managed to send cars into the weeds.
If anybody suspects that their connected car has been tampered with remotely, the FBI asks that they get in touch.
The FBI gave this list of tips for consumers to mitigate cybersecurity risks:
- Ensure your vehicle software is up to date. Be cautious about the potential for criminals to exploit online update delivery, however: as the FBI points out, they could send socially engineered messages rigged to look like they’re update messages from automakers that actually lead to malware downloads.
- Be careful when making any modifications to vehicle software. Modifications could introduce fresh vulnerabilities or alter automatic software update installation.
- Maintain awareness and exercise discretion when connecting third-party devices to your vehicle. There’s been a acute rise in third-party devices that can be plugged into the diagnostics port. We’ve already seen that insurance dongles, for one, could lead to a privacy wreck. (On the roll side of the coin, researchers have also come up with a dongle that monitors the diagnostics port and detects any hacking devices plugged in, blocks attacks and collects attack forensic data.)
- Be aware of who has physical access to your vehicle. Just like you wouldn’t (or at least shouldn’t!) leave a PC or phone lounging around unlocked, be aware of who can get at your car. Nowadays, connected cars are, after all, akin to those devices.
Warning issued by FBI over dangers of car hacking – Naked Security
Naked Security
Post navigation
The FBI and the US National Highway Traffic Safety Administration have put out a public safety announcement about the dangers of cars getting hacked.
The bureau noted that risks come with the enhancing number of computers in vehicles, in the form of electronic control units (ECUs) that control a broad array of functions, from steering, braking, acceleration, on up to lights and windshield wipers.
Many of those components also have wireless capability, be it keyless entry, ignition control, tire pressure monitoring, and diagnostic, navigation, and entertainment systems.
Security researchers have been able to take over cars remotely because automakers don’t always do a good job at limiting how car systems interact with wireless communications. What’s more, even cars that aren’t internet-enabled can be taken over via third-party devices that introduce connectivity, such as through the diagnostics port.
When security hackers very first embarked remotely screwing with cars, sending them plowing out of parking lots and into the weeds by tinkering with speedometers, killing the engine or messing with brakes, the automobile industry said “Bah!”
“You needed physical access!” they scoffed. “Might as well say that crooks can cut cables if they’re nearby. Our cars are safe from purely remote attacks.”
Because crimson flags are joy to wave in front of security researchers.
Forward to now, and remote exploits have included security researchers Chris Valasek and Charlie Miller demonstrating how they could take over a two thousand fourteen Jeep Cherokee remotely, controlling the car’s brakes, accelerator, steering and more by wireless connection.
Good thing autonomous, driverless cars are immune from hacking, right?
Not necessarily. A researcher has proved that self-driving cars can be coerced to stop all of a sudden with a laser pointer.
Sophos Home
Free home computer security software for all the family
These exploits have made the auto industry sit up and take notice. For one thing, the exploit on the Jeep last year led to more than one million Fiat Chrysler vehicles being recalled for patching. While, this past autumn, the US government and the state of Virginia sponsored research into cybersecurity for police cruisers.
Car makers General Motors and Tesla have launched bug bounty programs, Congress has quizzed automakers about how safe their cars are against cyber attacks, and car-hacking abilities have turned into a hot commodity at garments like Uber and Canada’s defense research arm.
Another chunk of reassuring news: this past week, twenty automakers announced that automatic emergency braking would be standard in 99% of cars by 2022.
Mind you, the dangers of cyber attacks on cars has all been theoretical so far: at this point, there’ve been no real-world attacks, as far as we know.
Only security researchers have managed to send cars into the weeds.
If anybody suspects that their connected car has been tampered with remotely, the FBI asks that they get in touch.
The FBI gave this list of tips for consumers to mitigate cybersecurity risks:
- Ensure your vehicle software is up to date. Be cautious about the potential for criminals to exploit online update delivery, tho’: as the FBI points out, they could send socially engineered messages rigged to look like they’re update messages from automakers that actually lead to malware downloads.
- Be careful when making any modifications to vehicle software. Modifications could introduce fresh vulnerabilities or alter automatic software update installation.
- Maintain awareness and exercise discretion when connecting third-party devices to your vehicle. There’s been a acute rise in third-party devices that can be plugged into the diagnostics port. We’ve already seen that insurance dongles, for one, could lead to a privacy wreck. (On the roll side of the coin, researchers have also come up with a dongle that monitors the diagnostics port and detects any hacking devices plugged in, blocks attacks and collects attack forensic data.)
- Be aware of who has physical access to your vehicle. Just like you wouldn’t (or at least shouldn’t!) leave a PC or phone lounging around unlocked, be aware of who can get at your car. Nowadays, connected cars are, after all, akin to those devices.