Intel Takes On Car Hacking, Founds Auto Security ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

jscott490,
User Rank: Apprentice
9/17/2015 | 12:16:11 PM

Looks like marketing to me

Intel doesn't have much of a presence in automotive electronics (they don't even show up in top 10 of automotive electronics providers), so this seems like more of a move to get into a market that they have continually failed in than anything else, to me. Even the infotainment systems are more likely to use smart phone processors and electronics where Intel also doesn't play well.

As seen from the hacker stuff, the weak point in all automotive electronics is the infotainment systems. They have not been protected as well as they should be, and they have been used along with in-depth research to reprogram the micros that are on the CAN bus and send erroneous messages. Harden the entry point (i.e. infotainment) and the rest will be fine.

Reply | Post Message | Messages List | Start a Board

50%

Enrico Fontan,
User Rank: Strategist
9/15/2015 | 12:28:22 PM

New security controls

As started in the SCADA systems, we need to adopt security controls also in the Automotive environment.

Car system integration can be a big step, think about engines interacting with GPS to understand terrain data (objective:save fuel).

We still can have "isolated" systems, but as in other IT systems we need to think about data flow and data access permissions.

On the other hand, without such controls system integration can bring several risks.

Reply | Post Message | Messages List | Start a Board

50%

DarkerMind,
User Rank: Apprentice
9/15/2015 | 11:27:09 AM

Re: Vehicle hacking

@DontBeknown You make excellent points. I think it was naive to design this system without planning for security

Reply | Post Message | Messages List | Start a Board

100%

DontBeknown,
User Rank: Apprentice
9/14/2015 | 11:19:45 PM

Vehicle hacking

It is interesting how we think that we "need" our engine, brakes, transmission, etc. to be connected via network to our entertainment system and internet.

They've been running into this in the aircraft world as well. In the past, you were not allowed to have ANY primary system in an aircraft hooked into any other system. In otherwords - Engine # 1 circuts would be separated physically and electronically from any of the other systems (primary navigation did this as well). All primary systems would be done this way for safety reasons - you wouldn't want a problem on Engine #2 to take out the controls for Engine #1 now - would you?

With the advent of networking - they (engineers) figure they can do it better - forgetting all that has been learned about safety in the past. Why would you ever hook the entertainment system (and internet) to engine controls? Or brakes? or the transmission? It need not be that way. It's gone as far as hackers being able to OPEN THE DOORS on moving vehicles on the freeway!! Really? Is this level of integration required or is it just an open barn door of "we can so we will"?

Take this level of sophistication out of cars. It is not needed. The entertainment system (and navigation system) should be separate from the drivetrain and safety equipment in ANY vehicle. This level of networked BS is stupid, and dangerous.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Cybersecurity Technology - March 24 Dark Reading Virtual Event

Black Hat Spring Trainings 2022 - February 28 - March 3 - Learn More

SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV

More Informa Tech Live Events

White Papers

Zero Trust and the Power of Isolation for Threat Prevention

Zero Trust in Real Life

Protecting Your Mainframe Against Relentless Ransomware

2021 Ransomware Threat Report

Identity Sprawl and the Toll of Enterprise Identity Debt

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

How Enterprises Are Assessing Cybersecurity Risk in Today's Environment

The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-0351
PUBLISHED: 2022-01-25

Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.

CVE-2021-39031
PUBLISHED: 2022-01-25

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM ...

CVE-2021-46087
PUBLISHED: 2022-01-25

In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.

CVE-2021-34865
PUBLISHED: 2022-01-25

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issu...

CVE-2021-34866
PUBLISHED: 2022-01-25

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of e...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]