Automobile hackings have been in the news a lot recently. The big Uconnect hack affected 1.4 million Chrysler vehicles and exposed a vulnerability that allowed security researchers to enter the Uconnect multimedia entertainment system and control vital vehicle functions. That doesn't just mean hackers can force you to listen to Nickelback against your will — it means they can use the cell signal-enabled entertainment system to kill the engine, slam on the brakes and control the steering.
Tesla experienced a similar issue shortly after when test hackers were able to seize control of the vehicle's functions and shut it down entirely. The Internet of Things (IoT) is here, and the potential nightmares I envisioned several months ago are becoming realities. How will we deal with these new Internet-enabled devices as they move up and down the software supply chain? And what does this mean for operating a secure enterprise?
Gone are the days when a secure enterprise meant computers with antivirus software installed. Now, not only does application security encompass a broad spectrum of native and external computer and mobile applications, but it must also cover applications that connect to the network via automobiles, watches, tablets, televisions, glasses, refrigerators and more.
Any one of these devices could allow hackers a backdoor into an office or enterprise's entire network and add them to the long list of major businesses that have been hit with shockingly simple backdoor hacks. Not to mention the nefarious possibilities for a digital-physical combination attack, like unlocking a garage door after hours by using a smarthome hub, or hacking someone's Tesla and causing a major accident.
The recent news out of the auto industry should be a wake-up call — every "thing" with Internet connectivity is susceptible to its own set of attacks and comes with its own set of vulnerabilities. It's up to us to recognize that, rectify it and understand how this increasing connectivity affects us.
As cars and watches become regular extensions of people's email clients, network security managers will have more potential threat channels to monitor. Then there are the concerns about Bluetooth and near-field communication (NFC) interceptors that can pull allegedly secure signals as they're moving from one device to the next. Automakers have proven quick in responding to exposed security flaws, as both Chrysler and Tesla have already pushed software updates to all affected vehicles. Still, all it takes is one determinedly malicious hacker gaining access to a car's entertainment system and suddenly your entire enterprise's security is compromised.
CA Veracode recently interviewed industry experts about the Internet of Things, the software supply chain and how they relate to cybersecurity. The result is a comprehensive webinar that can prepare security personnel for the imminent onslaught of IoT attacks. With all the news about the Uconnect hack and Tesla vulnerabilities, there's little doubt that hackers are looking at your car's sweet new stereo system and drooling. And it's not because they want to steal the faceplate like they did in the '90s.
Photo Source: Flickr