Vulnerabilities / Threats

5/6/2016
10:00 AM
Eric Friedberg
Eric Friedberg
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Connected Cars: Strategies For Reducing The Ever-Expanding Risk

The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.

As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie." They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.

In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.

This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.

Understanding The Attack Surface

A connected car’s attack surface is broad and continuously changing. For example:

Corporate networks: Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cybercriminal a foothold into the entire corporate network. Attackers could then seek to escalate privileges to obtain broad access to protected resources such as the software development environment or other sensitive information about the car and customer information. Once broad privileges are obtained, hackers can discretely perform unauthorized actions including stealing, deleting, or corrupting data, as they have in high-profile retail, healthcare, manufacturing, and pharma cases over the past several years.

Manufacturing networks: Other industries have experienced attacks by cybercriminals -- including nation states -- targeting industrial control systems to destroy equipment, disrupt operations, and corrupt data. Once a hacker has breached an organization, she/he can use the company’s own software distribution tools to broadly push out malware and other back-door laden software, even to the cars themselves.

Cars: Cellular, Bluetooth, and infrared key fob technologies provide interfaces over which hackers can gain remote control. The information flowing to and from the car has already been the subject of successful hacks.

Aftermarket networks: Devices and applications substantially expand and change the attack surface. Besides reverse engineering applications, hackers can socially engineer a breach by mailing infected dongles disguised as software upgrades, safe driving add-ons, or fleet-management tools packaged like they are from the manufacturer, tricking drivers into inserting the dongle into the car’s On Board Diagnostic port.

Internal and External Threats: Automakers can better understand their risks and prioritize security efforts by understanding the most likely attacker motives. For example, the Jeep hack resulted in a recall of approximately 11 million vehicles, and Chrysler’s stock dropped 6.4% the day after the recall, before rebounding. An enterprising criminal could use that window to short-sell the stock before the hack and make millions. Alternatively, hacktivists could also publicize vulnerabilities as a means of protest, using public fear and the market as a political tool. In a worst-case scenario, terrorists could use remote control to cause injury.

Within the car industry, security executives must take an integrated – not siloed – approach to managing risk because once inside any of the networks below, attackers can pivot into any other. As the connected car market evolves, so too will attacker motives and attack vectors. This will require mature threat assessments and intelligence programs that identify and rank threats by relevance to sector-specific data, company-specific data (including a company’s history with certain attack or protest groups), geo-political trends, and the security posture of the company’s vehicles. It is only in the context of such a program that companies can align their security efforts with the most likely threats and budget accordingly.

A Holistic Approach to Governance

Modern cyber governance requires a top-down approach and dedicated investment. Automakers must assess the organizational structures that underlie their risk mitigation efforts and the processes they use to identify risks. Security officers will need to: 

  • Eliminate silos by pursuing a holistic approach to securing interconnected corporate, manufacturing, vehicle management, supply chain, and aftermarket networks. This will include exercises that force groups to work collaboratively and strong leadership from a central executive function, such as the CISO, responsible for risk across all components and departments.
  • Instill a security culture that values routinely exposing vulnerabilities in order to create a robust cybersecurity posture by running ethical hacking exercises and studying potential criminal behavior. Look to professionals for this – people who know exactly how real hackers exploit technology and human weaknesses to achieve their goals, and have no intra-corporate political constraints on what code or processes they are willing to break or challenge.
  • Create a continuous cycle of improvement by identifying, exploiting, and remediating vulnerabilities. Then repeat. Hackers always seek new exploits. To stay ahead, so should automakers.

Such a resilience-building model that unifies the security ecosystem and continuously seeks to identify possible new exploits is the best way for automakers to keep their customers safe and mitigate their own enterprise risk. Automakers must, in essence, hack themselves.  

Related Content:

Eric Friedberg is executive chairman of cybersecurity and risk consulting firm Stroz Friedberg. Mr. Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. He ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
haq4good
50%
50%
haq4good,
User Rank: Apprentice
5/15/2016 | 3:41:03 AM
Re: No remote access while in motion?
If no remote access whilst in motion, this would require a physical solution.  Some sort of inertial switch that has no electronic intercept.  Otherwise it can be bypassed when the car is not in motion (which is most of the time), so that it does not activate the defence when in motion.

A physical solution may be damaged by road activities.  Yet another thing in the car that breaks.
Forkeded48
50%
50%
Forkeded48,
User Rank: Apprentice
5/11/2016 | 4:44:05 PM
Re: No remote access while in motion?
I am very eager to try these new cars in real situation. But it will require a lot of administrative and security work to launch them at large scale.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/9/2016 | 7:50:16 AM
No remote access while in motion?
Although I am concerned about car hacking, which is more likely to become problematic as cars become more connected, as with every piece of tech out there, I do wonder if one way to mitigate a lot of potential issues would be to disable all forms of wireless access while the vehicle is in motion.

If parts of its systems are locked down remote assistance is disabled while a car is in motion, would we not be able to avoid any such issues of mid-drive hacking?

Similarly so, requiring the use of a local hardware 'key' before remote administative tasks are performed could also cut back on pre-drive hacking I would imagine.

Are car companies looking to put such measures in place?
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.