Cybersecurity Insights

Richard Jones

Automotive Cyber Security – how cyber-secure is your car?

22/07/15 11:50

Today it’s been published that a car has had its systems hacked into and been forced off the road, with the unfortunate driver ending up in a ditch, reportedly caused by a software vulnerability in the entertainment and navigation system being exploited to allow remote control of key functionality of the vehicle.

It’s worth bearing in mind that cars are far from infallible when it comes to ‘vulnerabilities’. Every year dozens of manufacturer recalls are issued to address faults that have been identified, some of which have been proven to have had fatal consequences. That said, the onus to fix the problems always lies with the manufacturer, the owner simply required to return the vehicle to a local dealer.

In the cyber world, things are a little different.

Firstly, vulnerabilities are being discovered at an alarming rate.  Secondly, the ‘recall’ is replaced by the issuance of a ‘patch’ or maintenance release whereby the responsibility is on the systems owner to effect the required update. The net effect is that many systems remain at risk long after the original vulnerability was identified and are duly exploited by hackers seeking out such known weaknesses.

It could be argued that there exists a parallel universe where, to the cyber security industry, this sort of stuff is absolute common sense - basic hygiene, just like cleaning your teeth before you go to bed.  But for a small business that lives and dies by sales, marketing and the bottom line, basic cyber security hygiene is generally not something that is considered on a daily basis.

With over 99% of UK businesses being defined as “small” and employing less than 10 people, it is highly unlikely one of them will be a resident cyber security expert and therefore even less likely that they are taking care of their cyber security.

We have gotten used to a cyber-world that divests responsibilities for its flaws onto those who use the affected systems. Generally, if your car develops faulty brakes you are sent a notification and brief instructions on how to repair the fault.

Going back to the era of DIY car maintenance, this would not have been a problem. We were all used to getting our hands greasy from time to time and for many they would have relished the challenge. The reality is that this didn’t happen, automotive recalls have been around for years and the industry has very much got used to putting right its own mistakes. This does however beg the question - are we about to see a cross over? A situation where the burden of responsibility falls onto the driver (user?), to update the software controlling his or her vehicle?

Hacking into an entertainment system and switching channels could be considered mildly amusing, however when one considers the systems that actually control the car itself, it begins to get a whole lot more serious!

Do we start to see cyber security technology embedded into the vehicles themselves?

As more day-to-day electronics come online, we will be increasingly exposed to a whole new wave of vulnerabilities, whose impact could be significantly more catastrophic than identity theft or fraud.

Expecting users to maintain their own systems will simply not be viable in the future. Will MOT’s of the future ultimately be supplemented by a penetration test? And will mechanics need to be cyber-technology skilled too?

Whilst one ponders on the future of cyber motoring, there remains a persistent threat to SME e-commerce businesses. Indeed it is that self-same reliance on them to undertake cyber security DIY, in much the same way as we used to maintain our cars.

As a leading qualified investigator to the payments industry, Foregenix sees at first hand the consequences of under maintained e-commerce platforms. A reliance, as one would expect on a myriad of variously qualified 3rd parties and a lack of internal skills, let alone time makes for a dangerous cocktail of risk!

Which is why we have developed FGX-Web, a solution designed to provide a protective, multi-layered security solution which serves to protect online businesses whether or not they are up-to-date with all their security patches. By monitoring for unexpected behaviour patterns, FGX-Web defends SME’s from the attacks that are most likely to undermine their businesses and perhaps most importantly of all it helps protect their reputation and the customers that use them.  


Tags: Web Security