Tag Archives: car security

Wifi and cloud based applications bring a new wave of car hacking

Wifi and cloud based applications bring a new wave of car hacking

tracker

Security researchers* have exposed security vulnerability in Mitsubishi Outlander hybrid cars that allowed hackers to remotely turn off the car’s alarm system, control the lights and drain the battery. Stolen vehicle recovery expert, TRACKER (part of the Tantalum Corporation), which has been a longstanding campaigner against vulnerable vehicle security systems, warns that in-car wifi and cloud based applications present a wide range of opportunities for thieves to attack, making it even more difficult  for modern vehicles to be completely secure from determined hackers.

Head of Police Liaison at TRACKER, and a former Chief Superintendent for South Yorkshire Police, Andy Barrs says, “The latest security breach, involving the Mitsubishi Outlander, demonstrates just how advanced thieves are in developing their tactics to tackle new technology. Although manufacturers are constantly developing new immobiliser technology, designed to outpace criminals and make new models significantly more secure, thieves will continue to look for new ways to outwit them, including exploiting telematics and mobile connectivity.

“Of late, standalone key programming theft tools have been making news headlines, but over the next decade, cloud-based theft tools that simply require internet connection are anticipated to dominate.  By hacking this type of technology thieves are able to easily target the most desirable models and steal to order, requiring no tools to enter or drive the vehicle away.”

TRACKER’s stolen vehicle recovery (SVR) device is the only solution used by all the UK’s police forces; it works like an electronic homing device.  A covert transmitter is hidden in one of several dozen places around the vehicle, and there is no visible aerial, so the thief won’t even know it’s there.   Uniquely, TRACKER combines GSM, GPS and VHF technology, which means it is able to locate a stolen vehicle anywhere, even when if it is hidden in a garage or shipping container.  It’s this matchless combination of technology that makes TRACKER’s SVR solutions resilient to ‘jamming’ – another commonly used tactic by car thieves – creating the most robust stolen car tracking and locating unit available.

Source: Tracker

New Cyber Security Solution Detects and Intercepts Threats

NNG Cyber Security – a division launched when the global navigation company acquired Israel-based Arilou Information Security Technologies Ltd. in 2016 – announced the introduction of its new cyber security technology today.

The NNG Cyber Security solution brings groundbreaking innovation that detects and intercepts cyber threats for vehicles immediately, before they can cause any harm to the system of the car.

nng_pips_open_image_big

 

We all know there aren’t any vehicles that cannot be hacked, but our solution can effectively, and permanently rule out one of the methods most widely used by hackers. I could describe this as having discovered a vaccine for cars that fully protects them from a type of dangerous malicious attack. By applying our preventive technology, OEMs can make sure their cars are immune to such attackssaid Ziv Levi, CEO of Arilou, now part of NNG Cyber Security.

One of the methods most frequently used by hackers intending to take control of a vehicle is sending unauthorized commands that the car’s system mistakenly takes as coming from an authorized Electronic Control Unit (ECU). Filtering these malicious messages is key to preventing such impersonation attacks when one of the ECUs sends messages as if it was another. The newly introduced Parallel Intrusion Prevention System (PIPS) is the first solution on the market that analyzes not only the content and context of the communication on the CAN bus between ECUs, but the source of it as well. This enables it to intercept malicious messages in real time, and in a highly effective and accurate manner.

nng_pips_details_detailed_v2

The ground-breaking technology analyzes the physical characteristics of the communication and determines its validity. As the analysis happens in real time, PIPS can stop the threats before they get to their destination, ensuring the security of the vehicle’s ECUs.

The technology is unique on the market because it can accurately track the origins of the communication, thus excluding the chance of impersonation attacks. PIPS can effectively identify these situations, and also stop the attempts, therefore neutralizing the malicious intrusion.

Covering full network from single point of integration

As opposed to available technologies where security systems only secure the communication flow between the segments where they were integrated, PIPS is integration agnostic. It can be connected anywhere on the CAN bus, which ensures full network coverage from one single point of integration.

The solution was revealed to partners at CES in Las Vegas last week, and is already patent pending.

Source: NNG