Software Integrity

Archive for the 'Automotive Security' Category

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]

Continue Reading...

Posted in Automotive Security, Featured, Medical Device Security, Red Teaming, Security Conference or Event | No Comments »

 

How to break car kits with Bluetooth fuzz testing

The habit of breaking things When I was a child, I liked to break things to see how they were built. When I was older, I didn’t grow out of this habit. In fact, I joined a company with like-minded individuals. Now we don’t break things just for the sake of breaking them; we break […]

Continue Reading...

Posted in Automotive Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Automotive Security, Government Security, Security Standards and Compliance, Smart Grid Security | Comments Off on Smart devices, smart grids, and cyber security

 

Are there ever legitimate reasons for hacking a car?

Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend […]

Continue Reading...

Posted in Application Security, Automotive Security, Embedded Software Testing | Comments Off on Are there ever legitimate reasons for hacking a car?

 

MISRA: Ensuring software safety and security from the start

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]

Continue Reading...

Posted in Automotive Security, Security Standards and Compliance | Comments Off on MISRA: Ensuring software safety and security from the start

 

Fault Injection Podcast .004: Driving automotive software security

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars. You can always join the discussion by sending […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing, Internet of Things, Security Standards and Compliance | Comments Off on Fault Injection Podcast .004: Driving automotive software security

 

New car communications could give hackers a free ride

Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]

Continue Reading...

Posted in Application Security, Automotive Security, Data Breach | Comments Off on New car communications could give hackers a free ride

 

Automotive security goes beyond the car

There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing, Mobile Application Security | Comments Off on Automotive security goes beyond the car

 

Secure automotive software at any speed

The features that drive new car sales today are increasingly based on software. Drivers want their own music. They want to stay connected with their digital world. They want digital assistants to help park or even drive autonomously. While auto makers (i.e., the OEMs) have mostly mastered their physical world, with stable supply chains able […]

Continue Reading...

Posted in Automotive Security, Embedded Software Testing | Comments Off on Secure automotive software at any speed

 

Researchers hijack automotive mobile apps

Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps