Security of connected vehicles by Synacktiv

Security-of-connected-vehicles-by-Synacktiv

As the automotive industry continues to produce increasingly con-nected vehicles, a new range of risks and security concerns arise. Some of these risks exist since years but are now taking a new dimension as
car technologies evolve. As early as 2014, security researchers have been concerned by the automotive field [4] and the impact of connectivity in those product. One particularity of automotive security if that there are a wide range of attacker profiles, each exploiting different parts of the car. One of the main risks with connected cars is car theft, which has always been a concern even for non-connected cars. But attacks on connected cars that enable theft can now be executed on a larger scale and with greater ease.

A recent study [3] revealed that there are real-world attacks using CAN injection to steal cars by connecting a device to the CAN bus at a convenient, easily accessible location. Keyless entry systems are more and more common in modern vehicles. Therefore, car theft through relay attacks on this system is a common problem, and there are many public researches on that. Another important risk is the vehicle safety, car components are connected together through various CAN buses. By gaining access to these
buses through hardware modification or by software attacks, attackers may affect the safety of the vehicle and cause people injuries or material damages.

The infotainment system has become one of the main component of modern cars, its screen provides many features: car control, internet connection, access to many external services. Like smartphones, this
system contains many personal data: accounts credentials, connection tokens, browsing history, navigation history and even tokens to open the owner’s garage. Gaining access to these data can facilitate attack that extend beyond the vehicle itself, and can also be used to track the vehicle position or for espionage activities.

Modern cars like Tesla ones also have many limitations enforced by software. For example, some features like advanced autopilot can be purchased during the vehicle life and do not require hardware modification or going to a service center. Bypassing these limitations (hardware and software) has always been the passion of some people, and they are sharing their findings to a large community. That kind of modifications (or attacks in some cases) must be taken into account by the car manufacturer in its security model.

Security-of-connected-vehicles-by-SynacktivDownload
Facebook
Twitter
LinkedIn
Pinterest
Constanza Rodriguez

Constanza Rodriguez

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

Threat Hunting Survival Guide by Microsoft Security Experts
Threat Hunting Survival Guide by Microsoft Security Experts
Threat Hunting for Dummies
Threat Hunting for Dummies
The Perfect Weapon – WAR, SABOTAGE and FEAR in the Cyber Age by David E. Sanger
The Perfect Weapon – WAR, SABOTAGE and FEAR in the Cyber Age by David E....
DDoS Attack Threat Landscape trend from Q2 2022 by CLOUDFLARE
DDoS Attack Threat Landscape trend from Q2 2022 by CLOUDFLARE
Building a Cybersecurity and Privacy Learning Program
Building a Cybersecurity and Privacy Learning Program
Cybersecurity Salary for US market and Recruiting Trends Guide 2023 by Stanton House
Cybersecurity Salary for US market and Recruiting Trends Guide 2023 by Stanton House
Nmap for Pentesters – A Beginners Guide By Ignite Technologies
Nmap for Pentesters – A Beginners Guide By Ignite Technologies
Shodan for Penetration Testers
Shodan for Penetration Testers
100 Days of Cyber Security Weekly Learning Journey
100 Days of Cyber Security Weekly Learning Journey
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams