Stefan Nürnberger, computer scientist and IT security expert at the Helmholtz Center for Information Security (CISPA) in Saarbrücken, has already hacked many cars. Searching for gaps in their IT infrastructure, the white-hat hacker often succeeds in attacking via faulty radio connections. If, for example, Bluetooth is not programmed correctly, malware can be smuggled in via a smartphone and the software in the car can be manipulated. In the simulator it can also become dangerous if the driver steers the car with the accelerator pedal after an intervention in the electronics.
Horror messages from hacked cars are still rare and “good” hackers usually reveal the weak points on behalf of car manufacturers or out of pure curiosity. The hacker, who calls himself L&M, demonstrated to the US tech magazine Motherboard at the end of April this year that he had broken into about 27,000 user accounts of two GPS tracker apps. This would not only have allowed him to determine the current position of the vehicles, regarding some of the cars, it would even have been possible to switch off the engine remotely while driving up to a speed of 12 mph.
Also for police and secret services the car seems to be a rich source for search and reconnaissance. The Central Office for Information Technology in the Security Sector (ZITiS), for example, wants to gain access to the car and use govware for this purpose. In March 2019, at the request of a member of the German Bundestag, the Ministry of the Interior replied: “The development of forensic investigation capabilities for connected cars and the provision of corresponding capacities are included in the fulfilment of ZITiS’ tasks.”
In any case, car manufacturers and suppliers are upgrading their IT security systems. Continental, for example, one of the world’s largest automotive suppliers is now pre-integrating security solutions from Israeli security pioneer Argus Cyber Security into the networked electronic components in automobiles. Argus has been part of the Continental subsidiary, Elektrobit (EB), since 2017. Its embedded software solutions are already installed in more than a billion vehicles worldwide.
Together, EB and Argus offer multi-layered, end-to-end cyber security solutions and services to protect networked vehicles from cyber attacks with solutions to protect individual electronic control units (ECUs) or the vehicle network. In addition, they enable mobile software updates with an over-the-air solution. T-Systems and Argus are pooling their security know-how in an industry-wide partnership. They are setting up an Automotive Security Operation Center to complement Argus’ in-car security solutions and protect networked cars from cyber attacks in real time.
More Information: www.t-systems.com/strategy