In automotive cybersecurity news are the Securing Mobility Summit,
Secure Your Future with Securing Mobility Summit in LA
Have you always wondered what it’s like to actually hack into a car’s computer to control steering, braking, acceleration, or communications systems? Thanks to GRIMM now you can, and it doesn’t require any hacking skills.
“3PO” is GRIMM’s mobile car hacking lab. Since nearly every modern car is Internet-connected, you no longer need physical access to break out of, or break into a vehicle. Hackers prove vehicles are not only insecure from a cybersecurity perspective, but because of that, also unsafe. From controlling the steering, accelerating, braking, and communications, this presents an extremely large attack surface.
As automotive original equipment manufactures (OEM) and their Tier 1 direct suppliers have become more aware of the threat, their need for end-to-end hardware and software vulnerability assessments has grown. In an industry where most companies just tell you you have a problem, we created 3PO to actually demonstrate the problem, as well as raise awareness and help train folks while at conferences and exhibits.
The Securing Mobility Summit kicks off AutoMobility LA 2018 on Monday Nov 26, 2018 at the LA Convention Center. We expect up to 200 attendees including global media and executives from the automotive OEMs and Tier One suppliers for our day-long Summit including a networking breakfast and our Emerging Security Technologies Speed Lunch.
Regular admission is $249, AUTO Connected Car Readers who use the coupon code ACCN2018 and it get a 10% discount.
Thales nShield
Thales, a leader in critical information systems, cybersecurity and data security, announces its nShield hardware security modules (HSMs) now support Edwards and Brainpool elliptic cryptographic curves (ECC) to meet the security and data integrity requirements for the latest connected cars, FinTech, and enterprise-class IoT solutions.
Support for Edwards and Brainpool ECC and new secure logging capabilities are available in the latest version of Thales nShield Hardware Security Modules (HSMs).
Synscort Joins Hyperledger Blockchain
Syncsort, the global leader in Big Iron to Big Data software, announced that it has joined Hyperledger, an open source collaborative effort to advance cross-industry blockchain technologies hosted by the Linux Foundation. As a member, Syncsort will leverage its Syncsort Integrate data integration and data quality software and expertise to help support development of the shared technology resources while accelerating innovation through open source leadership and participation.
While investments in blockchain are growing, especially in the financial world and supply chains, it still faces significant challenges. Aside from the fact that many have a narrow view of blockchain (associating it only with bitcoin), there are technological investments needed around governance, scalability of the platform and usability. With Hyperledger, Syncsort will tackle the challenge of data preparation, enrichment and movement on and off blockchain.
Ohmio & Arilou For Autonomous Buses
Ohmio Automotion Ltd and Arilou Information Security Technologies Ltd., concluded an agreement about deployment of cybersecurity solutions in a new generation of autonomous buses. As part of the agreement, Arilou will protect the in-vehicle network with the incorporation of their PIPS (Parallel Intrusion Prevention System) solution. Further on, NNG will also supply navigation solutions to the Ohmio autonomous buses.
Ohmio LIFT, a 20-person shuttle that can be extended to carry up to 40-person to operate on pre-determined routes without the need for a driver. It will provide services, similar to a tram, but with virtual rails, guided by a range of electronic systems.
Israel-based Arilou claims it is the only cyber security company in the world with a portfolio of cyber security solutions that offers perfect results: 100% detection rate, 100% prevention and zero false positives with its PIPS Multilayered security approach. It is tested by OEMs and institutions as the University of Michigan Transport Research Institute (UMTRI). The company believes that with its holistic approach, and its multi-layered solutions, full protection of the vehicles can be a reality.
New Automotive Cybersecurity Vulnerability Report
IOActive has released a new white paper, “Commonalities in Vehicle Vulnerabilities.”
The most common attack vectors for the vulnerabilities IOActive discovered are local and network. Local attacks require that an attacker already has a foothold on the system. This generally lowers the likelihood of the attack but often represents an attacker’s ability to elevate privileges or otherwise manipulate the system once they have gained access.- 34% Local
- 33% Network
- 14% Serial
- 8% Cell Network
- 8% USB
- 3% CAN Bus
The research is based on over 6,000 hours of work on vehicle hardware systems over the years, yielding the latest four takeaways:
-
In general, vulnerabilities have decreased in both impact and likelihood.
-
The most common attack vectors are internal software components and network-connected applications.
-
Hardening of local interfaces appears to be improving.
-
The most common vulnerability types are logic errors, as traditional memory corruption attacks are becoming less common.
Based on its findings, the best path forward is to continue diligently applying industry best practices for secure design and enforcing strong secure coding practices to help prevent easy-to-fix bugs in the first place.
SafeRide at Paris Motor Show
SafeRide Technologies, the first automotive cybersecurity company to offer a multi-layer deterministic and heuristic anomaly detection and threat prevention solution, announced the launch of its CAN Optimizer solution, to be demonstrated this week at the Paris Motor Show.
While uploading raw CAN data to the cloud enables advanced anomaly detection capabilities, the process consumes a significant amount of bandwidth. SafeRide’s CAN Optimizer dramatically decreases the bandwidth needed to do so by providing 98-99% reduction in data size, with a typical lossless compression ratio more than 15 times better than other compression algorithms that are currently on the market. This will greatly benefit OEMs and fleet managers by further helping to uncover unknown cybersecurity vulnerabilities, identifying malfunctions before they happen, and even detecting misuse and abuse of vehicles.
SafeRide will showcase its vSentry and CAN Optimizer solution with industry-leading partner, Irdeto, at the Paris Motor Show on October 1-6.
SUBSCRIBE
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.