Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
What’s in this week’s Security Mashup, you ask?
Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode here:
Posted in Automotive Cyber Security | Comments Off on Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!
Posted in Automotive Cyber Security, Open Source Security | Comments Off on Ghost GPS routes, smart TVs are watching you, and securing open source
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode.
What’s in this week’s episode, you ask?
Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices.
Posted in Automotive Cyber Security, IoT Security, Software Architecture & Design | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline
Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of just about every one. So you can keep “attending” for months to come.
But from a small slice of it in real time:
It didn’t get nearly as much buzz as the keynote from Monica Lewinsky of Bill-Clinton-and-blue-dress fame, but the message was still powerful: Behavioral analytics is changing the world of security.
Posted in Automotive Cyber Security, Medical Device Security | Comments Off on Behavioral security at RSA Conference 2018
How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.
Posted in Automotive Cyber Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing
The auto industry constantly debuts new entertainment and safety features, but how secure is connected car software? How do you build in connected car security?
Posted in Automotive Cyber Security | Comments Off on What’s under your hood? Connected car security and you
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.
Posted in Automotive Cyber Security | Comments Off on Are there ever legitimate reasons for hacking a car?
Fiat Chrysler Automobiles (FCA) announced recently that it was recalling 7,802 Dodge Challengers to “update transmission software,” in response to vehicle movement (“rolling”) after drivers shifted into park. While 7,802 pales compared to the 811,000 recalled from inadvertent “rolling” last year, the concept of pulling cars away from customers for a software upgrade is beginning to catch broader attention. Investment banking firm Stout Risius Ross reported that software issues accounted for 15% of total recalls in 2015, up from 5% in 2011.
Big business, big investment
Minimizing recalls, which overall totaled more than $900M for General Motors (GM) alone in 2016, would be a significant cost saving opportunity. One remedy for software related recalls is Over the Air (OTA) updates, which would eliminate the need to bring vehicles into dealerships for software updates and allow data driven improvements to minimize maintenance. According to IHS Markit, OTA updates could save the global automotive industry more than $35B by 2022.
Posted in Automotive Cyber Security | Comments Off on OTA updates driving connected car revolution?
Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security are deep and pervasive characteristics. As such, it is advisable to start with solid architecture and robust code from the start.
Robust software for better quality and security
Coding guidelines can help in developing robust code that is portable, safe to be run in high-assurance systems, and secure against common code exploits. Motivated by these insights, the Motor Industry Software Reliability Association (MISRA) published a range of reports, recommendations, and guidelines to ensure the development of safe and secure software. Most prominently are MISRA’s guidelines for the development of C and C++ projects. These include their MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.
Posted in Automotive Cyber Security, Software Compliance, Quality & Standards | Comments Off on MISRA: Ensuring software safety and security from the start
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars.
Posted in Automotive Cyber Security, IoT Security, Software Compliance, Quality & Standards | Comments Off on Fault Injection Podcast .004: Driving automotive software security