Further to our blog post from last week, Mark has commented on the automotive industry and their update policies at large.
If you missed the previous blog post then you can read it here.
It seems as though this vulnerability, and the subsequent exploitation of said vulnerability, highlights an integral issue with Internet connected devices: functionality before security.
We’ve seen it before and we’ll see it again: products are launched with Internet enabled features but without a secure and tested backend.
In this case, and others, the good guys have used very specialised means to discover these exploits but how long will it be before the bad guys start exploiting similar vulnerabilities?
Manufacturers taking notice?
Fiat Chrysler quickly responded with a recall and patch of the effected cars but will other manufacturers begin to take notice and prepare for a similar scenario?
Mark James, ESET IT security specialist, explains just how important it is to build strong security measures in from the start.
“Software manufacturers have always and will always have the possibility of vulnerabilities, from multi-million dollar organisations down to the small software vendor from your local town, very few bits of code can be declared 100% safe.
“The main thing is being open to the fact that you could be vulnerable and having the plans and the means to find, fix and distribute that fix as quickly as humanly possible.
“As more and more devices become linked together we will see them scrutinised and checked, it’s not a bad thing if handled in the right way from all parties involved.
“The car manufactures will be taking these threats very seriously, so many cars these days are incorporating the infotainment system and they as much as us will want these systems secure and safe for public use.”
A very particular set of skills
More and more devices are launching with Internet connected features and a fair few have been subject to the white hat hacker treatment.
For example a couple of researchers, who happened to be a couple, found a flaw in an Internet connected sniper rifle.
Using their exploit they could disable the rifle, alter or completely change the trajectory of the bullet. To such a degree that they could hit a different target than the one intended. They explain more here.
The caveat at this point is that it isn’t easy. Researchers are using a great deal of time, skill and specialised tech to find these flaws.
“The equipment used is quite specialist, although we have seen a few proof of concept instances in the news recently I think currently it’s a very specialised environment to be able to deliver.
“Most malware we see currently is mass delivered to infect as many computers as possible, when it comes down to making money it’s all about quantity not necessarily about quality.
“With that being said there will be criminals out there that will see this as an opportunity to achieve a goal and will take an interest in this type of threat.”
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
What do you think will be hacked next?