Vulnerabilities / Threats
5/6/2016
10:00 AM
Eric Friedberg
Eric Friedberg
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Connected Cars: Strategies For Reducing The Ever-Expanding Risk

The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.

As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie." They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.

In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.

This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.

Understanding The Attack Surface

A connected car’s attack surface is broad and continuously changing. For example:

Corporate networks: Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cybercriminal a foothold into the entire corporate network. Attackers could then seek to escalate privileges to obtain broad access to protected resources such as the software development environment or other sensitive information about the car and customer information. Once broad privileges are obtained, hackers can discretely perform unauthorized actions including stealing, deleting, or corrupting data, as they have in high-profile retail, healthcare, manufacturing, and pharma cases over the past several years.

Manufacturing networks: Other industries have experienced attacks by cybercriminals -- including nation states -- targeting industrial control systems to destroy equipment, disrupt operations, and corrupt data. Once a hacker has breached an organization, she/he can use the company’s own software distribution tools to broadly push out malware and other back-door laden software, even to the cars themselves.

Cars: Cellular, Bluetooth, and infrared key fob technologies provide interfaces over which hackers can gain remote control. The information flowing to and from the car has already been the subject of successful hacks.

Aftermarket networks: Devices and applications substantially expand and change the attack surface. Besides reverse engineering applications, hackers can socially engineer a breach by mailing infected dongles disguised as software upgrades, safe driving add-ons, or fleet-management tools packaged like they are from the manufacturer, tricking drivers into inserting the dongle into the car’s On Board Diagnostic port.

Internal and External Threats: Automakers can better understand their risks and prioritize security efforts by understanding the most likely attacker motives. For example, the Jeep hack resulted in a recall of approximately 11 million vehicles, and Chrysler’s stock dropped 6.4% the day after the recall, before rebounding. An enterprising criminal could use that window to short-sell the stock before the hack and make millions. Alternatively, hacktivists could also publicize vulnerabilities as a means of protest, using public fear and the market as a political tool. In a worst-case scenario, terrorists could use remote control to cause injury.

Within the car industry, security executives must take an integrated – not siloed – approach to managing risk because once inside any of the networks below, attackers can pivot into any other. As the connected car market evolves, so too will attacker motives and attack vectors. This will require mature threat assessments and intelligence programs that identify and rank threats by relevance to sector-specific data, company-specific data (including a company’s history with certain attack or protest groups), geo-political trends, and the security posture of the company’s vehicles. It is only in the context of such a program that companies can align their security efforts with the most likely threats and budget accordingly.

A Holistic Approach to Governance

Modern cyber governance requires a top-down approach and dedicated investment. Automakers must assess the organizational structures that underlie their risk mitigation efforts and the processes they use to identify risks. Security officers will need to: 

  • Eliminate silos by pursuing a holistic approach to securing interconnected corporate, manufacturing, vehicle management, supply chain, and aftermarket networks. This will include exercises that force groups to work collaboratively and strong leadership from a central executive function, such as the CISO, responsible for risk across all components and departments.
  • Instill a security culture that values routinely exposing vulnerabilities in order to create a robust cybersecurity posture by running ethical hacking exercises and studying potential criminal behavior. Look to professionals for this – people who know exactly how real hackers exploit technology and human weaknesses to achieve their goals, and have no intra-corporate political constraints on what code or processes they are willing to break or challenge.
  • Create a continuous cycle of improvement by identifying, exploiting, and remediating vulnerabilities. Then repeat. Hackers always seek new exploits. To stay ahead, so should automakers.

Such a resilience-building model that unifies the security ecosystem and continuously seeks to identify possible new exploits is the best way for automakers to keep their customers safe and mitigate their own enterprise risk. Automakers must, in essence, hack themselves.  

Related Content:

Eric Friedberg is executive chairman of cybersecurity and risk consulting firm Stroz Friedberg. Mr. Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. He ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
haq4good
50%
50%
haq4good,
User Rank: Apprentice
5/15/2016 | 3:41:03 AM
Re: No remote access while in motion?
If no remote access whilst in motion, this would require a physical solution.  Some sort of inertial switch that has no electronic intercept.  Otherwise it can be bypassed when the car is not in motion (which is most of the time), so that it does not activate the defence when in motion.

A physical solution may be damaged by road activities.  Yet another thing in the car that breaks.
Forkeded48
50%
50%
Forkeded48,
User Rank: Apprentice
5/11/2016 | 4:44:05 PM
Re: No remote access while in motion?
I am very eager to try these new cars in real situation. But it will require a lot of administrative and security work to launch them at large scale.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/9/2016 | 7:50:16 AM
No remote access while in motion?
Although I am concerned about car hacking, which is more likely to become problematic as cars become more connected, as with every piece of tech out there, I do wonder if one way to mitigate a lot of potential issues would be to disable all forms of wireless access while the vehicle is in motion.

If parts of its systems are locked down remote assistance is disabled while a car is in motion, would we not be able to avoid any such issues of mid-drive hacking?

Similarly so, requiring the use of a local hardware 'key' before remote administative tasks are performed could also cut back on pre-drive hacking I would imagine.

Are car companies looking to put such measures in place?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.