Get the latest on…Cyber Security Password Hacking Update.
8.8K views | +0 today
 
Rescooped by @1DavidClarke from IT Support and Hardware for Clinics
onto Get the latest on…Cyber Security Password Hacking Update.
Scoop.it!

Ramping Up Automobile Cybersecurity

Ramping Up Automobile Cybersecurity | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

In late 2014, signs emerged that the automobile industry was taking the first steps toward addressing cybersecurity and privacy risks.

See Also: Solving the Mobile Security Challenge

For instance, General Motors hired its first chief product cybersecurity officer, and the automobile industry set up an automobile Information Sharing and Analysis Center to collect and share information about cyber-related threats and vulnerabilities in motor vehicle electronics.

 

Heading into 2015, efforts to mitigate cybersecurity and privacy risks affecting automobiles continue to gain traction. Recently, Senator Edward Markey, D-Mass., issued a report detailing various automobile security and privacy vulnerabilities. Then, on Feb. 11, Markey confirmed that he, along with Senator Richard Blumenthal, D-Conn., will introduce legislation that would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards for improving the security of vehicles and protecting drivers' privacy.

"We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century," Markey says.

The senators' efforts come after auto manufacturer BMW recently addressed a potential security gap affecting data transmissions to and from the company's connected vehicles via the mobile phone network.

But while early steps are being taken by the industry to get on top of the risks, progress around securing automobiles may not come as quickly as some would hope. "Sure, proof of concept exploits are there - and they are real - but there is not even a semblance of exploitation by the criminals in the wild," says Anton Chuvakin, research vice president for security and risk management at Gartner.

"We do have a chance to prepare for this now by starting early with car and other device security," he says. "However, the history of information security teaches us that we probably won't. Today the threat is mostly 'not' real, but all signs point that it will become real."

Key Risks

Chris Valasek, director of vehicle security research at IOActive, a computer security services firm, has researched cyber vulnerabilities in automobiles through funding from the Cyber Fast Track initiative from the Defense Advanced Research Projects Agency, or DARPA.

Based on his research, Valasek says hackers could gain access to a vehicle's systems and potentially take private information, such as GPS coordinates or the driver's username and password for various in-car applications. Also, cybercriminals potentially could obtain control of computers within the car that operate certain features, such as cruise control, Valasek says.

"[Through our research], we showed that if you're on the car's computer network, you could send messages to completely stop the car and immobilize it," he says. "If an attacker found a way to break in remotely - through Bluetooth, cellular or an application - and was able to be on the right portion of the car's network, they could stop the car, disengage breaks or steer the steering wheel."

Down the road, automakers also need to worry about the potential cyberthreats concerning so-called "autonomous" or driverless vehicles now in development, says Stephen Wu, an attorney at the Silicon Valley Law Group, who has been researching the legal concerns regarding autonomous driving. "If cars crash because of information security vulnerabilities, it could lead to liability for the manufacturers," he says. "They need not only be concerned about safety, but also the governance of information security, privacy and the management of information that's being generated and communicated by cars."

Security Gaps Remain

The recent report from Senator Markey is based on a survey of 16 major automobile manufacturers about how vehicles may be vulnerable to hackers and how driver information is collected and protected.

Among the findings:

Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions;Most automobile manufacturers were unaware of or unable to report on past hacking incidents;Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers;Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real time, and most said they rely on technologies that cannot be used for this purpose at all.

Valasek at IOActive says the biggest takeaway from the report is how most of the manufacturers couldn't answer many questions. "This means that not only are they behind on their security efforts, but probably don't have a good idea of the attack landscape or where to start," he says.

Legislation

The new legislation proposed by Markey would include three key requirements:

All wireless access points in cars must be protected against hacking attacks and evaluated using penetration testing;All collected information must be appropriately secured and encrypted to prevent unwanted access; andThe manufacturer or third-party feature provider must be able to detect, report and respond to real-time hacking events.

To address privacy issues, Markey is seeking a transparency requirement that drivers be made explicitly aware of data collection, transmission and use. He also wants consumers to have the ability to choose whether data is collected, without having to disable navigation. And he's seeking prohibition of the use of personal driving information for advertising or marketing purposes.

"In essence, the proposed legislation codifies what have been best practices in privacy and security for years," says Scot Ganow, a privacy and security attorney at the law firm Faruki Ireland and Cox PLL.

But that doesn't mean the proposed law won't face challenges similar to those that have arisen in previous failed attempts to adopt federal data breach legislation, Ganow says. "As with all laws seeking to regulate commerce and, in particular, the flow of information, the struggle will exist over balancing appropriate regulation while not choking innovation and corporate independence."

Proactive Approach

As the security and privacy landscape around automobiles continues to take shape, manufacturers can start taking the necessary steps to get ahead of the challenge before it becomes a real problem.

Right now, hacking a vehicle is still very hard and very expensive, Valasek says. "That's not to say that won't change in the future. But you want to start implementing security measures before there is an actual problem."

Valasek argues that manufacturers "will have to accept that security is required as part of the process and not an after-thought. Only then can we truly talk about mitigating risks."

In addition, automakers should hire more cybersecurity experts and attempt to integrate security into the automotive software development lifecycle, says Ben Johnson, chief security strategist at Bit9 + Carbon Black, an endpoint security firm. "Immediately, I would be hiring penetration-testers and security consultants to do as much assessment and analysis of the existing systems as possible," he says.

It may also be in the best interest of the automobile industry - and consumers - if manufacturers adopt a model similar to PCI-DSS, the independently developed standards in the payments card industry, says Andreas Mai, director for smart connected vehicles at Cisco. "If an independent body devised a list of security features and controls that a vehicle and its computer systems should have, and the body audited vehicles for adherence, even if it was voluntary, like Consumer Reports, it would at least provide consumers with the notion someone has looked at security and provide a baseline level of confidence," he says.

 


Via Technical Dr. Inc.
more...
Secunoid's curator insight, February 19, 2015 1:52 PM

The next frontier to keep an eye out for from security perspective, Automobiles.

Sandesh's curator insight, March 23, 2015 9:55 AM

They have introduced the cybersecurity which is attached withh audio player

Get the latest on…Cyber Security Password Hacking Update.
The Advantage You Need To Compete In Today’s Infosec Economy ::Cyber Security Password Hacking Roundup www.digitalarena.co/1davidclarke #security ;Join  Linkedin In Group At http://bit.ly/thedigitalarena
Curated by @1DavidClarke
Your new post is loading...
Your new post is loading...
Rescooped by @1DavidClarke from Technology in Business Today
Scoop.it!

FBI to Car Owners: Watch out for Hackers

FBI to Car Owners: Watch out for Hackers | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it
FBI to Car Owners: Watch out for Hackers

Via TechinBiz
more...
No comment yet.
Rescooped by @1DavidClarke from OSINT News
Scoop.it!

New test shows Apple computers aren't  more secure than Windows

New test shows Apple computers aren't  more secure than Windows | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it
This post was originally published here: postApple just gets attacked less. What makes Apple users so dedicated to the Mac is its tight security and anti-virus features that have long proven to be better than a virus-ridden PC. However, a new test shows that may no longer be true, and that it... http://opensources.info/new-test-shows-apple-computers-arenrsquot-secure-windo/

Via Paulo Félix
more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Cyber-Security: The Best Plan Of Action To Keep Your Data Safe - InformationWeek

Cyber-Security: The Best Plan Of Action To Keep Your Data Safe - InformationWeek | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Like a perverse iteration of Newton's third law, every clever cyber-attack action is always followed by an equally clever reaction from the organization targeted. Is that enough to keep your data safe?

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

The death of passwords: HSBC launches voice and fingerprint ID

The death of passwords: HSBC launches voice and fingerprint ID | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Customers will no longer have to use passwords to access their bank accounts
on the phone or via the iPhone app at HSBC and First Direct

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Top 10 most devastating cyber hacks of 2015 | Information Age

Top 10 most devastating cyber hacks of 2015 | Information Age | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

High-profile cyber attacks continued to dominate the global news agenda in 2015. Here are ten of the most devastating

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Don’t Be Hacker Bait: Do This One-Hour Security Drill

Don’t Be Hacker Bait: Do This One-Hour Security Drill | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Do this one-hour digital security checklist to boost your data privacy and protect all your devices from hackers.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Confidence drops as cyber-attacks become more sophisticated

Confidence drops as cyber-attacks become more sophisticated | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

According to a Cisco report, less than half (45 per cent) of organisations, globally, are confident in their cyber-security measures.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

How blockchains are redefining cyber security |...

How blockchains are redefining cyber security |... | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Blockchains are more than just Bitcoin – they’re a whole new way of looking at cyber security, writes Vijay Michalik, research analyst for digital transformation at Frost & Sullivan | Higher Education Research...

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Asda website bug puts millions of personal details at risk

Asda website bug puts millions of personal details at risk | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

A security flaw on Asda's website has left the personal details of hundreds of
thousands of customers vulnerable to hacking

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

SECURITY & RISK Cybersecurity’s Big Market Boom...

SECURITY & RISK Cybersecurity’s Big Market Boom... | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Forbes' cybersecurity year in review found the market is expected to see unprecedented growth over the next five years. | Technologies numériques

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

1 in 4 people will be hit by a data breach by 2020 |

1 in 4 people will be hit by a data breach by 2020 | | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

It's time to think about what you can do to protect yourself as much as possible.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

How CISOs Can Change The Game of Cybersecurity

How CISOs Can Change The Game of Cybersecurity | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

FBI: Businesses Lost $215M to Email Scams — Krebs on Security

FBI: Businesses Lost $215M to Email Scams — Krebs on Security | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

By hijacking email addresses of US businesses, cyber criminals stole $215,000,000 in the last 14 months. @briankrebs https://t.co/x8sqGYd2uD

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

IBM and Microsoft Will Let You Roll Your Own Blockchain

IBM and Microsoft Will Let You Roll Your Own Blockchain | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it
They call it the Hyperledger. And it can be yours.
more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid

Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it
The hack on Ukraine's power grid was a first-of-its-kind attack that sets an ominous precedent for the security of power grids everywhere.
more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Skills, strategy and security: The recipe to tackle cybercrime in 2016

Skills, strategy and security: The recipe to tackle cybercrime in 2016 | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

To prepare for this year’s inevitable cyber-threats, businesses need to create and deploy a complete security strategy.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Sony cyber hack heralds return of the fax machine

Sony cyber hack heralds return of the fax machine | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Michael Lynton, chief executive of Sony Pictures, reveals that since the hack
he now writes sensitive messages by hand and sends them by fax

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Data breach in China: 100 million records used to hack 20 million Taobao users

Data breach in China: 100 million records used to hack 20 million Taobao users | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

A massive breach - but what actually happened?

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

7 steps hackers take to execute a successful cyber attack | Information Age

7 steps hackers take to execute a successful cyber attack | Information Age | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

While it is true that pretty much every network is vulnerable to a cyber attack, it is also the case that attackers must follow a certain formula of actions to compromise these systems

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Strategy, not technology, drives digital transformation: Becoming a digitally mature enterprise

Strategy, not technology, drives digital transformation: Becoming a digitally mature enterprise | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

What’s the most important driver of organizational digital maturity—social, mobile, analytics, or cloud? None of the above, according to the latest MIT Sloan Management Review and Deloitte digital business study.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Selfies to kill off passwords 'within five years', says Mastercard

Selfies to kill off passwords 'within five years', says Mastercard | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Mastercard is rolling out a new technology that could allow people to verify
their identity simply by blinking into their selfie camera

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

'Star Wars' is now one of the most popular passwords

'Star Wars' is now one of the most popular passwords | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Exclusive music news, big interviews, entertainment, social media trends and video from the news people at BBC Radio 1 and 1Xtra.

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

The Current State of Ransomware – a new paper from SophosLabs |

The Current State of Ransomware – a new paper from SophosLabs | | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

The history of ransomware, the latest threats, how they work, and what you can do to defend yourself. Great stuff from SophosLabs!

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

British Gas data leak is third major UK security breach in a week

British Gas data leak is third major UK security breach in a week | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Will the recent spate of UK data breaches prompt British companies to re-examine their cyber security practices?

more...
No comment yet.
Scooped by @1DavidClarke
Scoop.it!

Major security alert as 40,000 MongoDB databases left unsecured on the internet | Information Age

Major security alert as 40,000 MongoDB databases left unsecured on the internet | Information Age | Get the latest on…Cyber Security Password Hacking Update. | Scoop.it

Students discover overwhelming number of MongoDBs without access control, including a French telecoms database with 8 million customer phone numbers and addresses

more...
No comment yet.