Cybersecurity researchers are increasingly concerned with Internet-connected vehicles. Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks. Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls braking, accelerating, steering, and other critical functions. Furthermore, these vulnerable systems were not limited to one brand or model of car. As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.
According to the public service bulletin, researchers could gain control over these critical safety functions by exploiting wireless communications vulnerabilities. According to the bulletin, despite remediating the wireless vulnerabilities, third party and aftermarket equipment and devices with the Internet or cellular access plugged into diagnostic ports could also introduce additional wireless vulnerabilities. By exploiting weaknesses in vehicles’ wireless communication and entertainment functions and connected to the controller area network (CAN), researchers were able to accomplish the following:
Target vehicle at 5-10 MPH
- Engine shutdown
- Break disablement
- Steering
Target vehicle at any speed:
- Door locks
- Turn signals
- Tachometer
- Radio
- HVAC
- GPS
While it is important to note that there have not been any reported incidents involving vehicles being hacked, manufacturers did issue a recall notice (NHTSA Recall Campaign Number: 15V461000) in order to remediate the vulnerabilities. The NHTSA and FBI provide additional tips and security awareness here.
According to Deloitte, the vast amount of software running in cars raises many concerns about the quality and security of the vehicle and everything connected to it. Manufacturers and suppliers will need to address these issues including cyber risk, building cybersecurity into software and component design lifecycles, monitoring the threat actors, and collect and share cyber threat intelligence.
Regardless if you are a vehicle manufacturer, Fortune 500 organization, or a small business, security is everyone’s responsibility. CyberSheath can help you on the path towards security maturity.