Automobile Industry Accelerates Into Security

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

<< < Page 2 / 2

50%

Beau Woods,
User Rank: Apprentice
7/16/2014 | 10:34:42 AM

How do researchers interface with the group

I'm excited to hear the news that the Auto Industry is getting more proactive about security issues, especially those which can affect human life and public safety. Is there any indication of how security researchers interface with the ISAC? For instance, will the group help coordinate disclosures with the broader industry? Will they solicit recommendations for improving security from researchers and get those to the automakers themselves?

I'm part of a growing group of security researchers called I Am The Cavalry and we are pushing for exactly these sorts of collaborations between the research community and manufacturers. So far the people we have talked to in those organizations have been interested in working together but there are few mechanisms to do so. Hopefully this ISAC can serve some of that function.

Reply | Post Message | Messages List | Start a Board

50%

Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 9:57:06 AM

Re: Automobile cyber security

Your concerns and questions are spot on, @GonzSTL. No specifics yet from the auto industry folks on just how they plan to secure, fix, and address vulns in these current and future automation and networked features, but it is a crucial endeavor. I am looking forward to seeing how the auto industry ultimately works with security researchers, etc., because more and more of them are scrutinizing auto technologies for vulns.

Reply | Post Message | Messages List | Start a Board

50%

GonzSTL,
User Rank: Ninja
7/16/2014 | 9:52:35 AM

Automobile cyber security

A while back, I saw a video demonstrating the takeover of an automobile's electronic control systems via a cell phone. That was rather scary! I imagined myself driving a "connected" car, listening to music I had previously downloaded from the internet and saved to portable media (CD, USB drive, SD card, smartphone, etc.) that was plugged in to my car audio system, without knowing that the music file I downloaded contained a remote access trojan designed for automobile systems. Additionally, by sheer coincidence another driver in a similar situation happened to share the same road, and was headed towards me. What if both trojans were controlled by the same bad guy? It is not difficult to envision other nasty scenarios regarding automobile cyber security.

Automobile computer environments are really just a microcosm of IT infrastructures we see in organizations. They are comprised of multiple computers, each with their own functions, and most of them communicate with each other via a data network. Shouldn't we see proper segmentation and layered security within those automobile computer systems, in the same way we see them in our organizational computing environments? I realize that additional layers of security incur additional expense, and impact automated decisions cricital in the safe operation of the vehicle, but certainly the scenario above, and other, more potentially damaging scenarios justify the need.

I certainly hope that automobile systems security isn't treated in the same way that King Roland secured their "air shield", prompting Dark Helmet's comment "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"

Reply | Post Message | Messages List | Start a Board

<< < Page 2 / 2

Hot Topics

Editors' Choice

Why Cyber-Risk Is a C-Suite Issue

Marc Wilczek, Digital Strategist & CIO Advisor, 11/12/2019

Unreasonable Security Best Practices vs. Good Risk Management

Jack Freund, Director, Risk Science at RiskLens, 11/13/2019

Breaches Are Inevitable, So Embrace the Chaos

Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Cisco & Amazon Web Services to Keynote at Enterprise Connect 2020

More Informa Tech Live Events

White Papers

Getting Started With Emerging Technologies

[Infographic] Are You Maximizing Value of the Cloud?

2019 State of DevOps

Secure Cloud Transformation

Managing SaaS and Cloud Service Performance

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "Looks like the Trojans are evolving into a more focused attack mode."

Cartoon Archive

Current Issue

Navigating the Deluge of Security Data

In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Rethinking Enterprise Data Defense

Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprise

0 comments

2019 Online Malware and Threats

0 comments

The State of IT Operations and Cybersecurity Operations

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2011-2916
PUBLISHED: 2019-11-15

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.

CVE-2019-12757
PUBLISHED: 2019-11-15

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...

CVE-2019-12758
PUBLISHED: 2019-11-15

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.

CVE-2019-12759
PUBLISHED: 2019-11-15

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...

CVE-2019-18372
PUBLISHED: 2019-11-15

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]