Internet Connected Cars Raise Concerns about Vulnerabilities

By Eric Noonan • April 29, 2016

Cybersecurity researchers are increasingly concerned with Internet-connected vehicles.  Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks.  Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls braking, accelerating, steering, and other critical functions.  Furthermore, these vulnerable systems were not limited to one brand or model of car.  As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.

According to the public service bulletin, researchers could gain control over these critical safety functions by exploiting wireless communications vulnerabilities.  According to the bulletin, despite remediating the wireless vulnerabilities, third party and aftermarket equipment and devices with the Internet or cellular access plugged into diagnostic ports could also introduce additional wireless vulnerabilities. By exploiting weaknesses in vehicles’ wireless communication and entertainment functions and connected to the controller area network (CAN), researchers were able to accomplish the following:

Target vehicle at 5-10 MPH

  • Engine shutdown
  • Break disablement
  • Steering

Target vehicle at any speed:

  • Door locks
  • Turn signals
  • Tachometer
  • Radio
  • HVAC
  • GPS

While it is important to note that there have not been any reported incidents involving vehicles being hacked, manufacturers did issue a recall notice (NHTSA Recall Campaign Number: 15V461000) in order to remediate the vulnerabilities.  The NHTSA and FBI provide additional tips and security awareness here.

According to Deloitte, the vast amount of software running in cars raises many concerns about the quality and security of the vehicle and everything connected to it.  Manufacturers and suppliers will need to address these issues including cyber risk, building cybersecurity into software and component design lifecycles, monitoring the threat actors, and collect and share cyber threat intelligence.

Regardless if you are a vehicle manufacturer, Fortune 500 organization, or a small business, security is everyone’s responsibility.  CyberSheath can help you on the path towards security maturity.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO