Software Integrity Blog

Archive for the 'Automotive Cyber Security' Category

 

GAO report confirms major gaps in government cybersecurity

The September GAO cybersecurity report stated that there are about 1,000 outstanding recommendations for automotive, military, and IoT security, among others.

Continue Reading...

Posted in Automotive Cyber Security, IoT Security

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.

Continue Reading...

Posted in Automotive Cyber Security, Software Architecture & Design, Software Security Program

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of just about every one. So you can keep “attending” for months to come. But from a small slice of it in real time: It didn’t get nearly as much buzz as the keynote from Monica Lewinsky of Bill-Clinton-and-blue-dress fame, but the message was still powerful: Behavioral analytics is changing the world of security.

Continue Reading...

Posted in Automotive Cyber Security, Medical Device Security

 

How to break car kits with Bluetooth fuzz testing

How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.

Continue Reading...

Posted in Automotive Cyber Security, Fuzz Testing

 

What’s under your hood? Connected car security and you

The auto industry constantly debuts new entertainment and safety features, but how secure is connected car software? How do you build in connected car security?

Continue Reading...

Posted in Automotive Cyber Security

 

Are there ever legitimate reasons for hacking a car?

Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.

Continue Reading...

Posted in Automotive Cyber Security

 

OTA updates driving connected car revolution?

Fiat Chrysler Automobiles (FCA) announced recently that it was recalling 7,802 Dodge Challengers to “update transmission software,” in response to vehicle movement (“rolling”) after drivers shifted into park. While 7,802 pales compared to the 811,000 recalled from inadvertent “rolling” last year, the concept of pulling cars away from customers for a software upgrade is beginning to catch broader attention. Investment banking firm Stout Risius Ross reported that software issues accounted for 15% of total recalls in 2015, up from 5% in 2011.   Big business, big investment Minimizing recalls, which overall totaled more than $900M for General Motors (GM) alone in 2016, would be a significant cost saving opportunity. One remedy for software related recalls is Over the Air (OTA) updates, which would eliminate the need to bring vehicles into dealerships for software updates and allow data driven improvements to minimize maintenance. According to IHS Markit, OTA updates could save the global automotive industry more than $35B by 2022

Continue Reading...

Posted in Automotive Cyber Security

 

MISRA: Ensuring software safety and security from the start

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security are deep and pervasive characteristics. As such, it is advisable to start with solid architecture and robust code from the start. Robust software for better quality and security Coding guidelines can help in developing robust code that is portable, safe to be run in high-assurance systems, and secure against common code exploits. Motivated by these insights, the Motor Industry Software Reliability Association (MISRA) published a range of reports, recommendations, and guidelines to ensure the development of safe and secure software. Most prominently are MISRA’s guidelines for the development of C and C++ projects. These include their MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.

Continue Reading...

Posted in Automotive Cyber Security, Software Compliance, Quality & Standards

 

New V2V communication could give hackers a free ride

There are initiatives in the auto industry and in municipal governments to roll out V2I and V2V communication systems responsibility and securely.

Continue Reading...

Posted in Automotive Cyber Security, Data Breach Security

 

4 risks in connected cars

Black Duck (now Synopsys) held its inaugural European user conference this month in Amsterdam. Turnout was great, with almost 100 representatives from European businesses attending our training and presentations. I was privileged to lead a panel discussion on the security implications of open source in connected cars. Gordon Haff, Technology Evangelist at Red Hat, and Simon Gutteridge, Global Information Security Manager at TomTom, joined me to explore the topic.

Continue Reading...

Posted in Automotive Cyber Security