Malware scanner for the car
Cyber defense in the car - growing with the challenges
What can lead to annoyance and financial loss on the PC, can become a danger to life and limb when driving a car.
The media never tires of reporting on hacker attacks on the latest car models. The manufacturers, in turn, are trying to postulate security against these attacks. But what has really happened since then? Is the networked vehicle of tomorrow safer than the PC linked to the Internet? Up to now, the extent of cyberattacks on vehicles has hardly been publicly known. Is this because an attack on a series of vehicles involves more effort than an attack on the home network? Or is it simply luck?
More open gaps through technical progress
The cyber experts at Cyoss are certain: Driving has never had so many opportunities for attack as it does today. The more vehicles become a rolling IT device, the more attack surfaces emerge from their connected networking. In contrast to a modern, stationary IT system, current vehicles do not yet have the necessary computing power on the individual control units or the necessary real-time capability of the components to implement all established security mechanisms from classic IT in the vehicle. Cyber defense requires computing power - more computing power in turn leads to more expensive control units. From a cost perspective, it is necessary to weigh up between smart customer convenience features and cyber security.
"Added to this is the difficulty that sophisticated security cannot be integrated so easily into existing vehicle platforms but must be planned into the architecture from the very beginning in the sense of security-by-design. And it is precisely in this environment of a lack of cross-manufacturer security standards and a proliferation of existing architectures that the challenge lies," says security expert Dr. Oliver Hanka, who as head of the Cyber Security business unit has already worked with his team on numerous vehicle platforms.
As consistent and structured as the security experts are, as creative are the hackers. Attacking the keyless entry systems of various manufacturers has long been part of the standard repertoire of a good hacker. Further points of attack are, for example, the increasing number of direct connections between control units and backend servers. These control units, which, for example, enable the opening of doors or control the ignition in car-sharing vehicles, could be tricked by weak encryption or missing certificates with interposed cellular connections working on behalf of the hacker. A still little-known point of attack is targeted by counterfeit components. Once installed, they work on behalf of the hacker, not the driver. This is achieved by means of copied and adapted firmware, which makes the system believe that the component is genuine. With physical access to the CAN bus, far more frightening scenarios could be imagined.
In A Nutshell
- Penetration Testing: Embedded, Cloud & Operational Technology
- Vulnerability Scan
- Defense against Replay Attacks
- Defense against Fuzzing
- Defense against Message Injection
- Defense against Sniffing & Spoofing
Dr. Christoph Winkler
Cyber Security Expert
However, ESG Mobility continues to work on solutions to ensure security in vehicles and protect them from attacks. The expertise of ESG Mobility specialists is demonstrated in the "In A Nutshell" area. Security-by-Design is no coincidence, but is based on experience, best practices and the necessary innovation. For the first time, vehicle security has thus achieved the status it urgently needs in the coming autonomous age. After all, despite all the new fancy features and entertainment functions, in the end it is always about the driver's trust in their vehicle. A trust that has been laboriously built up over many years and could be gambled away in a single incident.