• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Hitting the road: New cyber threats to smart cars

Hitting the road: New cyber threats to smart cars

  • Posted on:March 23, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Cyber security is officially becoming a priority for automobile manufacturers.

Ever since the infamous simulation of a Jeep Cherokee hack left a Wired reporter stuck on the side of the road, smart-car cyber security discussions have continued to gain traction. While some fears may be overinflated, it's a fact that once something is connected to the Internet, it becomes a potential gateway for cybercrime. This includes the billions of devices that may be connected in the few years as the Internet of Things continues to proliferate. 

But among the vast array of IoT systems, cyber attack scenarios against connected cars are undoubtedly some of the most frightening. Let's review some of the newest threats to smart cars:

Killing the battery across the world

In a recent blog post, Trend Micro discussed the alarming findings of computer security researchers Troy Hunt and Scott Helme. The pair found out that an application tied to The Nissan Leaf, which is one of the world's top-selling electric cars, could have certain features controlled from anywhere in the world that has Internet connectivity. 

After learning that the Leaf used only the vehicle identification number (VIN) for authentication, Hunt and Helme decided to find out what a remote user might be able to accomplish if they somehow accessed this information. The good news is that because the Leaf does not have a feature that allows for the remote unlocking of doors, the exploit wouldn't  necessarily allow a cyber criminal to get into the vehicle. The bad news, however, is that the car doesn't have to be broken into to be compromised. 

Some of the useful features of Nissan's application for its connected cars is tracking of distance and travel times as well as battery life, which can all be valuable for maintenance purposes, and the ability to remotely control the car's climate. This latter feature can be handy in the hot summer months or in cold climates, as it allows the driver to walk into a car that is at a comfortable temperature. However, this also means that any person who has the car's VIN and Nissan's application can effectively drain a vehicle's battery. It sounds like a minor defect, but it's actually a huge deal. Imagine if the application allowed for other remote features. What if it could turn the parking break on? What if it could disable the transmission in the event that the vehicle is reported stolen? With poor authentication any remote control features that could be extremely useful for car owners can become threatening. 

Gone in 18 seconds

San Diego-based computer science researcher Stephen Savage recently found a way to hijack a smart car 18 seconds with little more than a CD loaded up with the right .WMA file. According to a recent Trend Micro blog post, Savage found that smart car manufacturers will generally have a mix of operating systems onboard the vehicle, some of which are more vulnerable to cyberattacks than others.

In this case, Savage was able to exploit a weak in-vehicle entertainment system. He preloaded a CD with malware, and then played it through the car's sound system, and from there, was able to take control of the vehicle. While not quite as scary as finding that your transmission has been completely cut off while on the freeway, grand theft auto via cyberattack is still quite an unsettling thought, and further highlights just how far we have to go before connected cars can be considered cyber secure. Savage noted that a simple firewall would not have patched the security hole that allowed him to take control of the vehicle. 

Comprehensive cyber security is rapidly becoming a top-of-mind issue for automobile manufacturers and third-party software vendors for smart cars. With future of the car is just around the bend, let's hope our vehicles are safe from hackers by the time we get there. 

Related posts:

  1. ISO/SAE 21434: It’s time to put the brakes on connected car cyber-threats
  2. ā€œTalkingā€ cars and Crash Prevention: Thumbs up or Risky Venture?
  3. Penetration testing: Researchers successfully hack a vibrator
  4. Highway hacking hi-jinx: Automobile vulnerabilities in the IoT

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, ę—„ęœ¬, ėŒ€ķ•œėÆ¼źµ­, å°ē£
  • Latin America Region (LAR): Brasil, MĆ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Ɩsterreich / Schweiz, Italia, Š Š¾ŃŃŠøŃ, EspaƱa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.