Kaspersky calls on business leaders to unite as firm’s research exposes vulnerability of connected vehicles
As real life catches up with fiction and the UK gives the go-ahead for driverless vehicle testing on public roads , Eugene Kaspersky, CEO and Chairman of Kaspersky Lab calls on business and the IT security industry to join forces to protect connected vehicles from emerging cyber-threats.
“We cannot afford to wait until the first attack takes place,” says Kaspersky. “This is about saving people’s lives. The real-time tracking, detecting, analysing and neutralising of cyber-threats that is currently in place for computers and mobile devices will not be enough on its own. Incidents will take just seconds to disable or destroy a vehicle. We have to find and close the vulnerabilities now before the technology is integrated extensively into mass market vehicles.”
Fictional cyber attacks have featured in Hollywood plots as far back as 1983 when WarGames saw a student hack military computers gaining the ability to start WW3. Live Free or Die Hard saw cyber terrorists hack the FBI creating a crippling cyber-warfare attack on national infrastructure. More recently, a plot in Homeland saw terrorists gain access to the Vice President’s pacemaker, accelerating his heartbeat, inducing a heart attack. Whilst these may seem implausible plots, they are far from a distant reality. In fact, former US Vice President Dick Cheney's doctors disabled his pacemaker's wireless capabilities to thwart possible assassination attempts. Global reliance on technology requires heightened awareness of the risks associated with it. The cyber criminals are exploiting technology for their gain and Kaspersky believes we need to wake up to the risks.
Kaspersky Lab analysts have undertaken a proof-of-concept study into the security of connected vehicles. The team discovered several areas of risk; by obtaining a vehicle owner’s identity credentials, thieves would be able to remotely unlock and take possession of the vehicle. And by intercepting and tampering with mobile communications and over-the-air software updates cybercriminals could transmit malicious code or, in the worst case scenario, send new and dangerous instructions to the vehicle’s software systems.
“In theory a vehicle could suddenly fail or be taken over and there is nothing the driver or passengers could do about it,” says Kaspersky. “Our research revealed basic failures in data encryption and password protection that, quite literally, leave the door open to criminals.
“Everyone involved in the creation of a connected vehicle - including policymakers – need to collaborate to ensure such points of weakness are overcome before the vehicle makes it onto the roads. Time is of the essence. The one thing we can be sure of is that however fast we go, the hackers will be just a few steps behind us.”
