Wednesday, August 9, 2017

Automotive Cyber Flaws

30 years ago, it could sound like a science fiction scenario but today we are moving slowly towards that point. Today automotive cyber flaw concept is a threat. It is only not that much widdespread.
 
Anything which has an IP address (IoT) is a target candidate of hackers. Naturally the "connected cars" aren't exception for this concept. A car which is connected to internet or to an intranet is defined as "connected car".
Think of that you are the main character of the following scenario: You own a connected car. It's a brand new, smart car. You paid a lot of bucks to buy it.
 
One day in the morning you got into your car and turned the car key as usual. But... Hey! It's not working. You tried it a couple of times but the engine couldn't be started. During that confusion and anger suddenly you noticed a message on the screen of your car. "Your car is compromised. Don't go to the police. The data in your car is encrypted. If you pay us blah blah..."
 
"What? What the hell does it mean now?" After a couple of phone calls you solved the puzzle. Gosh! Yeah! It was your turn to become a carsomware (car + ransomware) victim. The hackers requested 1,000USD to unlock your car. You called your contracted car service and they told you that they have to change the "brain unit" of your car and it will cost you about 2,000USD.
 
Now... The question is: Which choice would you prefer? Hackers' bid or your car service's offer?
This seems to be like a movie scenario today but we are getting closer to such troubles day after day.
 
There can be much more dangerous scenarios in car hacking than not being able to start the engine. Think of what can happen if the brakes of your car suddenly malfunctioned while you were driving with a speed of 120km/h (~75mph) in a crowded traffic.
 
DHS (Department of Homeland Security) warned the automotive industry against the automotive cyber flaws: https://fcw.com/articles/2017/08/03/auto-cyber-cert-rockwell.aspx
 
In one of the conferences In DEFCON 2017 (August 2nd) researchers presented a paper on "automobile system vulnerabilities": https://securingtomorrow.mcafee.com/mcafee-labs/defcon-connected-car-security/
Remarkable lines:
 
"According to Intel however, the 'connected car is already the third-fastest growing technological device after phones and tablets.' "
 
"Our connected cars today generate up to 4,000GB of data per 50Kb every second and using on-board cameras generates 20MB to 40MB per second."
 
"Fundamentally, a car is like a jigsaw puzzle with multiple components, so applying patches to cars the way we would a phone, for example, is not feasible."
 
If you want a cyber threats free car then I would recommend the following one. =))

No comments:

Post a Comment