Up to 100 million cars could be unlocked and potentially stolen by simply copying the radio frequency used in remote control locking systems, computer scientists say. IT security experts from MIRACL and AlienVault commented below.
Brian Spector, CEO at MIRACL:
“For connected cars to become more secure, relationships must be established within the components of a vehicle, to ensure that only a legitimate operator can control the connected devices within a car. If a hacker then tried to take control of one of the on-board systems, their identity would not be verified and access would be denied.
“The current security checks often fail because they rely on slow, centralised identity verification services. To connect the components more quickly and autonomously, manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service.
“All of this requires a serious system upgrade and a greater drive for security awareness among manufacturers as well as consumers who use connected cars. Drivers are going to need to get up to speed very quickly if they are going to take responsibility for cyber security within their own vehicles.”
Richard Kirk, Senior Vice President at AlienVault:
“Car owners should apply the same rules that they follow, or should be following, for their computers and smartphones. Use hard to guess passwords, do not share passwords and do not give anyone access to your car app or portal account. There is not much they can do otherwise since the car manufacturers control the car systems. For the example, unlike a PC or laptop, you cannot install a firewall in your car, although ironically cars do have physical firewalls between the engine and the passenger compartment, to literally protect the passenger against an engine fire.”
“Responsibility and liability may fall on the car manufacturer, insurer or driver themselves, depending on the country and legal jurisdiction, as well as the contractual terms of both the car purchase and insurance. It will probably take some time for cyber incidents to be challenged in court before clear lines of responsibility become clear. If insurance companies take the initiative and start including cyber cover in their policies, they could benefit from being seen to protect drivers, however cyber insurance is not a well understood business.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.