Automobile Industry Accelerates Into Security

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

<< < Page 2 / 2

50%

Beau Woods,
User Rank: Apprentice
7/16/2014 | 10:34:42 AM

How do researchers interface with the group

I'm excited to hear the news that the Auto Industry is getting more proactive about security issues, especially those which can affect human life and public safety. Is there any indication of how security researchers interface with the ISAC? For instance, will the group help coordinate disclosures with the broader industry? Will they solicit recommendations for improving security from researchers and get those to the automakers themselves?

I'm part of a growing group of security researchers called I Am The Cavalry and we are pushing for exactly these sorts of collaborations between the research community and manufacturers. So far the people we have talked to in those organizations have been interested in working together but there are few mechanisms to do so. Hopefully this ISAC can serve some of that function.

Reply | Post Message | Messages List | Start a Board

50%

Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 9:57:06 AM

Re: Automobile cyber security

Your concerns and questions are spot on, @GonzSTL. No specifics yet from the auto industry folks on just how they plan to secure, fix, and address vulns in these current and future automation and networked features, but it is a crucial endeavor. I am looking forward to seeing how the auto industry ultimately works with security researchers, etc., because more and more of them are scrutinizing auto technologies for vulns.

Reply | Post Message | Messages List | Start a Board

50%

GonzSTL,
User Rank: Ninja
7/16/2014 | 9:52:35 AM

Automobile cyber security

A while back, I saw a video demonstrating the takeover of an automobile's electronic control systems via a cell phone. That was rather scary! I imagined myself driving a "connected" car, listening to music I had previously downloaded from the internet and saved to portable media (CD, USB drive, SD card, smartphone, etc.) that was plugged in to my car audio system, without knowing that the music file I downloaded contained a remote access trojan designed for automobile systems. Additionally, by sheer coincidence another driver in a similar situation happened to share the same road, and was headed towards me. What if both trojans were controlled by the same bad guy? It is not difficult to envision other nasty scenarios regarding automobile cyber security.

Automobile computer environments are really just a microcosm of IT infrastructures we see in organizations. They are comprised of multiple computers, each with their own functions, and most of them communicate with each other via a data network. Shouldn't we see proper segmentation and layered security within those automobile computer systems, in the same way we see them in our organizational computing environments? I realize that additional layers of security incur additional expense, and impact automated decisions cricital in the safe operation of the vehicle, but certainly the scenario above, and other, more potentially damaging scenarios justify the need.

I certainly hope that automobile systems security isn't treated in the same way that King Roland secured their "air shield", prompting Dark Helmet's comment "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"

Reply | Post Message | Messages List | Start a Board

<< < Page 2 / 2

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 4/7/2020

FBI Warns Education & Remote Work Platforms About Cyberattacks

Dark Reading Staff 4/3/2020

The Coronavirus & Cybersecurity: 3 Areas of Exploitation

Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital, 4/7/2020

Webinars

Fighting Cybercrime in a Pandemic Threat Landscape

Malicious Insiders: Real Defense for Real Business

Building a Strategy for Detection and Response

Webinar Archives

White Papers

Global Password Security Report

Annual Threat Intelligence Report: Perspectives and Predictions

One Phish, Two Phish, Three Phish, Fraud Phish

Threat Intelligence Spotlight: The Shifting Framework of Modern Malware

NERC Updates May Force Utility Companies into Better Cybersecurity

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

State of Cybersecurity Incident Response

Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.

Download Now!

How Enterprises Are Developing and Maintaining Secure Applications

0 comments

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-11655
PUBLISHED: 2020-04-09

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVE-2020-11656
PUBLISHED: 2020-04-09

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

CVE-2019-20637
PUBLISHED: 2020-04-08

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connecti...

CVE-2020-11650
PUBLISHED: 2020-04-08

An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3-U1. It allows a denial of service.

CVE-2020-11653
PUBLISHED: 2020-04-08

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]