New car firms such as Tesla are promoting increasingly high-tech features that require a connection to the internet, which has propelled cybersecurity in connected vehicles forward as a major safety feature. Last year, Chinese security researchers from Keen Security Lab successfully managed to hack a Tesla Model S from 12 miles away. By focusing on Tesla’s on-board software, the hack targeted the car’s controller area network, or CAN bus, which connects the chips found inside the cars. In this hack, the Model S P85 and Model 75D were targeted. Tesla continued to make news in 2015 for safety concerns in cybersecurity of connected vehicles. In November 2016, security personnel from the Norwegian company Promon were able to use the Tesla’s Android app as an entry point to successfully hack the vehicle. What’s more, using the features in the app, the hackers were able to locate the vehicle, unlock it and drive away unhindered.
As GM CEO Mary Barra said in a keynote speech, “A cyber incident is a problem for every automaker in the world. It is a matter of public safety.” As Tesla, GM and many others continue to release connected vehicles, the dangers of cybersecurity are very real. In fact, more than half of the vehicles sold today are connected and vulnerable. This threat will only grow as manufacturers begin to release autonomous vehicles.
Cybersecurity in Connected Vehicles and Mobile Applications
While gaining access to, and being able to control or steal, a vehicle such as a Tesla is disturbing enough, it raises several concerns about not only cybersecurity in connected cars, but also the mobile applications that extend the features of these vehicles and others. In fact, mobile apps are quickly becoming the main target for malicious behavior. Over the last four years, there has been a 188 percent increase in the number of Android vulnerabilities and a 262 percent increase in the number of iOS vulnerabilities. In addition, according to Gartner, 75 percent of mobile apps would fail basic security tests.
Digging deeper, Veracode found that four out of five applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, implying that many web-based applications and websites contain security vulnerabilities. More than 80 percent of mobile apps on both the Android and iOS platform revealed cryptographic implementation issues. This attempt to protect and then doing it poorly highlights the importance of updated training and tools to aid these feature developers as they target secure and protected applications.
Recently, Android malware has become more stealth. Last year, in 2015, malware began to obfuscate code to bypass signature-based security software. Despite Google’s response to critical vulnerabilities and patches of critical issues in the Android OS, end users are still dependent on device manufacturers for these updates.
Tesla and other automobiles today can have the computing power of 20 personal computers and feature 100 million lines of programming code. While features such as web browsing, Wi-Fi access points and remote-start mobile phone apps, help to enhance the enjoyment of the vehicle, they also add more opportunities for advanced attacks. In real life, thieves are hacking keyless entry systems in the UK to steal cars, meanwhile, software recalls have doubled within the past year, and soon they will match mechanical recalls.
The mobile application industry is pushing forward a new level of interoperability that will require heightened security and privacy measures. App developers are in a position where they can reduce the number of vulnerabilities before the app ships. Auto manufacturers are also prioritizing cybersecurity in connected vehicles as a major safety feature to compete with features requiring connectivity.
This article originally appeared on Intertrust.com
Read more about how Intertrust’s suite of products helps automobile manufacturers address privacy and security in the age of the connected car.
Sign Up to Receive Beth’s Free Stock Predictions:
Sign up for my free newsletter on tech stocks. I write unique analysis on tech stocks predicts where tech stocks will go next. I publish fresh insights about 2-3 times per month featuring rare, in-depth analysis. This year, I predicted Facebook’s Q2 crash, Roku’s meteoric rise, Oracle’s slow decline and more. My newsletter subscribers are first to receive the information. Best of all, the newsletter is free. Sign Up Now. I look forward to staying connected.