IoT
11/10/2017
02:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FASTR consortium announces release of 'Automotive Industry Guidelines for Secure Over-the-Air Updates'

Document provides evaluators with comprehensive, objective guidelines by which to analyze automotive software over-the-air (SOTA) update systems

WILMINGTON, Del. (Nov. 8, 2017) – FASTRSM, a nonprofit research consortium dedicated to automotive cybersecurity, today announced the availability of “Automotive Industry Guidelines for Secure Over-the-Air Updates.”

The guidelines are intended to assist automotive manufacturers and others involved in evaluating platforms for secure updates, describing the threat models, providing recommended cryptographic algorithms and detailing a step-by-step checklist for evaluating SOTA systems.The documentilluminates one area of opportunity for research and innovation in the automotive security ecosystem.

“Today’s modern automotive ecosystem requires a robust, adaptable approach to maintain the security and integrity of the growing intelligently connected vehicles on the roads. Provenance and operational verification of software components in a forensically sound manner is critical,” said Craig Hurst, FASTR executive director. “These guidelines will serve as a comprehensive, objective resource to help OEMs analyze SOTA systems and make wise design choices.”

Founded by Aeris, Intel and Uber in 2016, FASTR seeks to accelerate automotive security by marshaling industry-wide collaboration on crucially needed research. To become a member of FASTR, get involved and lend expertise to plans for 2018 activities, go to https://fastr.org/membership/.

 

About FASTR

FASTR—Future of Automotive Security Technology Research—is a neutral nonprofit automotive security research consortium working to drive systematic coordination of cybersecurity across the entire supply chain and ensure trust in the connected and autonomous vehicle of the future. For more information, please visit fastr.org

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20201
PUBLISHED: 2018-12-18
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
CVE-2018-20194
PUBLISHED: 2018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy l...
CVE-2018-20195
PUBLISHED: 2018-12-18
A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2018-20196
PUBLISHED: 2018-12-18
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
CVE-2018-20197
PUBLISHED: 2018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy l...