Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Newer car tech opens doors to CIA attacks

Lucas Mearian | March 13, 2017
Security experts aren't surprised by info from Wikileaks docs about agency efforts

Last year, a group calling itself the Shadow Brokers released what appeared to be a portion of the National Security Agency's hacking toolset designed to penetrate network firewalls; it included information about several previously unknown security holes, known as zero-day or 0day vulnerabilities.

According to a Reuters report, the NSA toolset was designed to exploit vulnerabilities in widely used networking products produced by Cisco and Fortinet.

Right now, the decision about whether to retain or disclose a vulnerability is theoretically governed by the VEP, but because the policy isn’t binding on the government, it’s toothless, the EFF said in a blog.

Cryptographer and computer security specialist Bruce Schneier said what's needed is government regulation.

"This is a huge problem," he said. "It’s things that affect the world in a direct physical manner and will cause harm to property and life."

Schneier said he has no doubt the CIA explored zero-day vulnerabilities in order to find ways to spy on citizens and assassinate enemies.

connected car autonomous vehicle
NHTSA

"I think the worst thing about this is it demonstrates -- just like the Shadow Brokers did -- that the Obama Administration's assurances that the Vulnerabilities Equities Process prioritizes defense was a lie," Schneier said.

According to The Washington Post, the purpose of the CIA's hacking efforts exposed by the Wikileaks posting could not independently verified and the intelligence agency has declined to confirm the activity.

Vehicle cybersecurity has come to the forefront of automakers and legislators after several instances of white-hat hacking showed that vehicles could be remotely hacked and controlled.

A modern car has dozens of computers with as much as 100 million lines of code -- and for every 1,000 lines there are as many as 15 bugs that are potential doors for would-be hackers, according to Navigant Research.

As more vehicle models come equipped with cellular, Wi-Fi and Bluetooth connectivity, experts say they have become more vulnerable to hackers who can remotely gain access, either via wireless sniffing devices or over the internet.

By 2020, there will be 250 million wireless "connected" cars on the road, according to Gartner.

For example, in 2015, security experts Charlie Miller and Chris Valasek collaborated with Wired magazine to demonstrate how they could remotely hack into and control the entertainment system and other more vital functions of a Jeep Cherokee.

Both hackers are experienced IT security researchers. Miller is a former NSA hacker and security researcher for Twitter; Valasek is the director of security research at IOActive, a consultancy.

The hacking demonstration resulted in Fiat Chrysler Automobiles (FCA), the world's seventh-largest automaker, issuing a recall notice for 1.4 million vehicles in order fix a software hole that gave hackers access control over vital functions.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.