Security researchers have warned drivers that internet-connected cars could be at risk of being stolen or remotely controlled as car makers rush out products without properly securing them. IT security experts from AlienVault and ESET commented below.
Javvad Malik, Security Advocate at AlienVault:
Security needs to be integrated into every stage of the software development lifecycle and all scenarios thoroughly tested internally, and by trusted third parties to ensure no vulnerabilities exist in the software.
In addition, monitoring controls should be built into the system to ensure integrity of the software, as well as to alert customers on any unusual activity occurring on the vehicle e.g. unexpected unlocking at odd hours.”
Mark James, IT Security Specialist at ESET:
Making sure the app developer makes it difficult to reverse engineer the app itself will stop the app hijackers from finding out key personal info and thus injecting their own code to do exactly as they need should be in its basic makeup. With most aspects of security it’s all about layered defences, checking to see if the device is rooted and if so, clearly warning the owner of the dangers if their device is compromised could help.
One way of protecting against an attacker compromising the app itself and injecting code to do their own bidding, would be to check its own integrity for unauthorised changes. If modified in any way then it would render itself useless, although frustrating it’s a lot better than trying to locate a stolen vehicle. Of course currently we are talking about proof of concept and what might happen but as more and more cars become controllable via apps then this is a very real threat that should be addressed at this early stage with the early adopters and not waiting until its standard across all platforms.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.