BREAKING

Friday, July 18, 2014

Internet-Connected Cars Vulnerable to Cyber Attacks - Kaspersky Lab


Wazzup Pilipinas!

Internet-connected cars are now becoming a reality and various international studies show that their market will continue to grow in the near future. But this emerging trend in the automotive industry can also become a new vehicle for cybercrimes, according to a leading developer of secure content and threat management solutions Kaspersky Lab.

Announcing the First Annual Connected Cars Study that seeks to provide an overview of the connected car market, Kaspersky Lab said motorists can no longer ignore safety concerns about the communications and Internet services included in the new generation of connected cars.

Kaspersky Lab said privacy, software updates and car-oriented mobile applications in Internet-connected cars are three areas where cybercriminals could potentially launch attacks.

"Connected cars can open the door to threats that have long existed in the PC and smartphone world," said
Vicente Diaz, the Principal Security Researcher at Kaspersky Lab who developed a proof of concept to analyze the safety implications of connecting these cars to the Internet.

"For example, the owners of connected cars could find their passwords are stolen. This would identify the location of the vehicle, and enable the doors to be unlocked remotely. Privacy issues are crucial and today’s motorists need to be aware of new risks that simply never existed before," Diaz explained.

Kaspersky Lab findings are somewhat timely for the Philippines. According to a study released by market intelligence company Transparency Market Research, Asia-Pacific will be the fastest growing region in terms of connected cars.

"If this business forecast comes true, then Asia-Pacific countries like the Philippines must brace for cyber attacks on Internet-connected cars," said Jimmy Fong, Channel Sales Director of Kaspersky Lab SEA.


Kaspersky Lab’s proof of concept, which was based on analyzing BMW’s ConnectedDrive system, found several vulnerabilities to potential attacks:


Stolen Credentials

Information needed to access BMW’s website can be stolen by using familiar means like phishing, keyloggers or social engineering. These methods could result in unauthorized third-party access to user information and then to the vehicle itself. From here, it is possible to install a mobile app with the stolen credentials and enable remote services before opening up the car and driving it away.


Mobile Application

By activating mobile remote opening services on a phone, a new set of virtual keys for your car are created. This could give anyone who steals your phone instant access to your vehicle. With the stolen phone, it would be possible to change database applications and bypass PIN authentication, making it easy for a cyber-attacker to activate remote services.


Updates

Bluetooth drivers are updated by downloading a file from the BMW website and installing it from a USB. The downloaded file, which is not encrypted or signed, contains a lot of information about the internal systems running on the vehicle. This could give a potential attacker access to the targeted environment and could also be modified to run a malicious code.


Communications

Some functions communicate with the SIM inside the vehicle using SMS. Hence, breaking into this communication channel makes it possible to send "fake" instructions, depending on the operator’s level of encryption. In a worst-case scenario, a criminal could replace BMW’s communications with his/her own instructions and services.

Kaspersky Lab said it is essential to analyze these different vectors that could result in cyber-attacks, accidents or even fraudulent maintenance of the vehicle.

With its First Annual Connected Cars Study, Kaspersky Lab aims to bring some unity to the highly fragmented software ecosystem currently offered by car manufacturers.

The study was conducted by Kaspersky Lab in collaboration with IAB Spain, Applicantes and Motor.com.

About ""

WazzupPilipinas.com is the fastest growing and most awarded blog and social media community that has transcended beyond online media. It has successfully collaborated with all forms of media namely print, radio and television making it the most diverse multimedia organization. The numerous collaborations with hundreds of brands and organizations as online media partner and brand ambassador makes WazzupPilipinas.com a truly successful advocate of everything about the Philippines, and even more since its support extends further to even international organizations including startups and SMEs that have made our country their second home.

Post a Comment

Ang Pambansang Blog ng Pilipinas Wazzup Pilipinas and the Umalohokans. Ang Pambansang Blog ng Pilipinas celebrating 10th year of online presence
 
Copyright © 2013 Wazzup Pilipinas News and Events
Design by FBTemplates | BTT