by Lucian Armasu April 30, 2018 at 2:07 PM - Source: Computest
Daan Keuper and Thijs Alkemade, two researchers from a Dutch security firm Computest, discovered a flaw in Volkswagen and Audi cars that attackers could exploit remotely, over the internet. Volkswagen will not patch the flaw, as those car models lack the capability to be updated over-the-air.
Modern Cars, Modern Problems
The researchers looked at nine different car models, until they decided on the Volkswagen Golf GTE and Audi A3 (also made by the Volkswagen Group). However, they first asked for permission to review their security. In some countries, including in the U.S., it’s often illegal to mess with the car’s software. Additionally, Volkswagen has sometimes taken legal action against security researchers so they wouldn’t reveal flaws in its cars. However, this time, Volkswagen seems to have been more cooperative.
Modern cars have increasingly gone digital in order to offer customers more features, but security hasn’t kept pace. For instance, cars may now have two Controller Area Network (CAN) buses, one for safety-critical components such as the engine and brakes, and another for non-safety-critical ones such as the entertainment dashboard, AC, wipers, and so on.
However, these two CAN buses are still able to communicate with each other through a "gateway" so that certain features work. Firewalls are supposed to filter what type of communications between the buses are allowed.
Lately, cars have also introduced two separate modems for wireless communications, but often they don’t come with robust security solutions that can protect them against various types of attacks. The most prominent remote hacking attack was done by two researchers, Charlie Miller and Chris Valasek, against GM’s Jeep Cherokee back in 2015. The exploit was possible due to a flaw in the In-Vehicle-Infotainment (IVI) system, which had an unfirewalled internet connection.
Prease to read more here:
terms | privacy | contactCopyright © 2006-2020