The Onboard Diagnostics Port (OBD) has been required for all cars sold in the US since 1996 and in Europe since 2001. Prompted by the need to simplify the diagnosis of increasingly complex emission control systems, the OBD-II improved on previous implementations by providing standardized condition codes for the auto repair and tuning markets. Standardized access to this data has helped spawn a robust aftermarket of plug-in devices to allow consumers to monitor their teen drivers, earn discounts from insurers, or gain insights into the performance and health of their vehicles. Similar devices allow fleet managers to monitor the condition, performance and behavior of their vehicles. Nearly all of these dongles offer a wireless connection for the convenience of their customers. Unfortunately, a wireless connection also provides a potential path for hackers to gain entry to the car’s internal networks.
OnBoard Security’s Chief Technology Officer, Dr. William Whyte, has been involved in Vehicle-to-Everything (V2X) communications security for nearly 20 years. He is the editor of the IEEE 1609.2 security standard and has consulted for numerous automaker, the US Dept. of Transportation (DOT) and transportation organizations around the world. He is frequently asked to explain V2X security and give insights on potential vulnerabilities in the system.
Topics: NTRU, Cryptography, Quantum Computing, Automotive, Privacy, Internet of Things, V2X, Embedded Security, Autonomous Vehicles, Regulation, Cyber Security, TPM, TSS, Trusted Computing, V2V, BCAM, SCMS, Research, Connected Vehicles, DSRC
On Friday October 21, 2016, Dyn was subjected to two large Distributed Denial of Service (DDoS) attacks against their internet-address lookup Managed DNS infrastructure. The attackers used Mirai botnets launched from over 100,000 endpoints including cameras, DVRs and baby monitors to generate the significant volume of attack traffic. Affected services included Amazon, Spotify, Netflix and the New York Times.
Recently, the UK government released "The key principles of vehicle cyber security for connected and automated vehicles." This guidance document provides key cyber security principles for use by the automotive industry and its suppliers. This follows the US Government's guidelines that were issued last fall.
The IoT, or the "Internet of Things," represents an exciting period of innovation in our lives. It describes a world of devices all connected to the internet, a world in which inanimate technology that we use and see every day is becoming smarter. It also predicts a continuous journey towards greater ease and convenience, a future in which technology interacts with us as much as we do with it. As you can imagine, this comes with both perks and drawbacks.
On June 14, 2017, the US Senate Committee on Commerce, Science, and Transportation convened a hearing titled "Paving the Way for Self-Driving Vehicles." During the nearly 2.5-hour session, senators and expert witnesses discussed a wide-range of topics regarding autonomous vehicles, including insurance, access for the disabled, impact on safety and drunk driving, etc. The hearing consisted of several polite exchanges of ideas and plans, until Senator Ed Markey pressed the witnesses on their thoughts on mandatory Federal Cyber Security regulations in automotive.