Car Hacking & Data Collection

Uploaded on 2019-03-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the start of this trend. Connectivity, apps, smartphone integration and autonomous driving are on an upward sweep taking us toward widespread public use of driverless vehicles, just a few years away. 

As these developments unfold, the auto and tech industries, as well as US State and Federal Regulators, are scrambling to fully understand and address newfound safety and privacy concerns. 

“The threats to the connected cars of today, and to the autonomous cars of the future, include not only the vehicles, but also the ecosystem they operate in,” said Stacy Janes, chief security architect of the connected transport division of Irdeto, a supplier of software anti-piracy systems.

Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.
The core security and privacy challenges are daunting. A viable level of trust must be established between multiple connected systems intensively collecting a tsunami of sensitive data.

Interestingly, it is the same threshold of trust that must be met to bring the budding Internet of Things economy to full fruition.

Redoubled Innovation
Modern cars rely on a growing bank of computing devices called electronic control units, or ECUs, linked together to control braking, acceleration, steering, engine performance, door locks, climate control, navigation and infotainment.

In 2003, a model of the Toyota Prius came along that featured automatic parallel parking assistance. It took Ford and BMW six years to come up with something similar. And then the pace of innovation shifted into high gear. Today, parking-assist, lane-guidance and collision-avoidance systems are commonplace. Level 5 vehicles, in which human driving is completely eliminated, may arrive as soon as 2020. In the meantime, computer-assisted controls are becoming more pervasive even as infotainment systems are being continually upgraded. 

Safety First and Foremost
It has been more than three years since researchers Charlie Miller and Chris Valasek remotely hacked their Jeep Cherokee as an experiment. Using a laptop and sitting 10 miles distant, the duo took control of the digital display screen, engaged the brakes, cut the transmission and killed the engine.Since the Jeep hack, there have been a number of instances of hackers overcoming the electronic door locks of parked cars. But hacks of moving vehicles has mainly been done by researchers in controlled settings. 

Privacy Matters
USA Today has reported that rental-car companies routinely fail to delete personally identifiable information that renters type into infotainment systems. CBS News recently reported that carmakers have experimented with reselling blocks of location data to mapping vendors, stoking privacy advocates’ concerns about third parties moving to auction information collected from onboard cameras and sensors to the highest bidders.

Already, the move by 17 US States to restrict use of EDR-collected data is reinforcing criticism about the insurance industry leveraging data collected by connected vehicles in ways that might be unfair to individual citizens. 

Threatpost

You Might Also Read:

Cybersecurity In Self-Driving Cars:

« Triton Malware Is Spreading
Knowing How Your Data Behaves Is The Key To Cybersecurity »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.