With Black Hat and DEFCON upon us, we revisit a 2015 interview with Chris Valasek about his wireless, software based hack of a Chrysler Jeep Cherokee.
In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design.
In-brief: Researchers from George Mason University and New York University are warning that the software used to link smart phones to in-vehicle “infotainment” (IVI) systems could make cars vulnerable to remote attack.
In-brief: One of every five software vulnerabilities discovered in vehicles in the last three years are rated “critical” and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive.
In-brief: Carnegie Mellon CERT warned drivers that a popular aftermarket product for vehicles could leave them open to potentially “life threatening” wireless attacks. Update: added info on recommended remediation. PFR 4/8/2016