Car Makers Urged to Sign Security Manifesto against Hacking
Automobile manufacturers could deter hackers from hijacking cars by following a five-principle manifesto, according to I Am The Cavalry, as quoted by The Register. The security pressure group wrote an open letter to car makers, urging them to increase their products’ security.
“Modern vehicles are computers on wheels and are increasingly connected and controlled by software and embedded devices,” I am the Cavalry co-founder Josh Corman said.
“New technology introduces new classes of accidents and adversaries that must be anticipated and addressed proactively,” he said. “Malicious attackers, software flaws, and privacy concerns are the potential unintended consequences of computer technologies driving this latest round of innovation.”
Innovative but hackable car technologies include vehicle-to-vehicle communication, driverless functions, automated traffic flow and parking assist, collision avoidance, and remote control functions such as stolen vehicle shutdown and remote emergency response.
The pressure group asked auto makers to sign up to a Five Star Automotive Cyber Safety Program, which includes:
1. Safety by Design (producers should have a secure software development lifecycle, summarizing the cars’ design, development, and adversarial resilience testing programs).
2. Third-Party Collaboration (car makers should admit they are not flawless, implement a disclosure policy, and invite security researchers to contribute).
3. Evidence Capture (learn from mistakes; safety investigations based on tamper evident, forensically sound logging and evidence capture).
4. Security Updates (promptly address new safety issues).
5. Segmentation & Isolation (non-critical systems such as entertainment shouldn’t affect critical/physical systems such as braking).
Automotive CEOs can support the safety program by signing the petition within the next 90 days. The Cavalry open letter was presented at last week’s Defcon hacker convention in Las Vegas.
I am The Cavalry is a grassroots organization focused on issues where computer security intersects with public safety, in the areas of medical devices, automobiles, home electronics and public infrastructure.
Car hacking was also recently documented at the BlackHat conference in a paper titled “A Survey of Remote Automotive Attack Surfaces.” According to The Register, Twitter security expert Charlie Miller and IOActive’s director of security intelligence, Chris Valasek, concluded that the hacking process is difficult and depends on the car model.