Secure by design approach, a must for automotive and production to keep consumers safe.
Over the next 20 years, vehicles will become increasingly automated, and eventually Australians will not need to drive a car at all.
However, with one of the highest rates of cars per capita in the world, there is little regulation and cyber protection in a future of connected cars, fleet and transport. With many cars now featuring electronic control units, Bluetooth and other online capabilities, any security breach of these components could provide cyber criminals with a doorway for access.
Just this year, a report from Wired showed that encryption flaws in an anti-theft feature meant hackers could clone millions of car keys for cars. Australian cars are becoming increasingly automated and these kinds of attacks are expected to rise.
Data stored by the automotive industry is also a key target for hackers, evidenced by the ransomware attack this year on Australia’s car auction company, Manheim Auctions, which demanded the company pay $30 million to gain access its files. Toyota Australia’s IT system was also attacked by cyber criminals in 2019.
Noushin Shabab. Senior Security Researcher at Kaspersky ANZ
Kaspersky’s research examined several apps that control cars from various manufacturers for different reasons. These apps turned out to be vulnerable to attacks in one way or another. Senior Security Researcher, Noushin Shabab says, “A car requires an approach to security that is no less meticulous than that of a bank account. Car manufacturers and developers fill the market quickly with apps that have new features to provide quality-of-life changes to car owners. It’s important for both the manufacturer and developer to think about the security concerns and the safety in its infrastructure.”
Transportation are big business with big budgets, which makes it an ongoing target for increasingly sophisticated cybercriminals and as such, requires round the clock protection. Manufacturers with complex production lines and high levels of automation combined with precision techniques, test data and thousands of employees. It’s a company that has very unique security requirements.
Evgeniya Ponomareva, Business Development Manager at Kaspersky
Kaspersky established a transportation unit three years ago and has been working closely with major players in the autonomous vehicle space to ensure security threats and risks are considered at the outset. Evgeniya Ponomareva, Business Development Manager at Kaspersky says, “The latest regulation by UNECE WP.29 will change the automotive industry to think about placing cybersecurity at the forefront of their designs and innovations. Decision makers will now have to think about cyber security from the very beginning when deciding to incorporate emerging technology to transport systems.”
Living in a driverless era also impacts the culture of future car races. For example, a Formula 1 car has thousands of parts, many of which are developed and evolved throughout the season. This places extreme demands on both the design and manufacturing processes, and on the cyber security needed to defend them – which Kaspersky did for a world-class brand.
Kaspersky Ambassador and Race Car Driver Vicky Piria
Kaspersky Ambassador and Race Car Driver Vicky Piria says, “When I road test cars, apart from driving with an intuitive feeling, it’s also based on something I can see. For example, technology helps to identify and develop traction control. Here, I can see a security system of a car that doesn’t work because of a failing traction control. However, at the same time, the only way to understand the problem and resolve it is ultimately to drive the car.”
To prepare for a driverless future, here are 2 ways to start practicing cyber-awareness habits:
1) Go back to basic cyber 101. The software we use that is connected to the internet related to the car you own has to have a unique password. Software examples include apps like Spotify and iTunes.
2) Car ride share apps. Don’t put your main credit card information on your car sharing apps. Instead, use a separate card for transactions when taking car ride shares or other types of public transport.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.au