Locks and Security News: your weekly locks and security industry newsletter
18th May 2022 Issue no. 607
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Lawsuit seeks damages against vehicle manufacturers and their "hackable" cars
A law firm has filed a lawsuit against Toyota, Ford and General Motors claiming they have failed to take basic measures to secure their vehicles from hackers. The lawsuit, filed in the U.S. District Court for the Northern District of California, is on behalf of three vehicle owners and all others similarly situated. It states that the three major vehicle manufacturers:
“Failed to ensure the basic electronic security of their vehicles, anyone can hack into them, take control of the basic functions of the vehicle, and thereby endanger the safety of the driver and others.”
Mike Parris, Head of Secure Car Division at SBD commented:
"In 2014, I predicted that in the foreseeable future the automotive industry would be impacted by the emergence of lawsuits against vehicle manufacturers for potential cyber security flaws in connected cars and this week we saw the first one. The reality is that regardless of the outcome of this lawsuit, it will not be the last."
"All vehicle manufacturers and their suppliers can expect to be subject to cyber security based lawsuits in the future, so they need to prepare. This justifies an urgent need to protect the data, security and privacy of connected cars at a time when, according to Senator Ed Markey, industry practices are alarmingly inconsistent and incomplete".
To help OEMs meet these challenges, SBD and NCC Group have entered into a strategic partnership to improve automotive cyber security and together have created the Automotive Secure Development Lifecycle (ASDL) to help vehicle manufacturers and their suppliers mitigate cyber security risks when developing connected cars.
The ASDL incorporates international standards, OEM specific standards and best practice guidance using sound engineering principles. The seven-step process includes system/design architecture, definition of what is being protected, threat modelling, counter measures, best practice guidance, penetration testing and incidence response.
18th March 2015