Chinese researchers have managed to control the brakes, lights and mirrors within a Tesla Model S from afar, while the cars are moving and up to 20 kilometres (12 miles) away. Brian Spector, CEO at MIRACL commented below.
Brian Spector, CEO at MIRACL:
“These hacks demonstrate the serious problems around identity verification in today’s connected cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today. Move forwards to the increasing trend for driverless cars, and the potential fallout from this lack of authentication becomes even more frightening.
For connected cars to become more secure, relationships must be established within each and every component within a vehicle, to ensure that only a legitimate operator can control the connected devices within a car. Given the huge number of components in connected cars, hackers usually find a pathway by following a ‘weakest link’ scenario which attacks the easiest point of entry to the vehicle. This problem is compounded by the array of parts that comprise a vehicle, and the lack of a security protocol that ensures they will all work together safely and securely.
The current security checks often fail because they rely on slow, centralised identity verification services. To connect the components more quickly and autonomously, manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service.
All of this requires a serious system upgrade and a greater drive for security awareness among manufacturers as well as consumers who use connected cars.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.