Car Hacking & Data Collection

In less than a decade, amazing driver-assist mechanisms and must-have infotainment systems have swept into the dashboards of many popular car models for sale today. And we’re just at the start of this trend. Connectivity, apps, smartphone integration and autonomous driving are on an upward sweep taking us toward widespread public use of driverless vehicles, just a few years away. 

As these developments unfold, the auto and tech industries, as well as US State and Federal Regulators, are scrambling to fully understand and address newfound safety and privacy concerns. 

“The threats to the connected cars of today, and to the autonomous cars of the future, include not only the vehicles, but also the ecosystem they operate in,” said Stacy Janes, chief security architect of the connected transport division of Irdeto, a supplier of software anti-piracy systems.

Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.
The core security and privacy challenges are daunting. A viable level of trust must be established between multiple connected systems intensively collecting a tsunami of sensitive data.

Interestingly, it is the same threshold of trust that must be met to bring the budding Internet of Things economy to full fruition.

Redoubled Innovation
Modern cars rely on a growing bank of computing devices called electronic control units, or ECUs, linked together to control braking, acceleration, steering, engine performance, door locks, climate control, navigation and infotainment.

In 2003, a model of the Toyota Prius came along that featured automatic parallel parking assistance. It took Ford and BMW six years to come up with something similar. And then the pace of innovation shifted into high gear. Today, parking-assist, lane-guidance and collision-avoidance systems are commonplace. Level 5 vehicles, in which human driving is completely eliminated, may arrive as soon as 2020. In the meantime, computer-assisted controls are becoming more pervasive even as infotainment systems are being continually upgraded. 

Safety First and Foremost
It has been more than three years since researchers Charlie Miller and Chris Valasek remotely hacked their Jeep Cherokee as an experiment. Using a laptop and sitting 10 miles distant, the duo took control of the digital display screen, engaged the brakes, cut the transmission and killed the engine.Since the Jeep hack, there have been a number of instances of hackers overcoming the electronic door locks of parked cars. But hacks of moving vehicles has mainly been done by researchers in controlled settings. 

Privacy Matters
USA Today has reported that rental-car companies routinely fail to delete personally identifiable information that renters type into infotainment systems. CBS News recently reported that carmakers have experimented with reselling blocks of location data to mapping vendors, stoking privacy advocates’ concerns about third parties moving to auction information collected from onboard cameras and sensors to the highest bidders.

Already, the move by 17 US States to restrict use of EDR-collected data is reinforcing criticism about the insurance industry leveraging data collected by connected vehicles in ways that might be unfair to individual citizens. 

Threatpost

You Might Also Read:

Cybersecurity In Self-Driving Cars:

« Triton Malware Is Spreading
Knowing How Your Data Behaves Is The Key To Cybersecurity »

Perimeter 81

Directory of Suppliers

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

Thursday, Jan 28, 2021 - Join this webinar to learn how to improve your Cloud Threat Intelligence (CTI) program by gathering critical cloud-specific event data in the AWS Cloud.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

OXITS

OXITS

OXITS provides end-to-end IoT security, authenticating device communications, protecting code, applications and securing devices from threats.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.