Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/6/2016
10:00 AM
Eric Friedberg
Eric Friedberg
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Connected Cars: Strategies For Reducing The Ever-Expanding Risk

The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.

As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie." They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.

In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.

This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.

Understanding The Attack Surface

A connected car’s attack surface is broad and continuously changing. For example:

Corporate networks: Phishing attacks or attacks against insecure Wi-Fi and remote access connections, websites, partner and vendor networks, and the physical perimeter can give a cybercriminal a foothold into the entire corporate network. Attackers could then seek to escalate privileges to obtain broad access to protected resources such as the software development environment or other sensitive information about the car and customer information. Once broad privileges are obtained, hackers can discretely perform unauthorized actions including stealing, deleting, or corrupting data, as they have in high-profile retail, healthcare, manufacturing, and pharma cases over the past several years.

Manufacturing networks: Other industries have experienced attacks by cybercriminals -- including nation states -- targeting industrial control systems to destroy equipment, disrupt operations, and corrupt data. Once a hacker has breached an organization, she/he can use the company’s own software distribution tools to broadly push out malware and other back-door laden software, even to the cars themselves.

Cars: Cellular, Bluetooth, and infrared key fob technologies provide interfaces over which hackers can gain remote control. The information flowing to and from the car has already been the subject of successful hacks.

Aftermarket networks: Devices and applications substantially expand and change the attack surface. Besides reverse engineering applications, hackers can socially engineer a breach by mailing infected dongles disguised as software upgrades, safe driving add-ons, or fleet-management tools packaged like they are from the manufacturer, tricking drivers into inserting the dongle into the car’s On Board Diagnostic port.

Internal and External Threats: Automakers can better understand their risks and prioritize security efforts by understanding the most likely attacker motives. For example, the Jeep hack resulted in a recall of approximately 11 million vehicles, and Chrysler’s stock dropped 6.4% the day after the recall, before rebounding. An enterprising criminal could use that window to short-sell the stock before the hack and make millions. Alternatively, hacktivists could also publicize vulnerabilities as a means of protest, using public fear and the market as a political tool. In a worst-case scenario, terrorists could use remote control to cause injury.

Within the car industry, security executives must take an integrated – not siloed – approach to managing risk because once inside any of the networks below, attackers can pivot into any other. As the connected car market evolves, so too will attacker motives and attack vectors. This will require mature threat assessments and intelligence programs that identify and rank threats by relevance to sector-specific data, company-specific data (including a company’s history with certain attack or protest groups), geo-political trends, and the security posture of the company’s vehicles. It is only in the context of such a program that companies can align their security efforts with the most likely threats and budget accordingly.

A Holistic Approach to Governance

Modern cyber governance requires a top-down approach and dedicated investment. Automakers must assess the organizational structures that underlie their risk mitigation efforts and the processes they use to identify risks. Security officers will need to: 

  • Eliminate silos by pursuing a holistic approach to securing interconnected corporate, manufacturing, vehicle management, supply chain, and aftermarket networks. This will include exercises that force groups to work collaboratively and strong leadership from a central executive function, such as the CISO, responsible for risk across all components and departments.
  • Instill a security culture that values routinely exposing vulnerabilities in order to create a robust cybersecurity posture by running ethical hacking exercises and studying potential criminal behavior. Look to professionals for this – people who know exactly how real hackers exploit technology and human weaknesses to achieve their goals, and have no intra-corporate political constraints on what code or processes they are willing to break or challenge.
  • Create a continuous cycle of improvement by identifying, exploiting, and remediating vulnerabilities. Then repeat. Hackers always seek new exploits. To stay ahead, so should automakers.

Such a resilience-building model that unifies the security ecosystem and continuously seeks to identify possible new exploits is the best way for automakers to keep their customers safe and mitigate their own enterprise risk. Automakers must, in essence, hack themselves.  

Related Content:

Eric Friedberg is executive chairman of cybersecurity and risk consulting firm Stroz Friedberg. Mr. Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. He ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
haq4good
50%
50%
haq4good,
User Rank: Apprentice
5/15/2016 | 3:41:03 AM
Re: No remote access while in motion?
If no remote access whilst in motion, this would require a physical solution.  Some sort of inertial switch that has no electronic intercept.  Otherwise it can be bypassed when the car is not in motion (which is most of the time), so that it does not activate the defence when in motion.

A physical solution may be damaged by road activities.  Yet another thing in the car that breaks.
Forkeded48
50%
50%
Forkeded48,
User Rank: Apprentice
5/11/2016 | 4:44:05 PM
Re: No remote access while in motion?
I am very eager to try these new cars in real situation. But it will require a lot of administrative and security work to launch them at large scale.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/9/2016 | 7:50:16 AM
No remote access while in motion?
Although I am concerned about car hacking, which is more likely to become problematic as cars become more connected, as with every piece of tech out there, I do wonder if one way to mitigate a lot of potential issues would be to disable all forms of wireless access while the vehicle is in motion.

If parts of its systems are locked down remote assistance is disabled while a car is in motion, would we not be able to avoid any such issues of mid-drive hacking?

Similarly so, requiring the use of a local hardware 'key' before remote administative tasks are performed could also cut back on pre-drive hacking I would imagine.

Are car companies looking to put such measures in place?
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.