Imagine your tooling down the freeway in your fancy new car when suddenly it’s being commandeered by hackers, who demand ransom or they will steer you into oncoming traffic. If you try to pull over, you can’t, the steering wheel is no longer under your control. You slam on the breaks, but get no response. This may sound like a script for some futuristic doomsday movie, but it’s more real than anyone would like to imagine. This scenario was actually played out by researchers Charlie Miller and Chris Valasek, who in 2014, hacked a vehicle and took over its operation.
Now an even more ominous threat reveals itself, in a new 60-page automotive report, Cyber Security in the Connected Vehicle. The report is covered in a recent Network World article that says the detailed study of car cybersecurity delves into all aspects of IoT (Internet of things) vehicle vulnerability including types of exploits, various attack surfaces, hacker heat maps and more. According to the article, experts predict that my 2020, 75% of all cars shipped globally will be “connected cars”, meaning they will be vulnerable to a cyber-attack.
Perhaps the most revealing part of this report is that the threat goes beyond taking over some operations in your car; what hackers are really after is your data. Believe it or not, your personnel data may be accessed by hacking into your automobile and one of the main attack surfaces will be your Bluetooth. As the report says, “Services that involve financial transactions will be a prime target, and here the supporting infrastructure is at least as much an attack point as the in-vehicle parts.” Bluetooth is one of the infrastructures they’re talking about and according to researcher Keigo Haataja, attackers can use powerful directional antennas that can increase a cyber criminal’s ability to scan and eavesdrop on Bluetooth conversations.
Miller and Valasek have also named Bluetooth as one of the biggest and most viable attack surfaces in today’s automobiles, citing the complexity of the protocol it uses. This is not news because as early as 2002, SANS was warning of inherent security issues with Bluetooth. Now that this technology is integrated with your car, your phone, your tablet and countless other devices – even hearing aids – the opportunities for hackers seem endless.
The IoT and the trend toward connecting all of us with our devices and each other does not look to be waning. And with connectedness comes the inevitable upsurge in data movement, increasing the potential for a data breach.The conveniences these developments bring sometimes makes us forget their vulnerabilities. That’s why choosing security that provides visibility across all Web traffic and continuous monitoring is critical. Monitoring data movement with the ability to analyze and interrupt suspicious transfers are critical capabilities that should be part of every organization’s security strategy.