Blatant security hacks on connected/autonomous vehicles aren’t the “big threat.” A security expert believes the top hacking targets will be hard-to-detect.
One potential attack is obtaining information that’s not intended for public disclosure. And the potential source of that information: in-vehicle microphones.
“People say a lot of stuff in their cars,” Doug Britton, Chief Technology Officer of RunSafe Security, reminded attendees of the 2018 SAE WCX Tech Hub session, “Automotive Cyber: A Teaspoon or A Tablespoon of Paranoia?”
In-car chatter could give a hacker an earful of information for blackmail money. Or the talk could lead to a windfall if the discussion nets insider trader information. Britton said hackers typically want their work to pay dividends again and again.
“So, if I’m a hacker, I’m not going to crash cars. I’m going to worm my way into your life, and I’m going to stay there,” he said.
The common goal for hackers is maintaining an ability to repeat intrusions without being detected. “You’re going to doubt that I’m there,” Britton said, underscoring the target’s mindset of not being sure anything nefarious is really occurring.
“My fear is that the attacks are going to stay below the radar,” he asserted. “These attacks aren’t going to be highly suspect while they’re going on. People aren’t generally going to believe [it’s a hack], so they’re not going to invest the resources necessary to figure out what ‘it’ really is,” Britton said.
What can be done? Study the ways that attackers chain events together to launch a hack. Shut down the economic incentive for doing a hack. Another disruptor: Change the shelf-life of the assets.
All of these precautions could help tip the balance away from the hacker’s advantage.Continue reading »