Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/6/2016
10:00 AM
Eric Friedberg
Eric Friedberg
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Connected Cars: Strategies For Reducing The Ever-Expanding Risk

The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.

As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie." They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.

In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.

This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.

Understanding The Attack Surface

A connected car’s attack surface is broad and continuously changing. For example:

Corporate networks: Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cybercriminal a foothold into the entire corporate network. Attackers could then seek to escalate privileges to obtain broad access to protected resources such as the software development environment or other sensitive information about the car and customer information. Once broad privileges are obtained, hackers can discretely perform unauthorized actions including stealing, deleting, or corrupting data, as they have in high-profile retail, healthcare, manufacturing, and pharma cases over the past several years.

Manufacturing networks: Other industries have experienced attacks by cybercriminals -- including nation states -- targeting industrial control systems to destroy equipment, disrupt operations, and corrupt data. Once a hacker has breached an organization, she/he can use the company’s own software distribution tools to broadly push out malware and other back-door laden software, even to the cars themselves.

Cars: Cellular, Bluetooth, and infrared key fob technologies provide interfaces over which hackers can gain remote control. The information flowing to and from the car has already been the subject of successful hacks.

Aftermarket networks: Devices and applications substantially expand and change the attack surface. Besides reverse engineering applications, hackers can socially engineer a breach by mailing infected dongles disguised as software upgrades, safe driving add-ons, or fleet-management tools packaged like they are from the manufacturer, tricking drivers into inserting the dongle into the car’s On Board Diagnostic port.

Internal and External Threats: Automakers can better understand their risks and prioritize security efforts by understanding the most likely attacker motives. For example, the Jeep hack resulted in a recall of approximately 11 million vehicles, and Chrysler’s stock dropped 6.4% the day after the recall, before rebounding. An enterprising criminal could use that window to short-sell the stock before the hack and make millions. Alternatively, hacktivists could also publicize vulnerabilities as a means of protest, using public fear and the market as a political tool. In a worst-case scenario, terrorists could use remote control to cause injury.

Within the car industry, security executives must take an integrated – not siloed – approach to managing risk because once inside any of the networks below, attackers can pivot into any other. As the connected car market evolves, so too will attacker motives and attack vectors. This will require mature threat assessments and intelligence programs that identify and rank threats by relevance to sector-specific data, company-specific data (including a company’s history with certain attack or protest groups), geo-political trends, and the security posture of the company’s vehicles. It is only in the context of such a program that companies can align their security efforts with the most likely threats and budget accordingly.

A Holistic Approach to Governance

Modern cyber governance requires a top-down approach and dedicated investment. Automakers must assess the organizational structures that underlie their risk mitigation efforts and the processes they use to identify risks. Security officers will need to: 

  • Eliminate silos by pursuing a holistic approach to securing interconnected corporate, manufacturing, vehicle management, supply chain, and aftermarket networks. This will include exercises that force groups to work collaboratively and strong leadership from a central executive function, such as the CISO, responsible for risk across all components and departments.
  • Instill a security culture that values routinely exposing vulnerabilities in order to create a robust cybersecurity posture by running ethical hacking exercises and studying potential criminal behavior. Look to professionals for this – people who know exactly how real hackers exploit technology and human weaknesses to achieve their goals, and have no intra-corporate political constraints on what code or processes they are willing to break or challenge.
  • Create a continuous cycle of improvement by identifying, exploiting, and remediating vulnerabilities. Then repeat. Hackers always seek new exploits. To stay ahead, so should automakers.

Such a resilience-building model that unifies the security ecosystem and continuously seeks to identify possible new exploits is the best way for automakers to keep their customers safe and mitigate their own enterprise risk. Automakers must, in essence, hack themselves.  

Related Content:

Eric Friedberg is executive chairman of cybersecurity and risk consulting firm Stroz Friedberg. Mr. Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. He ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
haq4good
50%
50%
haq4good,
User Rank: Apprentice
5/15/2016 | 3:41:03 AM
Re: No remote access while in motion?
If no remote access whilst in motion, this would require a physical solution.  Some sort of inertial switch that has no electronic intercept.  Otherwise it can be bypassed when the car is not in motion (which is most of the time), so that it does not activate the defence when in motion.

A physical solution may be damaged by road activities.  Yet another thing in the car that breaks.
Forkeded48
50%
50%
Forkeded48,
User Rank: Apprentice
5/11/2016 | 4:44:05 PM
Re: No remote access while in motion?
I am very eager to try these new cars in real situation. But it will require a lot of administrative and security work to launch them at large scale.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/9/2016 | 7:50:16 AM
No remote access while in motion?
Although I am concerned about car hacking, which is more likely to become problematic as cars become more connected, as with every piece of tech out there, I do wonder if one way to mitigate a lot of potential issues would be to disable all forms of wireless access while the vehicle is in motion.

If parts of its systems are locked down remote assistance is disabled while a car is in motion, would we not be able to avoid any such issues of mid-drive hacking?

Similarly so, requiring the use of a local hardware 'key' before remote administative tasks are performed could also cut back on pre-drive hacking I would imagine.

Are car companies looking to put such measures in place?
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.