As real life catches up with fiction and the UK gives the go-ahead for driverless vehicle testing on public roads[i], Eugene Kaspersky, CEO and Chairman of Kaspersky Lab, calls on business and the IT security industry to join forces to protect connected vehicles from emerging cyber-threats.
“We cannot afford to wait until the first attack takes place,” says Kaspersky. “This is about saving people’s lives. The real-time tracking, detecting, analysing and neutralising of cyber-threats that is currently in place for computers and mobile devices will not be enough on its own. Incidents will take just seconds to disable or destroy a vehicle. We have to find and close the vulnerabilities now before the technology is integrated extensively into mass market vehicles.”
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
Fictional cyber attacks have featured in Hollywood plots as far back as 1983 when in War Games a student hacked military computers and in the process almost started WWIII. Later on, Live Free or Die Hard saw cyber terrorists hack the FBI, creating a crippling cyber-warfare attack on national infrastructure. More recently, viewers of Homeland saw terrorists gain access to the U.S. Vice President’s pacemaker, accelerating his heartbeat and inducing a heart attack. Whilst these may seem implausible plots, they are far from a distant reality. In fact, former U.S. Vice President Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities to thwart possible assassination attempts. Global reliance on technology requires heightened awareness of the risks associated with it. Cyber criminals are exploiting technology for their gain, and Kaspersky believes we need to wake up to the risks.
Kaspersky Lab analysts have undertaken a proof-of-concept study into the security of connected vehicles. The team[ii] discovered several areas of risk; by obtaining a vehicle owner’s identity credentials, thieves would be able to remotely unlock and take possession of the vehicle. And by intercepting and tampering with mobile communications and over-the-air software updates, cybercriminals could transmit malicious code or, in the worst case scenario, send new and dangerous instructions to the vehicle’s software systems.
“In theory a vehicle could suddenly fail or be taken over, and there is nothing the driver or passengers could do about it,” says Kaspersky. “Our research reveals basic failures in data encryption and password protection that, quite literally, leave the door open to criminals.
[wp_ad_camp_4]
“Everyone involved in the creation of a connected vehicle – including IT security leaders and policymakers – need to collaborate to ensure such points of weakness are addressed before the vehicle makes it onto the roads. Time is of the essence. The one thing we can be sure of is that however fast we go, the hackers will be just a few steps behind us.”
About Kaspersky Lab
[i] From July 2014. https://www.gov.uk/government/news/uk-government-fast-tracks-driverless-cars
[ii] Connected Cars are now a reality – but are they secure?, Kaspersky Lab and the IAB, Spain, July 2014. http://www.kaspersky.com/about/news/events/2014/Connected-cars-are-now-a-reality-but-are-they-secure
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.