The trusted voice of the industry
for more than 30 years

Call to prioritise car cybersecurity

Posted on 27 October, 2016

A cybersecurity firm says that carmakers should be prioritising the security of their vehicles, says Driven.co.nz. Peter Bailey, general manager of Auro InfoSec, says the next big frontier requiring robust digital legislation and protection will be the auto industry. “This a relatively new area of security research and the environment we are dealing with is quite complex. But I think the various manufacturers are starting to realise the gravity of the situation on how security is going to have a major impact on their business.” He adds: “Security should be right at the forefront of the design stage and should not be an afterthought.” An easy way to compromise a car’s computer system would be through rooted firmware through updates that users might download from the manufacturer’s website and install themselves in the car using a USB stick. Bailey says the five-year model development lifespan means there is often a large gap between the speed in which in-car connected technology develops and the speed with which hackers can find weaknesses in that technology. “By all practical means, it will be hard, if not impossible to create a 100 per cent secure product [for car companies]. “We have noticed the difference in response time taken by different manufacturers to issue patches for vulnerabilities in their vehicles. “This is where an in-depth defence approach would be useful. “Creating as many layers of defence while reducing exposed attack surface area would go a long way.”