Five best practices for securing the connected car: Page 3 of 5

October 14, 2015 // By Jean-Pierre Joosting
Five best practices for securing the connected car
The automotive industry is abuzz with the high-profile hack of a Jeep Cherokee by security researchers Charlie Miller and Chris Valasek. Miller and Valasek exploited a weakness in Fiat Chrysler’s UConnect system that allowed hackers who know a vehicle’s IP address to remotely control the vehicle – including disabling the brakes, disengaging the transmission and more.

Based on Movimento’s decades of experience programming and reflashing cars and components for many automakers and Tier 1 suppliers, here are five best practices to keep in mind when securing the connected car.

(1) Encrypt car’s wide area network communications

Encrypting network communications has long been a method to protect against data theft and guarantee confidentiality, and yet only in February of this year BMW pushed an OTA software update to 2.2 million BMW, Mini and Rolls-Royce cars equipped with their ConnectedDrive system to implement encryption for car communications.

BMW’s “in the clear” transmission of data was uncovered by a group of hackers from Allgemeiner Deutscher Automobil-Club (ADAC), a German auto club, who set up rogue cell sites to which the test vehicles automatically connected. Once in, hackers were able to lock and unlock doors, access the navigation and entertainment system, and change environmental settings.

(2) Don’t let components software update each other

Viruses frequently spread within information systems by first finding a foothold, then scanning the network for insecure devices that they can infiltrate. One of the ways to stop this type of wildfire is to prevent vehicle Electronic Control Units (ECUs) from software updating aka reflashing each other.

Reflashing matters because some of the most dangerous viruses infect a computer’s BiOS or other root vectors, which are often exposed at startup. Preventing ECUs that become infected from spreading the infection to others is a primary line of defense.

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.