Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Demand Automakers Get Serious About Security

Posted by samzenpus on from the lock-it-down dept.

wiredmikey writes: In an open letter to Automotive CEOs, a group of security researchers has called on automobile industry executives to implement five security programs to improve car safety and build cyber-security safeguards inside the software systems powering various features in modern cars. As car automation systems become more sophisticated, they need to be locked down to prevent tampering or unauthorized access. The Five Star Automotive Cyber Safety Program outlined in the letter asked industry executives for safety by design, third-party collaboration, evidence capture, security updates, and segmentation and isolation. Vehicles are "computers on wheels," said Josh Corman, CTO of Sonatype and a co-founder of I am the Cavalry, the group who penned the letter (PDF). The group aims to bring security researchers together with representatives from non-security fields, such as home automation and consumer electronics, medical devices, transportation, and critical infrastructure, to improve security.

3 of 120 comments (clear)

  1. Easier to parallel park a train by disposable60 · · Score: 4, Insightful

    Getting the automakers to make any kind of substantive change requires either legislation or expensive PR disasters like a Pinto or Firestone/Explorer event.

    --
    You're looking for quotes? See my journal.
  2. An easier solution by smooth+wombat · · Score: 4, Insightful

    Don't put this crap in cars in the first place.

    I know, I know, simplicity is such an ugly word. It would be truly horrible if people had to concentrate on their driving rather than the six-channel, streaming video playing on their dashboard while they blend margaritas.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. Re:deaf ears by mlts · · Score: 4, Insightful

    What I am afraid of is what happens after. There is a difference between security from remote attackers, and security from "jailbreakers". For example, my Android phone is just as secure rooted as not.

    My fear is that what steps would be taken would force the car into the shop for any minor issue. Already, one automaker, if you change the battery out, the vehicle will refuse to start until the vehicle goes into the dealership and the battery is "registered" into the ECM.

    Automakers should just keep stuff isolated. The radio should not have access to the brakes. Hell, the radio should not even be on the CAN. It should just be vital components, and have the doodads be stuck on another bus that can be "dirty".