In-brief: Chris Poulin of IBM blogs over at Recorded Future that malicious attacks on connected vehicles are a couple of years off. But the genie is already out of the bottle.
We were lucky enough to have Chris Poulin as a guest speaker at our Security of Things Forum back in May. Chris is a research strategist at IBM’s X-Force R&D group and a recognized expert on connected vehicle security.
This week, he’s penned an interesting post for the folks over at Recorded Future, a firm that does security threat intelligence gathering and data analysis. His piece looks at the threat of hacking with connected vehicles. His thesis: the threat is real, but we’re not entirely there yet.
Just as interesting, Recorded Future put together two cool visualizations to demonstrate the growing interest in connected vehicle security. They correlate aggregated mentions of exploits of connected cars with smart car milestones and public demonstrations of car hacking.
From Chris’s post:
The reality is that threat actors have little motive to harm John and Jane Q Public as they roll merrily down the road. Threat actors break down into two broad categories: cyber criminals, who are motivated by money, and ideologues, the latter comprising hacktivists, terrorists, nation states, and sometimes insiders.
A more likely scenario: software based attacks on car security features (with the goal of stealing the vehicle) and variants of ransomware and other run of the mill nuisance software tailored for in-vehicle systems. As for attacks such as those demonstrated by Charlie Miller and Chris Valasek that take remote control of cars? Poulin thinks incidents of those types of attacks will be far and few between.
Nation states may listen in over the hands-free microphone in a high-powered diplomat’s limousine. Harm, however, only shows up in isolated cases of highly targeted individuals.
Poulin argues that threats and attacks on cars are a couple of years off – but that automakers need to get off the dime when it comes to cyber threats.
Instead of burying our heads, the public and automakers should welcome the efforts of researchers. We need to find and mitigate the vulnerabilities in connected vehicles before they’re widely exploited by the dark side of the cyber security battle.
Check out the full post on Recorded Future’s web site here: Connected Cars: Threat Intelligence Hits the Road