Half of Vehicle Vulnerabilities Could Allow Cyber Attackers To Take Control

Three-year study by IOActive that has found half of vehicle vulnerabilities could allow cyber attackers to take control of a vehicle – and 71% are ‘easy to exploit’  Jon Geater, CTO, Thales e-Security commented below.

Jon Geater, Chief Technology Officer at Thales e-Security:

“With around 100 million lines of code and the computing power of over 20 PCs combined, today’s vehicles have more in common with the iPhone than the Ford Escort. Increased complexity and connectivity demands advanced security approaches to ensure safe operation and protection of sensitive data – and this study only raises fresh questions regarding how secure connected cars really are from cyber-attackers.

“To help defend against certain cyber-attacks, and protect the integrity of the supply chain, connected components require clear authentication processes. While vehicle OEMs and their suppliers have recognised that cryptographically-based digital signatures provide the strongest form of authentication, this also necessitates the management and protection of certificates and the underlying keys. The rapid increase in connected components has created the need for broad-scale secure key management, supported by a public key infrastructure (PKI).

“Adding even further complexity, vehicle-to-vehicle and vehicle-to-infrastructure (V2X) communications, although first introduced in 2017 production vehicles, will soon become the norm, requiring manufacturers to identify and implement the necessary technologies to protect drivers, passengers and the wider community from cyber-attackers.”