Internet Connected Cars Raise Concerns about Vulnerabilities

By Eric Noonan • April 29, 2016

Cybersecurity researchers are increasingly concerned with Internet-connected vehicles.  Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks.  Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls braking, accelerating, steering, and other critical functions.  Furthermore, these vulnerable systems were not limited to one brand or model of car.  As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.

According to the public service bulletin, researchers could gain control over these critical safety functions by exploiting wireless communications vulnerabilities.  According to the bulletin, despite remediating the wireless vulnerabilities, third party and aftermarket equipment and devices with the Internet or cellular access plugged into diagnostic ports could also introduce additional wireless vulnerabilities. By exploiting weaknesses in vehicles’ wireless communication and entertainment functions and connected to the controller area network (CAN), researchers were able to accomplish the following:

Target vehicle at 5-10 MPH

  • Engine shutdown
  • Break disablement
  • Steering

Target vehicle at any speed:

  • Door locks
  • Turn signals
  • Tachometer
  • Radio
  • HVAC
  • GPS

While it is important to note that there have not been any reported incidents involving vehicles being hacked, manufacturers did issue a recall notice (NHTSA Recall Campaign Number: 15V461000) in order to remediate the vulnerabilities.  The NHTSA and FBI provide additional tips and security awareness here.

According to Deloitte, the vast amount of software running in cars raises many concerns about the quality and security of the vehicle and everything connected to it.  Manufacturers and suppliers will need to address these issues including cyber risk, building cybersecurity into software and component design lifecycles, monitoring the threat actors, and collect and share cyber threat intelligence.

Regardless if you are a vehicle manufacturer, Fortune 500 organization, or a small business, security is everyone’s responsibility.  CyberSheath can help you on the path towards security maturity.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security