As real life catches up with fiction and the UK gives the go-ahead for driverless vehicle testing on public roads[i], Eugene Kaspersky, CEO and Chairman of Kaspersky Lab, calls on business and the IT security industry to join forces to protect connected vehicles from emerging cyber-threats.
“We cannot afford to wait until the first attack takes place,” says Kaspersky. “This is about saving people’s lives. The real-time tracking, detecting, analysing and neutralising of cyber-threats that is currently in place for computers and mobile devices will not be enough on its own. Incidents will take just seconds to disable or destroy a vehicle. We have to find and close the vulnerabilities now before the technology is integrated extensively into mass market vehicles.”
Fictional cyber attacks have featured in Hollywood plots as far back as 1983 when in War Games a student hacked military computers and in the process almost started WWIII. Later on, Live Free or Die Hard saw cyber terrorists hack the FBI, creating a crippling cyber-warfare attack on national infrastructure. More recently, viewers of Homeland saw terrorists gain access to the U.S. Vice President’s pacemaker, accelerating his heartbeat and inducing a heart attack. Whilst these may seem implausible plots, they are far from a distant reality. In fact, former U.S. Vice President Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities to thwart possible assassination attempts. Global reliance on technology requires heightened awareness of the risks associated with it. Cyber criminals are exploiting technology for their gain, and Kaspersky believes we need to wake up to the risks.
Kaspersky Lab analysts have undertaken a proof-of-concept study into the security of connected vehicles. The team[ii] discovered several areas of risk; by obtaining a vehicle owner’s identity credentials, thieves would be able to remotely unlock and take possession of the vehicle. And by intercepting and tampering with mobile communications and over-the-air software updates, cybercriminals could transmit malicious code or, in the worst case scenario, send new and dangerous instructions to the vehicle’s software systems.
“In theory a vehicle could suddenly fail or be taken over, and there is nothing the driver or passengers could do about it,” says Kaspersky. “Our research reveals basic failures in data encryption and password protection that, quite literally, leave the door open to criminals.
“Everyone involved in the creation of a connected vehicle – including IT security leaders and policymakers – need to collaborate to ensure such points of weakness are addressed before the vehicle makes it onto the roads. Time is of the essence. The one thing we can be sure of is that however fast we go, the hackers will be just a few steps behind us.”
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
[i] From July 2014. https://www.gov.uk/government/news/uk-government-fast-tracks-driverless-cars
[ii] Connected Cars are now a reality – but are they secure?, Kaspersky Lab and the IAB, Spain, July 2014. http://www.kaspersky.com/about/news/events/2014/Connected-cars-are-now-a-reality-but-are-they-secure