Cybersecurity researchers from Tripwire commented this morning on news that Fiat Chrysler has issued a voluntary recall of 1.4 million vehicles due to a remote hacking vulnerability.
Tim Erlin, Director of IT Security and Risk Strategy at Tripwire :
“Software patches for vehicles aren’t new, but the demonstration of this vulnerability was clearly attention grabbing.
The risks of the connected car lie in the ability to affect the operations of the vehicle from the outside world. The good news is that secure software development isn’t a novel concept. There are known best practices that can be applied to automotive software as well. Fiat Chrysler has an opportunity to use this incident to pioneer software security for the automotive industry.
A recall has very real, material costs for an automotive manufacturer. Experiencing an urgent recall for a security patch to the vehicle’s software is likely to drive changes around how software is updated for all manufacturers. While new update methods can be built into new vehicles, there are millions of cars already on the road to consider as well.
The security of vehicle software is now a safety issue, and manufacturers will need to adapt to treat it as such. This won’t be the last patch we see for a car near you.”
Ken Westin, Senior Security Analyst for Tripwire :
“Although the hacking of the Jeep by Miller and Valasek seems quite scary, the actual possibility of this vulnerability being used in a real attack is slim. However, as the researchers in this case worked closely with Chrylser to provide detailed information regarding the vulnerability, they were able to develop a patch to fix the security vulnerability in the vehicle systems. As this is still a relatively new area of security research, we will begin to see more vulnerabilities in vehicle systems, as such car manufacturers will need to develop safe and secure methods of updating software in these systems, either through dealerships or possibly even remotely, however the later could introduce more vulnerabilities into these systems.
Over the years in automobile manufacturing there has been a goal to build safe and reliable vehicles with a key goal to have their brand names associated with these two elements as they compete in the marketplace for sales. With increasingly connected and high tech components being added to these vehicles, they will need to add security to mix in order to retain their brand integrity. You can develop that most advanced vehicle that has all of the latest safety features and high tech gadgets in it, but if it can be bricked by remote exploits, you are going to have wary consumers who may choose the next brand of vehicle because they put more emphasis on security. The automotive industry understands the importance of security and they are not only working with researchers, but also each other to help develop standards and best practices for more secure vehicles and the work that researchers are doing like Miller and Valasek is actually helping to make our vehicles more secure in the future.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.