Internet Connected Cars Raise Concerns about Vulnerabilities

By Eric Noonan • April 29, 2016

Cybersecurity researchers are increasingly concerned with Internet-connected vehicles.  Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks.  Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls braking, accelerating, steering, and other critical functions.  Furthermore, these vulnerable systems were not limited to one brand or model of car.  As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.

According to the public service bulletin, researchers could gain control over these critical safety functions by exploiting wireless communications vulnerabilities.  According to the bulletin, despite remediating the wireless vulnerabilities, third party and aftermarket equipment and devices with the Internet or cellular access plugged into diagnostic ports could also introduce additional wireless vulnerabilities. By exploiting weaknesses in vehicles’ wireless communication and entertainment functions and connected to the controller area network (CAN), researchers were able to accomplish the following:

Target vehicle at 5-10 MPH

  • Engine shutdown
  • Break disablement
  • Steering

Target vehicle at any speed:

  • Door locks
  • Turn signals
  • Tachometer
  • Radio
  • HVAC
  • GPS

While it is important to note that there have not been any reported incidents involving vehicles being hacked, manufacturers did issue a recall notice (NHTSA Recall Campaign Number: 15V461000) in order to remediate the vulnerabilities.  The NHTSA and FBI provide additional tips and security awareness here.

According to Deloitte, the vast amount of software running in cars raises many concerns about the quality and security of the vehicle and everything connected to it.  Manufacturers and suppliers will need to address these issues including cyber risk, building cybersecurity into software and component design lifecycles, monitoring the threat actors, and collect and share cyber threat intelligence.

Regardless if you are a vehicle manufacturer, Fortune 500 organization, or a small business, security is everyone’s responsibility.  CyberSheath can help you on the path towards security maturity.

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO