Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Automobile Industry Accelerates Into Security
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/18/2014 | 5:46:48 PM
Re: Upcoming DR Radio episode on car hacking
I look forward to hearing their insights!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/18/2014 | 3:34:23 PM
Re: Upcoming DR Radio episode on car hacking
that sounds like a great show Kelly. I'm fascinated by the idea of self-driving cars. I love the idea of being able leave the driving to the car and use the time to read, work or simply enjoy the view. But there definitely will be a dark side to this. It will be great to hear what Miller and Valasek have to say about it.   
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/18/2014 | 2:14:21 PM
Upcoming DR Radio episode on car hacking
I have security experts/car hackers Charlie Miller and Chris Valasek as my guest on Dark Reading Radio on Wed. July 30 at 1pm ET and they will be sharing some of their newest research into vulnerabilities in cars, both local and remotely hackable. They will have some very interesting insight into all of this.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/18/2014 | 11:50:54 AM
Re: Automobile cyber security
I for one believe self driving cars are inevitable and a good thing for everyone but local police departments.  However, if auto manufacturers do not take security serious then we may all be in for a bumpy ride.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/17/2014 | 9:03:47 AM
Re: Automobile cyber security
Another argument is that the majority of accidents are caused by operator error and that more vehicular automation -- including self-driving cars -- would be safer than what we have now. That's a nice thought, though I shudder to think about what hackers would do in that truly mobile environment. 
supersat
50%
50%
supersat,
User Rank: Apprentice
7/16/2014 | 5:22:47 PM
Re: Automobile cyber security
The first ECUs were for fuel efficiency and emissions control. Now a lot of ECUs provide several critical safety features -- anti-lock brakes, stability control, tire pressure monitoring, airbags, etc. As a side note, a lot of automatic transmissions are implemented with hydraulics that determine when and how to shift.
theb0x
50%
50%
theb0x,
User Rank: Ninja
7/16/2014 | 1:36:11 PM
Re: Automobile cyber security
What exactly is the benefit of automated computer systems in a vehicle besides people being lazy?

Automatic transmission, power door locks, power windows, powered trunk latch, power seats, power seatbelts, cruise control, eco boost, launch control, xdrive, parking assist, ........ brake systems are no longer mechanically controlled. This absolutly disgusts me. How many recalls have there been that require firmware upgrades to fix the problem? Firmware should have nothing to do with a vehicle's brakes. This is why I refuse to buy a new vehicle. I will always have more control and I certainly don't need a computer to tell me my gas cap is loose.
eaglei52
50%
50%
eaglei52,
User Rank: Apprentice
7/16/2014 | 1:24:48 PM
Time to start system hardening now....
One of the first areas to secure is the ECU interface port; the connector under the drivers knee used to  measure emissions via computer status codes. It's wide open to anyone.  The software and connector cables are pc friendly and widely available for next to nothing and on car forums there's abundant instruction on modifying built in functions (e.g. how long headlights stay on after shutoff, programming a new chip key, etc.)  A perfect place to infect in ways limited by only imagination. This physical access alone is enough to take action to harden; let us hope it's already begun.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/16/2014 | 11:10:51 AM
Remote theft
Something I think could become a problem in years to come when automated vehicles are commonplace, is someone remotely taking control and driving it away from your home while you're asleep, or after you've left it in the car park. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 10:47:17 AM
Re: How do researchers interface with the group
No details yet, Beau, but I will be following its progress. Thank you for sharing your thoughts.

I am very familiar with I Am The Cavalry--as a matter of fact, I wrote about it last year when all of the consumer device hacks were coming out at Black Hat & DEF CON: http://www.darkreading.com/attacks-breaches/lost-in-translation-hackers-hacking-consumer-devices/d/d-id/1140272

 

 
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.