News

Your Car and Data Security Vulnerabilities

Thu, 10/03/2016 - 09:43
Cloud Services

Data security doesn't only mean that your stored data backup is always available when you need it. It also means that no unauthorised person should be able to get their hands on it. Data breaches and malware attacks are commonplace in today's IT-driven world. This sad fact has been highlighted in recent news and is especially worrisome since the issue relates to data security on car computers.

The automotive industry is continually innovating in trying to make cars safer and more reliable, more efficient, more comfortable, more luxurious. With this comes more electronically driven and computerised components that facilitate such complex technological advancements – the main one being the Electronic Control Unit (ECU). A few decades ago, this used to only allow for engine management of fuel efficiency and emissions but have since been expanded to power things like your GPS/sat-nav system, car security, and even remote access from the car manufacturer.

Dodged the Bullet

An example of one such vulnerable system was the Fiat Chrysler (also think Jeep, Dodge) system called uConnect, which was flagged for possible data security exploitation mid-2015. Reported by TheRegister.co.uk, "the flaw can be exploited by an attacker to wirelessly take control of the engine, brakes and entertainment system." This was made possible by the system being connected to the internet through the uConnect cell network without authentication.

Trying to Fix It

Since then a fix has been developed but requires manual installation using a USB drive. Still the manufacturer issued a recall of the afflicted models to minimise further collateral damage. Not only has there already been significant reputational damage to Fiat Chrysler, but a class-action lawsuit has been instituted against the company.

The guys who discovered the uConnect vulnerability, Charlie Miller, security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, are also highlighting a more complex problem with ECU data security in that they are generally more hackable than one would expect. If you have the rights tools and skills, cars' steering, braking, and acceleration that are automatically managed can be manipulated from outside.

Currently only a few manufacturers have models in production that are exposed in this way and already better protective measures are being developed to prevent foreign instructions from being sent to control modules that would unfavourably affect the vehicle's behaviour. In a demonstration at the Blackhat 2014 conference, Miller and Valasek showed, with their "Can-no hackalator 3000", that a simple intrusion detection system (IDS) can be used to stop an attack. It showed such a system would be able to learn a car's internal communications and block anything that looked suspicious – effectively disabling the automatic controls but allowing full manual control back to the driver.

Drive Safe

So make sure you're aware of your car's make and model and that you're in contact with the manufacturer about any data security vulnerabilities. Keep up to date with any software updates released by the manufacturer or third-party providers. It's the best way of staying protected while the kinks are being ironed out.

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organisation’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018