Week -4

Car Security Threat 

CYBR-650

   I am the owner of a Toyota Prius so thought about posting car with new technology and its vulnerability. I really did not think about the security while buying the car. It seems with all the gadgets added to cars nowadays, they have become more susceptible to being hacked. Automotive industry may have focused on adding new technologies for the convenient reason but it also exposes more vulnerability to the car security systems. Silvio Cesare, an Australian security researcher, was able to unlock the car wirelessly using some radio equipment and ingenuity. He was able to trick the car into thinking that it's being unlocked with the standard wireless key fob  when actually it's being pinged with a signal from a software-defined radio attached to a laptop. He was able to unlock the car by  finding the frequency of the key fob and then cracking the encryption using a brute force attack.

            Similarly, Charlie Miller, Twitter security engineer, and  Chris Valasek, director of vehicle security research at IOActive, surprised automotive industry with the news of car hacking last year. They were able to show how they were able to hack Toyota Prius and Ford Escape from inside the car. They were able to exploit vulnerabilities in the electronic control units of the car. They were able to by connecting to the vehicle's OnBoard Data Port and was able to take control of the car's locks, headlights, horn, steering and braking system. They made the presentation at the Black Hat USA security conference in Las Vegas last year and released a list of 20 vehicles and rated them on their vulnerability to being hacked. Their vehicle ratings were based on three factors - the vehicles' network architecture, their "attack surface" via wireless access such as Bluetooth and cyber-physical systems such as autonomous braking and steering. They found vehicles' network architecture being the weakest link.

            I like the way how electric carmaker Tesla Motor is doing. They are taking aggressive and proactive strategy for securing its car technology. They brought in the renowned white hat hacker Kristen Paget to oversee vulnerability testing and security for Tesla cars. They are looking to recruit more hackers to help sniff out security vulnerabilities in its software which controls the vehicles. I am glad security engineers likes of Charlie, Chris and Silvio are testing the car security systems. We may think car hacking isn't mainstream and it is very difficult and costs lots of money today and it might change soon in future. So it is important automakers to pay more attention to the car security systems and hire more security expert to do their due diligence regarding security risks. In future, I will make sure to check the car security system rating before buying the car and you should too.

References:

·       Danigelis, A. (October 16, 2014). Is Car Hacking the Next Big Security Threat <<< LiveScience? Retrieved from http://www.livescience.com/48310-car-hacking-security-threats.html

·       Estes, A.C. (August, 04, 2014).Wirelessly Hacking--And Unlocking--Cars Is Easier Than It Should Be <<< gizmodo.com. Retrieved from http://gizmodo.com/wirelessly-hacking-and-unlocking-cars-is-easier-than-1615693270

·       Higgins, K.J. (December 11, 2014). Hiring Hackers To Secure The Internet of Things <<< darkreading.com. Retrieved from http://www.darkreading.com/vulnerabilities---threats/hiring-hackers-to-secure-the-internet-of-things/d/d-id/1318107?