So what can be done about this increasingly serious issue?
Following this news, Brian Spector, CEO at MIRACL, comments:
“These hacks demonstrate the serious problems around identity verification in today’s connected cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today. Move forwards to the increasing trend for driverless cars, and the potential fallout from this lack of authentication becomes even more frightening.
For connected cars to become more secure, relationships must be established within each and every component within a vehicle, to ensure that only a legitimate operator can control the connected devices within a car. Given the huge number of components in connected cars, hackers usually find a pathway by following a ‘weakest link’ scenario which attacks the easiest point of entry to the vehicle. This problem is compounded by the array of parts that comprise a vehicle, and the lack of a security protocol that ensures they will all work together safely and securely.
The current security checks often fail because they rely on slow, centralised identity verification services. To connect the components more quickly and autonomously, manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service.
All of this requires a serious system upgrade and a greater drive for security awareness among manufacturers as well as consumers who use connected cars.”
Cesare Garlati, chief security strategist, prpl Foundation:
“Perhaps it goes without saying that the most dangerous part of the connected car is the “connected” part. Criminals, using a little lateral thinking, can use one part of the car’s anatomy to get to another. This could have dangerous consequences if hackers found their way into more critical functions, such as the brakes as researchers were able to do with the Tesla recently. The lack of subject matter expertise with mechanical and electrical engineers is leaving systems wide open to attack. While it’s unfair to expect them to shoulder this burden, it is also unfair to place the onus squarely on the consumer who is likely to know even less about security. This is something which vendors, regulators and manufacturers must carefully consider as the evolution of connected cars continues.
The prpl Foundation advocates three focus areas to make IoT more secure: using open source, forging a root of trust in hardware and security by separation. Interoperable open standards are the key requirement if we’re to improve IoT security– they will reduce that complexity by effectively outsourcing the trickiest work to the subject matter experts.”
Free Car Mag say: Don’t believe the self driving hype that Audi are pushing….be careful out there even if you are a dinosaur.