IT security risks of features in connected cars
Posted on 02 May 2013.
In an effort to provide new conveniences as well as meet physical security standards, many new consumer vehicles are offering more complex features.

Click the image to view the complete infographic

According to the recent “Connected Car Market (2013-2018)” report, global connected car market shipments are expected to reach 59.86 million units and reach $98.42 billion by 2018. The introduction of features such as remote, self-diagnostics, satellite radios and built-in GPS systems, as well as features like keyless entry and ignition becoming commonplace, create a luxurious driving experience.

However, these features which use integrated telecommunication and informatics systems called “telematics,” can also introduce IT security consequences.

Veracode’s “Connected Vehicles: Too Smart For Their Own Good?” infographic outlines many of the features vehicle manufacturers are developing, as well as the potential risks these applications can introduce.

It includes recent examples of connected vehicles’ vulnerabilities such as:
  • Researchers at UCal hacked into telematics software to control engines, brakes, locks, alerts and more.
  • Researchers at BlackHat 2011 unlocked and started a Subaru Outback using only their smartphones.
  • The Self Destruct Virus starts a 60-second countdown that ends with the virus turning off headlights, locking the doors, shutting down the engine and disabling the brakes.
“The development of features meant to improve the auto industry can also introduce security vulnerabilities that have the potential to cause harm or the loss of data,” said Chris Wysopal, co-founder and CTO of Veracode.

“Bottom line, smarter does not mean more secure, and information contained in vehicles should be treated much like data in a personal or corporate computer. As car companies continue to develop technology meant to make our lives easier, consumers need to be aware of the potential consequences, and car manufactures must take security into consideration throughout the development and implementation process,” Wysopal added.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th