News

Your Car and Data Security Vulnerabilities

Thu, 10/03/2016 - 09:43
Cloud Services

Data security doesn't only mean that your stored data backup is always available when you need it. It also means that no unauthorised person should be able to get their hands on it. Data breaches and malware attacks are commonplace in today's IT-driven world. This sad fact has been highlighted in recent news and is especially worrisome since the issue relates to data security on car computers.

The automotive industry is continually innovating in trying to make cars safer and more reliable, more efficient, more comfortable, more luxurious. With this comes more electronically driven and computerised components that facilitate such complex technological advancements – the main one being the Electronic Control Unit (ECU). A few decades ago, this used to only allow for engine management of fuel efficiency and emissions but have since been expanded to power things like your GPS/sat-nav system, car security, and even remote access from the car manufacturer.

Dodged the Bullet

An example of one such vulnerable system was the Fiat Chrysler (also think Jeep, Dodge) system called uConnect, which was flagged for possible data security exploitation mid-2015. Reported by TheRegister.co.uk, "the flaw can be exploited by an attacker to wirelessly take control of the engine, brakes and entertainment system." This was made possible by the system being connected to the internet through the uConnect cell network without authentication.

Trying to Fix It

Since then a fix has been developed but requires manual installation using a USB drive. Still the manufacturer issued a recall of the afflicted models to minimise further collateral damage. Not only has there already been significant reputational damage to Fiat Chrysler, but a class-action lawsuit has been instituted against the company.

The guys who discovered the uConnect vulnerability, Charlie Miller, security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, are also highlighting a more complex problem with ECU data security in that they are generally more hackable than one would expect. If you have the rights tools and skills, cars' steering, braking, and acceleration that are automatically managed can be manipulated from outside.

Currently only a few manufacturers have models in production that are exposed in this way and already better protective measures are being developed to prevent foreign instructions from being sent to control modules that would unfavourably affect the vehicle's behaviour. In a demonstration at the Blackhat 2014 conference, Miller and Valasek showed, with their "Can-no hackalator 3000", that a simple intrusion detection system (IDS) can be used to stop an attack. It showed such a system would be able to learn a car's internal communications and block anything that looked suspicious – effectively disabling the automatic controls but allowing full manual control back to the driver.

Drive Safe

So make sure you're aware of your car's make and model and that you're in contact with the manufacturer about any data security vulnerabilities. Keep up to date with any software updates released by the manufacturer or third-party providers. It's the best way of staying protected while the kinks are being ironed out.

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organizations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 10, 2018