
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p style=\"font-weight: 400;\">Automotive manufacturers must design resilient and safety-critical systems with an attacker’s perspective in mind. Wi-Fi systems have been shown to be the weak spot when attacking infotainment and console systems, as seen in a <a href=\"https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/\" data-saferedirecturl=\"https://www.google.com/url?q=https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/&source=gmail&ust=1620215295845000&usg=AFQjCNEikX4ltfEDAkyOari0MITfmDmUqA\">different vulnerability found</a> last year in a 3<sup>rd</sup> party WiFi component used by Tesla. These systems are usually provided by 3<sup>rd</sup> party vendors (whether commercial or open-source), and contain a lot of complex network processing code, which is more prone to vulnerabilities. As such, they are an inherent and ongoing risk for users of modern infotainments, as they need to either provide a WiFi hotspot or connect to a mobile phone.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unfortunately, manufacturers have a hard time detecting these vulnerabilities. This newest example is an unknown, zero-day vulnerability (as opposed to a known one) in 3<sup>rd</sup> party software they use. Attackers commonly look for vulnerabilities in 3<sup>rd</sup> party software such as OSS components and then exploit them to control the device that uses them, in this case, the Tesla infotainment.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Manufacturers need to invest in the early detection of vulnerabilities, particularly given the large number of 3<sup>rd</sup> party components used in the modern car. The most efficient, scalable way to do this is to employ automated security tools to scan 3<sup>rd</sup> party software components in their source or binary form for unknown, zero-day vulnerabilities (not CVEs). Bug-bounty programs, using manual research methods, can also help identify specific issues.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unless car manufacturers start tackling this vulnerability problem head-on, we believe there will be significant repercussions for automotive security and safety, especially in autonomous vehicles. This particular vulnerability is a rather ordinary buffer-overflow vulnerability that could have been detected by existing automated code analysis tools. It is this kind of low-hanging fruit that should be dealt with to raise the bar for attackers.</p>