Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Jeep Cherokee once again proven to be as secure as Office of Personnel Management at Black Hat USA

by The Gurus
August 12, 2016
in Editor's News, News
Share on FacebookShare on Twitter

Hacking IoT devices and smart objects is always making headlines. After all, we use these devices to simplify our lives – so having their processes interrupted, hijacked or used against us is a real nightmare. However, hacking a thermostat is one thing; hacking a car is another.
At this year’s Black Hat in Las Vegas, experts once again showed that the Jeep Cherokee is vulnerable to the whims of cyber-crims. Researchers sent false messages to the car’s internal networks, overriding the legitimate ones. They could then steer, brake and speed up the vehicle. It was the same researchers, Charlie Miller and Chris Valasek, who infamously hacked a Jeep whilst on the highway just over a year ago.
Speaking to IT Security guru, Brian Spector, CEO at MIRACL, said that “The Jeep hacks demonstrate the serious problem of verifying the identities of people using the connected devices within today’s cars. Having very limited encryption, identity management and data protection within such a powerful computer is extremely dangerous and poses a real and serious threat to everyone using our roads today. Move forwards to the increasing trend for driverless cars, and the potential fallout from this lack of authentication becomes even more frightening.”
But in terms of preventing this from happening in future, what can carmakers do? Spector told us that “For connected cars to become more secure, relationships must be established within the components of a vehicle, to ensure that only a legitimate operator can control the connected devices within a car. If a hacker then tried to take control of one of the on-board systems, their identity would not be verified and access would be denied.  The current security checks often fail because they rely on slow, centralised identity verification services. To connect the components more quickly and autonomously, manufacturers should deploy a distributed trust model which allows for fast pre-authorisation, and removes the roadblock of a centralised service.”
But are car manufacturers taking cyber security seriously enough?
Richard Kirk, Senior Vice President at AlienVault told us that “There is no evidence that car manufacturers are taking cyber security seriously. One has to assume that given the recent high profile car hacks, the manufacturers have changed the way that they approach security, however this is not being publicised. Perhaps they should be boasting about their work as no doubt savvy customers will soon start asking questions.”
So it appears consumers are going to have to start getting serious about security or face all manner of cyber-risks. This isn’t a shift that happens overnight, so there need to be things car owners can start to do now to help start the good habits of personal security and such that’ll prevent them falling victims to such a hack.
Kirk advised us that “Car owners should apply the same rules that they follow, or should be following, for their computers and smartphones. Use hard to guess passwords, do not share passwords and do not give anyone access to your car app or portal account. There is not much they can do otherwise since the car manufacturers control the car systems. For the example, unlike a PC or laptop, you cannot install a firewall in your car, although ironically cars do have physical firewalls between the engine and the passenger compartment, to literally protect the passenger against an engine fire.”
So if this happens again, where will responsibility and liability ultimately fall on for cyber-attacks to cars, especially when another car is involved? Is it a problem for the car company, the insurer, or the driver themselves?
Kirk told us that “This will depend on the country and legal jurisdiction, as well as the contractual terms of both the car purchase and insurance. It will probably take some time for cyber incidents to be challenged in court before clear lines of responsibility become clear. If insurance companies take the initiative and start including cyber cover in their policies, they could benefit from being seen to protect drivers, however cyber insurance is not a well understood business.”

FacebookTweetLinkedIn
Tags: AlienVaultcar hackingdoor lockingdriverless carsidentity managementiot securityjeepjeep cherokeeMIRACLsmart vehiclessteeringvehicle
ShareTweetShare
Previous Post

Gartner Says Worldwide Information Security Spending Will Grow 7.9 Per Cent to Reach $81.6 Billion in 2016

Next Post

Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information