• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Hacks   »   Is Your Car Connected or Protected?

Is Your Car Connected or Protected?

  • Posted on:August 4, 2015
  • Posted in:Hacks, Internet of Everything, Security, Vulnerabilities & Exploits
  • Posted by:
    Cara West-Wainwright
0

Could you have imagined five years ago that the car you’re driving would have greater computing power than the Apollo 11 that landed on the moon? And could you have imagined that those same cars would be manufactured with state-of-the-art roll bars, airbags and anti-lock brakes to prevent accident and injury, but not sufficient cyber security? Unfortunately that’s the reality now facing us.

Securing the Internet of Things and connected cars is set to be a major theme at this year’s Black Hat show in Las Vegas this week. And it’s an area in which Trend Micro is already leading the field.

Cars in crisis

Technology often has a nasty habit of advancing quicker than the cyber security measures needed to make it safe. We see it all the time in computer software and smartphone apps, driven by the manufacturers’ commercial imperative to get products ready and out on the market as soon as possible. Unfortunately, it also seems to be the case with the new generation of connected automobiles – products rushed out with potentially serious software flaws. The difference is that unlike a smartphone app, however, these vulnerabilities could put the user in real physical danger.

This will be fully explored at Black Hat when researchers Charlie Miller and Chris Valasek show off a highly anticipated attack on a Jeep Cherokee. It works by hijacking the uConnect system used by the car to obtain wireless access to the vehicle’s controls. In so doing they claim to be able to remotely control the engine and brakes. All that’s needed is the car’s public IP address. It doesn’t take a genius to work out how dangerous that could be in the wrong hands.

Trend Micro has been researching this emerging area of cyber security for some time. We recently discovered that an attacker could quite easily gain access to the SmartGate system in Skoda cars which allows owners to read vehicle data including speed and gas consumption. All a hacker needs to do is stay within 50 feet of the car, identify its Wi-Fi network, and break the password – which is weakly secured. In real world tests we were able to crack the password while driving behind a car at 30-40 kph. Wi-Fi Direct also makes it easier for hackers to determine the PIN.

The vulnerability here is unlikely to put the driver in physical danger. However, there aren’t many Skoda owners out there who’d be happy knowing they could be stalked by a cybercriminal thanks to deficiencies in the design of the vehicle’s on-board computer systems.

Connected or protected?

It’s clear that we’ve only just scratched the surface when it comes to cyber security in automobiles. And I’ll be looking forward to hearing about much more fascinating research like this at Black Hat and beyond.

At the end of July, Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Security and Privacy in Your Car (SPY Car) Act – which aims to mandate clear minimum standards for car manufacturers. It’s a step in the right direction, but there’s still a long way to go. In the meantime, our global TrendLabs research team and the security community as a whole will continue to probe and highlight deficiencies in the next generation of computer-powered automobiles.

As Markey said, drivers shouldn’t have to choose between being connected and being protected.

For more information on Trend Micro’s presentations click on the following links:

The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems

Winning the Online Banking War

Related posts:

  1. Securing Our Connected Car Future with Panasonic
  2. Securing Our Connected Car Future with Panasonic
  3. Security flaw at thousands of gas stations shows risks for Internet of Everything
  4. Connected Car Standards – Thank Goodness!

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.