IoT Security Just Went Mainstream! What Does It Mean for Automakers?
You may have already read and seen “Hackers Remotely Kill a Jeep on the Highway—with Me in It” that resulted in Chrysler’s voluntary safety recall of approximately 1.4 million vehicles. We blogged about it, and today’s post is a continuum of that discussion.
What did the recent hack mean for Chrysler customers? Well, they got to watch the horrifying video of an SUV being hacked on a highway and received a USB that upgrades the vehicle’s software beyond the network-level measure.
For that matter, what does this mean for all of us in the future? Can all cars, Chryslers or not, on the road now resume normal lives without the fear of remotely getting hacked? Not quite! Automakers have a daunting task ahead of them.
In our previous blog post, we listed several critical security questions to consider when designing an Internet of something. Let’s dive into some of those questions.
Security updates are important, and should go hand-in-hand with anti-tampering. Automakers must ensure that even if firmware updates are delivered via USB drive, that data on the USB drive is secured.
Secure Network Services
All communications from the vehicle’s systems to the outside world must be secure. With the numerous historic examples in mobile communication hacks, we have to come to assume the communications link is compromised and the stream can be altered. Automakers must therefore keep this connection simple and secure by allowing only the strongest modes for data in transit such as AES-GCM and not TLS heartbeat.
Secure Data Over Secure Network Services
Along with the network connection, automakers also need to ensure that the data used by the automobile is secure and not altered. For example, maps from a service provider, say Google, must in fact be from Google. Additionally, that data must be certified by Google and is safe when received over the network.
More details from the principals are expected at BlackHat today! If you're there, stop by our booth #122 to talk to our team that will showcase KeyROM, Mocana’s solution to strengthen security components for Android devices and applications, among our other IoT solutions.