You are here: Home » Specials » TakeTwo » Stories
Business Standard

CIA 'mission' on cars shows concern about next-gen vehicles

Cyber security is considered key to rollout of tomorrow's self-driving and today's connected cars

Reuters 

Cars, vehicles, Uber,

documents showing the US Central Intelligence Agency (CIA) considered a “mission” against connected car technology underscores auto industry concern that the science behind the next generation of could be turned against them.

is considered key to the rollout of tomorrow’s self-driving and today’s connected cars, which resemble computers on wheels with a host of communications routes that hackers could target. 

If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car.

“You have a lot of car companies trying to design to be better suited to automation, which means they’re more attractive to hackers,” said auto consultant Roger Lanctot of Strategy Analytics.

A major strategy for automakers is to reduce the number of communications gateways to crucial systems and to require services offered by third parties to go through a single secure path.

documents show the citing “vehicle systems” and a car operating system from QNX, owned by Blackberry, as “potential mission areas” for the CIA’s “Embedded Devices Branch” to consider.

The QNX operating system, which is used by most global automakers, provides a “a comprehensive, multi-level, policy-driven security model ... to mitigate attacks,” the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, “security is only as strong as its weakest link,” it said.

While the CIA's interest in brought widespread attention, the industry has already received wakeup calls about cars’ potential to be hacked.

Researchers in 2015 used a wireless connection to turn off a Jeep Cherokee’s engine, prompting a recall of 1.4 million by Fiat Chrysler Automobiles.

In September last year, Chinese researchers hacked a Model S sedan, remotely tapping the brakes and popping the trunk. The electric carmaker subsequently patched the bugs using an over-the-air fix. did not respond to a request for comment on its protocol. 

The hacking of the Jeep and the “brought it home to the industry that even if its improbable it’s technically possible,” said Mark Wakefield, global co-head of the automotive practice at AlixPartners. 

If a car was seen as vulnerable, it “could be a big brand problem,” Wakefield said. Hacks could also expose private information shared between car and third parties — credit card numbers, account numbers or passwords — to theft.

A January survey by the University of Michigan’s Transportation Research Institute found that 33 per cent of respondents said they were “extremely concerned” over hacking of full self-driving to cause crashes.

The number of ways into has proliferated, from cell phone signals to dongles. One such gateway is the standard OBD-II port found under the steering wheel historically used for onboard diagnostics. Today, hundreds of after-market devices use the port, whether to monitor driving for insurance needs or provide conveniences like safety alerts.

“The security of these devices is important, as it can provide an attacker with a means of accessing vehicle systems and driver data remotely,” warned the in a March 2016 bulletin on risks to motor

Carmakers are also building walls between non-crucial infotainment systems and driving controls so that any breach is blocked before it could compromise key functions like brakes.

The first step the industry is tackling is intrusion detection, said Lanctot. But what to do when a breach detected is complicated, because shutting off parts of a car could be unsafe, he said. 

was first to champion “over-the-air” technology in which wireless software updates are sent remotely to Although some have argued such updates are a way in for hackers, and others see them a key protection to upgrade security and repair vulnerabilities quickly. 

In January, US lawmakers introduced a bill calling for standards for new but so far US regulators have issued recommendations, not rules, on how carmakers should shield their computer systems from hackers.

The industry is “years away” from solving the problem, Lanctot said, noting that the first generation of built after the Jeep hack that include some kind of detection capabilities will not be seen until early in 2018.

RECOMMENDED FOR YOU

CIA 'mission' on cars shows concern about next-gen vehicles

Cyber security is considered key to rollout of tomorrow's self-driving and today's connected cars

Cyber security is considered key to rollout of tomorrow's self-driving and today's connected cars
documents showing the US Central Intelligence Agency (CIA) considered a “mission” against connected car technology underscores auto industry concern that the science behind the next generation of could be turned against them.

is considered key to the rollout of tomorrow’s self-driving and today’s connected cars, which resemble computers on wheels with a host of communications routes that hackers could target. 

If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car.

“You have a lot of car companies trying to design to be better suited to automation, which means they’re more attractive to hackers,” said auto consultant Roger Lanctot of Strategy Analytics.

A major strategy for automakers is to reduce the number of communications gateways to crucial systems and to require services offered by third parties to go through a single secure path.

documents show the citing “vehicle systems” and a car operating system from QNX, owned by Blackberry, as “potential mission areas” for the CIA’s “Embedded Devices Branch” to consider.

The QNX operating system, which is used by most global automakers, provides a “a comprehensive, multi-level, policy-driven security model ... to mitigate attacks,” the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, “security is only as strong as its weakest link,” it said.

While the CIA's interest in brought widespread attention, the industry has already received wakeup calls about cars’ potential to be hacked.

Researchers in 2015 used a wireless connection to turn off a Jeep Cherokee’s engine, prompting a recall of 1.4 million by Fiat Chrysler Automobiles.

In September last year, Chinese researchers hacked a Model S sedan, remotely tapping the brakes and popping the trunk. The electric carmaker subsequently patched the bugs using an over-the-air fix. did not respond to a request for comment on its protocol. 

The hacking of the Jeep and the “brought it home to the industry that even if its improbable it’s technically possible,” said Mark Wakefield, global co-head of the automotive practice at AlixPartners. 

If a car was seen as vulnerable, it “could be a big brand problem,” Wakefield said. Hacks could also expose private information shared between car and third parties — credit card numbers, account numbers or passwords — to theft.

A January survey by the University of Michigan’s Transportation Research Institute found that 33 per cent of respondents said they were “extremely concerned” over hacking of full self-driving to cause crashes.

The number of ways into has proliferated, from cell phone signals to dongles. One such gateway is the standard OBD-II port found under the steering wheel historically used for onboard diagnostics. Today, hundreds of after-market devices use the port, whether to monitor driving for insurance needs or provide conveniences like safety alerts.

“The security of these devices is important, as it can provide an attacker with a means of accessing vehicle systems and driver data remotely,” warned the in a March 2016 bulletin on risks to motor

Carmakers are also building walls between non-crucial infotainment systems and driving controls so that any breach is blocked before it could compromise key functions like brakes.

The first step the industry is tackling is intrusion detection, said Lanctot. But what to do when a breach detected is complicated, because shutting off parts of a car could be unsafe, he said. 

was first to champion “over-the-air” technology in which wireless software updates are sent remotely to Although some have argued such updates are a way in for hackers, and others see them a key protection to upgrade security and repair vulnerabilities quickly. 

In January, US lawmakers introduced a bill calling for standards for new but so far US regulators have issued recommendations, not rules, on how carmakers should shield their computer systems from hackers.

The industry is “years away” from solving the problem, Lanctot said, noting that the first generation of built after the Jeep hack that include some kind of detection capabilities will not be seen until early in 2018.
image
Business Standard
177 22

CIA 'mission' on cars shows concern about next-gen vehicles

Cyber security is considered key to rollout of tomorrow's self-driving and today's connected cars

documents showing the US Central Intelligence Agency (CIA) considered a “mission” against connected car technology underscores auto industry concern that the science behind the next generation of could be turned against them.

is considered key to the rollout of tomorrow’s self-driving and today’s connected cars, which resemble computers on wheels with a host of communications routes that hackers could target. 

If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car.

“You have a lot of car companies trying to design to be better suited to automation, which means they’re more attractive to hackers,” said auto consultant Roger Lanctot of Strategy Analytics.

A major strategy for automakers is to reduce the number of communications gateways to crucial systems and to require services offered by third parties to go through a single secure path.

documents show the citing “vehicle systems” and a car operating system from QNX, owned by Blackberry, as “potential mission areas” for the CIA’s “Embedded Devices Branch” to consider.

The QNX operating system, which is used by most global automakers, provides a “a comprehensive, multi-level, policy-driven security model ... to mitigate attacks,” the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, “security is only as strong as its weakest link,” it said.

While the CIA's interest in brought widespread attention, the industry has already received wakeup calls about cars’ potential to be hacked.

Researchers in 2015 used a wireless connection to turn off a Jeep Cherokee’s engine, prompting a recall of 1.4 million by Fiat Chrysler Automobiles.

In September last year, Chinese researchers hacked a Model S sedan, remotely tapping the brakes and popping the trunk. The electric carmaker subsequently patched the bugs using an over-the-air fix. did not respond to a request for comment on its protocol. 

The hacking of the Jeep and the “brought it home to the industry that even if its improbable it’s technically possible,” said Mark Wakefield, global co-head of the automotive practice at AlixPartners. 

If a car was seen as vulnerable, it “could be a big brand problem,” Wakefield said. Hacks could also expose private information shared between car and third parties — credit card numbers, account numbers or passwords — to theft.

A January survey by the University of Michigan’s Transportation Research Institute found that 33 per cent of respondents said they were “extremely concerned” over hacking of full self-driving to cause crashes.

The number of ways into has proliferated, from cell phone signals to dongles. One such gateway is the standard OBD-II port found under the steering wheel historically used for onboard diagnostics. Today, hundreds of after-market devices use the port, whether to monitor driving for insurance needs or provide conveniences like safety alerts.

“The security of these devices is important, as it can provide an attacker with a means of accessing vehicle systems and driver data remotely,” warned the in a March 2016 bulletin on risks to motor

Carmakers are also building walls between non-crucial infotainment systems and driving controls so that any breach is blocked before it could compromise key functions like brakes.

The first step the industry is tackling is intrusion detection, said Lanctot. But what to do when a breach detected is complicated, because shutting off parts of a car could be unsafe, he said. 

was first to champion “over-the-air” technology in which wireless software updates are sent remotely to Although some have argued such updates are a way in for hackers, and others see them a key protection to upgrade security and repair vulnerabilities quickly. 

In January, US lawmakers introduced a bill calling for standards for new but so far US regulators have issued recommendations, not rules, on how carmakers should shield their computer systems from hackers.

The industry is “years away” from solving the problem, Lanctot said, noting that the first generation of built after the Jeep hack that include some kind of detection capabilities will not be seen until early in 2018.

image
Business Standard
177 22