Cybersecurity for drivers: how to avoid cyber attacks on connected cars?

At the beginning of January, the most serious global risks of 2018 were announced at the World Economic Forum in Davos . The four, immediately after the risks associated with extreme weather events, natural disasters and environmental degradation, included cyber attacks. Today, they are of greatest concern to entrepreneurs in advanced economies. The concern about cybersecurity is due to people's dependence on digital technology. By 2020, experts expect that humanity will use 20 billion connected devices, which certainly expands the possibilities for cyber attacks. Today, Bright Box’s CISO, Nikolay Agrinsky, talks about how to avoid cyber attacks on your connected car and how to secure customers of car manufacturers and car dealers.

Cars ceased to be physically independent of communications and networks at the end of the 20th century , and as the capabilities of the so-called connected cars expanded, the potential for cyberattacks increased. Today, IT technology development issues are not considered without taking this problem into account.

The Internet has changed the way you work with a computer, as today, the connection is changing the car as a whole and the road environment. When personal computers were just beginning to enter our lives, malware was a major information security problem. A computer virus could lead to data corruption, and sometimes damage the computer itself. No one thought about data theft or misuse of technology. Communication channels were very slow, and only "favorites" could connect to the Internet or other networks. At that time, the worst thing that could happen was buying a new computer if the old one is damaged. But as soon as the Internet became available, and the cost of equipment decreased - the situation changed. Viruses, of course, remained a very unpleasant event, but we are no longer afraid of buying a new computer, but of losing our data, нарушения в работе критических систем, от которых зависит наша жизнь.

The same thing is happening today with the car. Previously, the car owner was only puzzled by the preservation of his own car - no one wants to discover under the windows the absence of a recently purchased vehicle. But as soon as the car was connected to the network - everything changed, a number of additional threats, no less significant than theft, were discovered.

The main and most serious, if a cyber attack is committed, is a threat to the life of the driver. Chrysler recalls 1.4 million cars after a pair of hackers demonstrated to WIRED that they can remotely control the Jeep system over the Internet. Hackers managed to get on and off the air conditioner, audio system, turn off the brakes and interfere with the steering on the go. In 2016 and 2017, the Tesla car was attacked. Security researchers from Keen Security Lab demonstrated the attack on the S Model the Tesla . They were able to activate the brakes, open the doors and fold the mirrors at a distance of 20 km from the cars. One of the hackers later hacked into a power management system. car Tesla Model S P85 and modified it by installing on it equipment for autopilot, software from twin-engine versions of Tesla. Hacking a car can seriously damage the physical condition of the car owner. But for now, fortunately, frightening experiments by hackers are helping automakers and developers of connected systems increase the level of security of their products.

The second threat relates to data. In November 2017, Uber reported data theft 57 million of its users. Hackers have stolen the names, email addresses and phone numbers of 50 million Uber passengers worldwide. The hackers also had personal information about 7 million drivers, including about 600,000 US license numbers. The history of trips and car use, personal and statistical data - everything can become an object of attack.

What about the theft of your data? The car has long been an analogue of the office. People carry out business negotiations on the speakerphone in the car, not breaking away from taxiing, discussing life plans, talking with their children. Are you ready to share this information with the world? By connecting to the car’s system without physically hacking, you can remotely access everything that happens inside. And the larger the business, the worse the theft of such corporate and personal data will be. The car itself becomes less valuable than the information that can be read from it. So the hijacking, from which a person is most likely insured, and the first threat that we have named, carries minimal damage today, unlike all other potential incidents.

Of course, in order to avoid the described threats, car manufacturers and related equipment manufacturers must develop safe systems. In the case of large consortia, publication of standards and definition of requirements are required: OEMs must coordinate requirements and release new innovative systems that counter potential cyber attacks. When developing, it is important to pay attention to the technological and process parts, checking the organization of the development environment, testing environment, conducting mandatory tests, taking care of the issues of moving the product, where the code is stored for security, and the requirements that make it safe.

Let us now return to the topic of personal computers. We see that today there are a lot of high-quality security systems that allow the construction of serious security measures, but users do not change their behavior. And now the weakest link in the world of information security is man. Unfortunately, we often focus on the technical component, forgetting about people. You can put a strong iron door, but if your little son or old mother opens it to any caller, how much will this increase the level of security?
Car protection should be at a high level, but opposition is also necessary from users. The easiest way to steal an unclosed car or car without an alarm. With cybersecurity is the same. If the driver with the application connected to the car does not follow the safety rules - does not have a password for the phone and service or uses an too simple identification method, does not turn off the bluetooth in the car - this can lead to certain problems.

We at Bright Box, recognizing the importance of security for end users and having expertise in the field of securing a connected car, decided to launch a short online course “Cybersecurity for Drivers” with practical tips.
From the course you will learn how to protect yourself and your car from intruders when using modern technologies, what you need to pay attention to and what rules need to be followed so that all of the listed threats are not implemented. The course will take no more than 10 minutes. At the end, you will be offered a test and a certificate of successful completion according to the results of the course.

Sign up for a course!