Security experts have been warning that the increased complexity and computerization of vehicles is inviting additional risk to the already high-risk activity of being on the roadways. Recently, Chinese security researchers from Tencent’s Keen Security Lab found a flaw in the Tesla electric car’s Controller Area Network bus (CANbus) that allowed them to switch on the windshield wipers, open the sunroof, activate a turn signal, and apply the vehicle’s brakes (as well as perform other actions) remotely.
While being able to remotely control a car won’t allow hackers to steal your identity, it could allow other nefarious acts to take place, such as acts of terrorism. Should someone with bad intentions be able to exploit a vulnerability in the vehicle’s software, they could conceivably orchestrate an event in which they applied the brakes on thousands of vehicles driving on the roadways at once. This could result in massive pileups, injuries, and deaths.
It’s important that no matter what software or firmware is running on any system; be it a computer or a vehicle, if a security or critical patch is released that you apply it right away. If your car is recalled for a software vulnerability, take it in to the dealer or other shop to get it remedied right away. Otherwise you are putting your physical well-being at unnecessary risk.
Cyber terrorism has already made an appearance in recent years. Some may consider the Stuxnet malware that infiltrated one of Iran’s nuclear facilities a form of cyber terrorism. That virus caused approximately one-fifth of Iran’s nuclear centrifuges to be destroyed by sending them spinning out of control. It demonstrated that a cyber attack could result in real mass physical harm should it be so desired. The attack against Sony where information about unreleased movies, payroll information, and email conversations among executives were posted for all the world to see, not only hurt Sony financially, but also harmed its reputation. This could also be considered cyber terrorism. These types of attacks are expected to get more frequent and more dangerous. They also are not expected to be limited to nation states, but will likely creep into the private business space as well. So for those charged with the company’s cyber security, make sure to update all computer systems ASAP when a patch is released.
Cyber security no longer applies only to fraud and identity theft. As this issue shows, it has now crossed the line into threatening our physical safety. So as much as technology can improve our lives, instances like this show it can also be very harmful. That’s why it’s important to stay on top of patching and updating all software; even for that which is in our garages.
© Copyright 2016 Stickley on Security