Just in:
Hope for Respite as UAE Endorses UN Plea for Gaza Truce // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // Universal Language for Healthcare: General Authority Embraces Global Coding System // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // Emirati Aid Reaches Ukraine as Food Shortages Bite // Emirates Post Speeds Up Deliveries for GCC with Special Day // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // No running of govt from jail, says Delhi Lt Governor // Hullabaloo About Electoral Bonds May End Up As A Whimper Pre And Post Poll // Renewables Surge Sets Record, But Global Equity Lags // Experts come together to support updating the city’s nature conservation masterplan // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update //
HomeBiz TechPlug car security holes before self-driving vehicles arrive, industry warned

Plug car security holes before self-driving vehicles arrive, industry warned

1484439401 istock 470199746

istock-470199746.jpg

iStockphoto

Car makers need to improve the security of today’s connected cars before the arrival of self-driving cars, according to Europe’s cyber security agency.

“Over the last few years, there have been many publications on attacks against smart cars, many of which have resulted in reputational damage for car manufacturers. The impact of attacks on a smart car has far-reaching consequences in terms of safety, while the cost of cyber security is becoming an issue for car manufacturers. The risk to the driver, passengers and other users of roads makes it a matter of national and European interest,” said the report from Enisa.

ADVERTISEMENT

Its executive director Udo Helmbrecht said: “We need to bring together all European automotive industry actors to secure smart cars today, for safer autonomous cars tomorrow.”

The report warned that while the automotive industry has a long-standing expertise in car safety, many security issues of connected systems in cars and their potential impact on car safety are not yet properly taken into account. It lists a number of potential risks including:

  • No in-depth strategy during the design of the system, such as a secure boot process.
  • No security- or privacy-by-design, which means more information than is really needed may be exported outside of the car to third parties.
  • Lack of communication protection, on internal as well as external interfaces.
  • Lack of authentication and authorization, especially for privileged access to vital embedded Electronic Control Units, for example no validation or signing of firmware updates, and updates that happen without server authentication.
  • Lack of hardening, for example a lack of data execution prevention or attack mitigation technologies used on firmware, while ECU services are exposed through different entry points, and even unnecessary communication ports are left open.
  • Lack of diagnosis / response capabilities.

“Some manufacturers do not perform frequent software updates, thus exposing automotive devices to known vulnerabilities (for instance in software frameworks, such as a SSL library or browser library). Such updates, even if released in due time by manufacturers, are still seldom deployed over-the-air and may require the car owner to use a USB stick for installing the update or to go a car dealership garage,” the report said.

One positive note: recent moves by software companies, as well as traditional automotive manufacturers, to develop smart cars may change attitudes towards security, making firms more open to ideas like collaboration with “white hats” or the implementation of bug bounty programs.

Who gets the blame when things go wrong is also an issue, thanks to the interconnected nature of the systems within a car.

“There is no chance to enforce a perfect isolation between driving, debug and infotainment (or connected) systems, which means that vulnerabilities from any actor, including aftermarket components, may allow compromising safety- related features of a vehicle. In this context, there is a need to clarify the liability of each actor in case of a security event,” the report warned.

The study suggests the following recommendations, to increase cyber security in smart cars in Europe:

  • Improve information sharing amongst industry actors.
  • Achieve consensus on technical standards for good practices.
  • Clarify cyber security liability among industry actors.

More on in-car tech

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Emirati Aid Reaches Ukraine as Food Shortages Bite // Party Nominees Refusing To Contest: Major Perception Threat For BJP // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // German Job Market Resilience Bodes Well for Economic Recovery // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Universal Language for Healthcare: General Authority Embraces Global Coding System // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // Ingdan Announces 2023 Annual Results // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Experts come together to support updating the city’s nature conservation masterplan // No running of govt from jail, says Delhi Lt Governor // US reiterates concern over Kejriwal arrest, Cong accounts //