- Jun 9, 2013
- 6,720
Connected car manufacturers have been urged to fundamentally improve the design of their vehicles after major new research revealed flaws across virtually every single component or device tested – at least half of which could be exploited with potentially serious consequences.
Researchers at IOActive spent over 16,000 man hours and three years compiling their latest report, Commonalities in Vehicle Vulnerabilities.
While no specific makes and models of car are mentioned, report author Corey Thuen confirmed to Infosecurity that his team evaluated a multitude of components from tier 1 and tier 2 suppliers which end up in a variety of OEM-end vehicles.
As such, the report “touches a majority of the vehicle market,” he claimed.
Every system tested had at least one vulnerability and failed to follow industry best practice in some way.
More worryingly, half of those discovered bugs were rated critical (25%) or high (25%) impact, meaning they could lead to “complete or partial loss of control over the system,” the report found.
In these cases, it’s due to attackers being able to access the Controller Area Network (CANBus), or compromise or disable electronic control units (ECUs).
However, while “loss of control” could result in hackers being able to remotely steer the car or hit the brakes – as per Miller and Valasek’s research on a Jeep Cherokee last year, and this week – it could also mean winding down the electric windows, depending on the software flaw, said Thuen.
Another caveat to the 50% figure is that attackers first need to access the vulnerability to exploit it, which isn’t always easy
Full Article. Connected Cars Exposed: Half Have Potentially Serious Flaws
Researchers at IOActive spent over 16,000 man hours and three years compiling their latest report, Commonalities in Vehicle Vulnerabilities.
While no specific makes and models of car are mentioned, report author Corey Thuen confirmed to Infosecurity that his team evaluated a multitude of components from tier 1 and tier 2 suppliers which end up in a variety of OEM-end vehicles.
As such, the report “touches a majority of the vehicle market,” he claimed.
Every system tested had at least one vulnerability and failed to follow industry best practice in some way.
More worryingly, half of those discovered bugs were rated critical (25%) or high (25%) impact, meaning they could lead to “complete or partial loss of control over the system,” the report found.
In these cases, it’s due to attackers being able to access the Controller Area Network (CANBus), or compromise or disable electronic control units (ECUs).
However, while “loss of control” could result in hackers being able to remotely steer the car or hit the brakes – as per Miller and Valasek’s research on a Jeep Cherokee last year, and this week – it could also mean winding down the electric windows, depending on the software flaw, said Thuen.
Another caveat to the 50% figure is that attackers first need to access the vulnerability to exploit it, which isn’t always easy
Full Article. Connected Cars Exposed: Half Have Potentially Serious Flaws
