• 455 Martinson, Los Angeles
  • 8 (043) 567 - 89 - 30
  • support@email.com

Wednesday, April 13, 2016

How To Make Smartphones Safe For Your Kids

How To Make Smartphones Safe For Your Kids
How To Make Smartphones Safe For Your Kids

The safety of connected cars is now a major issue in computer security. Welcome to "the era of hacking as". In 2013, we alerted you to the beginnings of this "new frontier" of hacking. US researchers had taken control of the onboard computer of a vehicle by connecting to the internal network, the CAN bus. Then the hackers had managed to hack a car with their laptop, to control its brakes. But these attacks needed to physically connect to the car. Similarly, attacks against the contactless key need to connect to the port ODB (on board diagnostics), or at least to be in the vicinity of the car to pick up a radio signal.

Today, remote hacking

Everything changed in 2015, when Charlie Miller and Chris Valasek, researchers in computer security, have unveiled their way to take control of a Jeep Cherokee ... remotely. They exploited a flaw in the cellular connection used by Uconnect. This service enables some functions from their smartphone - turn off the engine, check the GPS curb. Miller and Valasek have managed to hack the "air gap" system meant to isolate the "physical" parts of the vehicle parts "connected" to the CAN bus. And if the hacking of the Jeep was only the beginning? Cars are increasingly connected. Or, just a flaw to access the CAN bus and the trip computer.

152 million "connected cars" in 2020

Uconnect is not the only service risk used by connected vehicle. It is the same for other embedded telematics systems such as OnStar or Ford Sync, which offer a range of remote controls. Supposed to "improve driving conditions", they need to send data to the car manufacturer. Onboard telematics is "the" weak point "smart" cars, far more than the services of "entertainment" connected, such as music streaming. Some institutions and accelerate the process: in 2013, the EU launched the system "eCall", to create in vehicles sold in Europe, an emergency call system in case of accident. A system that requires manufacturers to equip all new car a cellular connection. BI Intelligence estimates that by 2020, 75% of the 92 million cars manufactured worldwide will be connected. And according to IHS, one should then count 152 million "smart cars".

Cybersabotage: the FBI is sounding the alarm

In February 2016, a TU-Automotive report, "Cyber ​​Security in the Connected Vehicle", speaks of a "massive threat", pointing to two large "black spots". First, the complexity of the cars, which have electronic control units have 100 million lines of code. Then, the stored personal data, may "attract" the cyber crooks. There are only think of the "black boxes" - offered by insurance companies in exchange for a rebate, they monitor the "driving style" of the customer, collecting valuable information: the times when it rolls , its speed, geolocation. These risks of piracy and "cybersabotage" worried until FBI, which issued March 17 an "alert" facing the "threat" for connected cars. He says "security flaws may exist in the wireless communication features of a vehicle, on a cell phone or tablet connected to the vehicle via USB, Bluetooth or Wi-Fi, or at third connected devices on the diagnostic socket. "

Encryption, open source and kind hackers

The announcement of the FBI has the merit of raising public awareness, but the most important is how manufacturers will respond. There will always be loopholes, it is better to be prepared. Especially if we all use one day "autonomous cars" - could be hacked. Drivers are late, even if they start to move, like Tesla, which has created a team of hackers to secure its cars. The solution could be to strengthen the encryption of the vehicles, but also to work with hackers nice ... and make smart cars "open source". The flaws are "in the software code," said "Mrs. Smith" in Network World. Although the code lines are more numerous in a car than on Facebook, open source could reduce the risk of faults. "Keeping the secret source code does not protect the attacks: either the code is vulnerable, or it is not," said Philip Koopman, of Carnegie Mellon University.

No comments:

Post a Comment