Locks and Security News: your weekly locks and security industry newsletter
19th February 2020 Issue no. 495
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Nearly every car is vulnerable to hacking
According to a new report released by US Senator Ed Markey: 'Security & Privacy Gaps Put American Drivers at Risk' highlights that only two of 16 major automotive manufacturers were able to "describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time." Therefore, almost every new car on the market includes wireless technology that makes it vulnerable to hacking.
Senator Ed Markey's revelation comes only one week after experts from ADAC (the German Automobile Association) announced that they managed to hack BMW's ConnectedDrive.
This further justifies an urgent need to develop new standards that will protect the data, security and privacy of connected car owners at a time when industry practices are alarmingly inconsistent and incomplete.
The report recommends these standards:
- Ensure that vehicles with wireless access points and data-collecting features are secure.
-Validate security systems using penetration testing.
- Include measures to respond real-time to hacking events.
- Require that drivers are made explicitly aware of data collection, transmission and use.
- Ensure that drivers are able to opt out of data collection.
- Require the removal of personally identifiable information.
SBD Expert Comment
Mike Parris, Head of Secure Car Division at SBD commented:
"It is good to see the call for cyber security standards within the automotive industry gaining traction. My only concern is that the development of those standards is struggling to keep up with the rapid development of connected vehicles. It is not acceptable to wait for the development of those standards before taking action. Vehicle manufacturers and their suppliers should seek out and adopt good practices wherever possible."
To help OEMs meet these challenges, SBD and NCC Group have entered into a strategic partnership to improve automotive cyber security and together have created the Automotive Secure Development Lifecycle (ASDL) to help vehicle manufacturers and their suppliers mitigate cyber security risks when developing connected cars.
The ASDL incorporates international standards, OEM specific standards and best practice guidance using sound engineering principles. The seven-step process includes system/design architecture, definition of what is being protected, threat modelling, counter measures, best practice guidance, penetration testing and incidence response.
18th February 2015