Safeguarding the Code That Drives Modern Vehicles

Surprisingly, these vehicles are governed by over 100 million lines of code, running across 50 to over 100 independent processors known as electronic control units.
Since 1996 for American vehicles and 2001 for European ones, standardized connectors have been mandated to interface with the local vehicle computer network.
Embedded LTE connectivity has been integrated into vehicles since 2014, allowing manufacturers to collect performance data and implement remote controls, such as lock/unlock and remote start functions.
Imagine hurtling down the highway at 70 miles per hour and losing control of your vehicle remotely.
This isn't just about data, it's about the lives of every individual in and around the vehicle.
Ford's recent launches of electric vehicles, the F-150 Lightning and Mustang Mach-E SUV, underscore this transformation.
It's imperative to recognize that code security practices must evolve in tandem as technology progresses.
Beyond flashy infotainment systems and seamless navigation experiences, the bedrock of any vehicle's security lies in its underlying security infrastructure.
These systems are often interconnected with vital subsystems, like the engine, brakes, and sensors, which create a broad attack surface in conjunction with the embedded LTE connection, This implies that if hackers target the infotainment system, they might gain access to sensitive information and potentially gain control over vital vehicle functions.
This can lead to customer data breaches, intellectual property theft, company-wide systems manipulation, and even unauthorized access to mobile apps for controlling vehicles.
Hardcoded credentials in vehicles aren't limited to automakers alone; they extend throughout the supply chain.
Each component, equipped with its software, may harbor embedded secrets, sometimes lacking robust security measures for safeguarding them.
Within this intricately connected ecosystem, the Telematics server is a pivotal gateway, receiving data from vehicles and executing remote commands.
They are often inadequately protected, leaving vehicles susceptible to unauthorized access.
A breach in this system could have dire consequences - from locking owners out of their vehicles to initiating erratic and potentially dangerous behaviors.
In extreme cases, attackers could even seize control of a vehicle's steering, imperiling lives on the road. This underscores the critical need for robust secrets security within Android and iOS applications, and the command and control infrastructure.
A significant step forward has been taken, granting independent repair shops access to vital vehicle data.
As vehicles increasingly undergo updates via Over-The-Air processes, it creates a potential entry point for attackers.
As the automotive industry hurtles into the digital age, one thing is abundantly clear: the safety and security of both vehicles and their passengers hinge on robust secrets protection.
The stakes are high, and the onus is on the industry to ensure that future vehicles dazzle with technology and are fortified with rock-solid code security measures.


This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sat, 09 Mar 2024 18:43:05 +0000


Cyber News related to Safeguarding the Code That Drives Modern Vehicles

Autonomous Vehicles: Driving the Future - The realm of autonomous vehicles presents a fascinating scenario where machines assume control of the wheel, ushering in a new era of transportation. The evolution of autonomous vehicles began quietly in the early days of the automotive industry, ...
8 months ago Securityzap.com
How Autonomous Vehicles are Revolutionizing the Last-Mile Logistics Industry - Cybersecurity will be one of the key concerns as last-mile logistics companies look to enhance efficiency with autonomous vehicles. The growing acceptance of robotaxis is good news for delivery companies who see autonomous vehicles as a tool for ...
8 months ago Cyberdefensemagazine.com
Safeguarding the Code That Drives Modern Vehicles - Surprisingly, these vehicles are governed by over 100 million lines of code, running across 50 to over 100 independent processors known as electronic control units. Since 1996 for American vehicles and 2001 for European ones, standardized connectors ...
8 months ago Cyberdefensemagazine.com
Critical Automotive Vulnerability Exposes Fleet-wide Hacking Risk - In the fast-evolving landscape of automotive technology, researchers have uncovered a critical vulnerability that exposes an unsettling potential: the ability for hackers to manipulate entire fleets of vehicles, even orchestrating their shutdown ...
11 months ago Cysecurity.news
Tesla 'Recalls' Two Million Cars Autopilot Risk - Elon Musk's Tesla is to 'recall' nearly every vehicle sold in the United States, after two year NHTSA investigation. Elon Musk's Tesla is having to recall nearly all its vehicles it has sold in the United States, after the US transportation safety ...
11 months ago Silicon.co.uk
The reality of hacking threats in connected car systems - The automotive industry faces new cybersecurity challenges as vehicles become more connected. All parties in the manufacturing supply chain should follow key principles for vehicle cybersecurity, such as organizational security, risk assessment and ...
10 months ago Helpnetsecurity.com
License Plate Readers Are Creating a US-Wide Database of Political Lawn Signs and Bumper Stickers | WIRED - These images were generated by AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and ...
2 months ago Wired.com
New TetrisPhantom hackers steal data from secure USB drives on govt systems - A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely ...
1 year ago Bleepingcomputer.com
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine - A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. Malware researchers saw indications of ...
1 year ago Bleepingcomputer.com
IT consultant in Germany fined for exposing shoddy security The Register - A security researcher in Germany has been fined €3,000 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified ...
10 months ago Theregister.com
WTH is Modern SOC, Part 1 - Back in 2016 when I was a Gartner analyst, I was obsessed with the same question. As I said in my now-dead Gartner blog, a lot of security operation centers looked like they were built on a blueprint of a classic paper written by somebody from ...
11 months ago Securityboulevard.com
Elevate Your Security: Meet Modern Attacks With Advanced CSPM - Recent surges in cloud attacks and breaches have given attention to how teams should efficiently protect and run applications in the cloud. This is especially true as misconfigurations top the list of security threats in cloud environments and are ...
11 months ago Securityboulevard.com
Shining a Light on Modern Cyber Battlefield Attacks - It's safe to say that the sophistication of today's criminals is far outpacing the evolution of the defenses they are attacking. A great example of this mismatch is the explosion of malware executing modern battlefield attacks. These attacks first ...
11 months ago Cybersecurity-insiders.com
Waymo Recalls Hundreds Of Vehicles Software Error - Self-driving Waymo vehicles recalled, after two minor collisions in Phoenix, and one vehicle being set on fire in San Fran. Waymo has recalled 444 vehicles, in what has been a tough period for Alphabet's self-driving car division. The recall ...
9 months ago Silicon.co.uk
Persistent Espionage Campaign Targets APAC Governments - Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed "TetrisPhantom." The persistent operation has specifically targeted government institutions in the Asia-Pacific region, utilizing a unique ...
1 year ago Infosecurity-magazine.com
CVE-2023-3028 - Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. ...
1 year ago
Integrating cybersecurity into vehicle design and manufacturing - In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological ...
9 months ago Helpnetsecurity.com
Tesla Issues Fourth Recall For Cybertruck - Most Cybertrucks in the United States are being recalled over problems with windshield wipers and exterior trim. Elon Musk's Tesla is once again having to issue a recall for thousands of its slab-sided Cybertruck vehicles due to a couple of ...
5 months ago Silicon.co.uk
Internet Security: Ensuring Safe Online Experiences - Cybercriminals are constantly evolving their tactics, from sophisticated cyber attacks to insidious data breaches, putting your virtual safety at risk. Protecting your data isn't the only concern; safeguarding your identity, finances, and peace of ...
8 months ago Securityzap.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
10 months ago Feeds.dzone.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
11 months ago Securityzap.com
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem - PRESS RELEASE. DALLAS and TOKYO, May 29, 2024- VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces for the software-defined vehicle and ...
6 months ago Darkreading.com
Secure Password Hashing in Java - In the domain of digital security, password hashing stands as a critical line of defense against unauthorized access. The landscape of hashing algorithms has evolved significantly, with some methods becoming obsolete and newer, more secure techniques ...
11 months ago Feeds.dzone.com
E80 Group secures its AGVs with Cisco industrial solutions and Italtel system integration - These are the conditions for which E80 Group, an Italian multinational, based in Viano, Italy, builds its autonomous and laser guided vehicles that can move around a facility, transport materials, and interact with other machines and systems in ...
6 months ago Feedpress.me
CVE-2015-7267 - Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)