One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2484775 |
| Date de publication | 2021-03-15 10:00:00 (vue: 2021-03-15 10:05:34) |
| Titre | Is automated vulnerability scanning the best way to secure smart vehicles? |
| Texte | This blog was written by an independent guest blogger. To those who pay attention to such things, it seems like a new vulnerability in smart car systems is found every week. In 2020, the numbers beat all previous years. The inescapable conclusion is that smart cars are now among the favorite targets of hackers and APT (Advanced Persistent Threat) actors. One of the main reasons for this is the sheer number of different systems that the average connected car contains today. Quite apart from advanced features like autonomous driving and automatic braking, even less expensive cars now offer extensive Bluetooth and WiFi connectivity. As we’ll explore in this article, this makes securing these cars against cyberattack almost impossible for human analysts. Instead, we should think more seriously about turning to automated systems – and soon – in order to make sure that our smart vehicles are safe as they can be. Connectivity vs. Security Connected vehicles pose something of a unique challenge for cybersecurity engineers. This is because the way in which these vehicles are designed and built, as well as how they interact with the real world that you and I inhabit, is quite different from the average mainframe. In most cases, for instance, the connectivity offered by smart vehicles is often designed by automotive product designers, or at very best UI designers, who have little understanding of the way that their desired level of connectivity will affect security. In other words, smart cars are generally keen to connect to any other device that comes within range – whether this be a smartphone, pen drive, set of headphones, or Wifi router – and often does so in a highly insecure manner. This gives rise to a number of consequences: some obvious, some less so. One is that the long-running debate about whether vulnerability scanning vs. pen testing has been resolved, at least as it relates to smart vehicles. They are incredibly easy to penetrate, and so scanning for vulnerabilities becomes the only practical way to protect them. Even insurance companies have been forced to become at least somewhat knowledgeable when it comes to pricing out their service. In short, it now costs more to cover tricked-out supercars loaded with the latest in technology. More connected systems means there is greater opportunity for hackers to execute a successful cyber-carjacking. The supply chain Unfortunately for the network engineers attempting to protect smart vehicles, it gets worse. Not only are connected cars keen to connect to everything without performing any due diligence, but the sheer number of different manufacturers that contribute to a finished vehicle makes the idea of standardizing security almost impossible. In the trade, this issue is known as the “supply chain problem,” and is a real headache for engineers. In practice, it goes something like this. They could spend time researching which auto manufacturer has the largest market share for connected cars and try to build systems that would isolate, say, the Bluetooth connectivity that turns the car on and off. But just as they manage to achieve this, their product manager could quite easily swap suppliers for the Bluetooth aerials and render the whole process obsolete. And then, unbelievably, it gets even worse again. Because it’s not jus |
| Envoyé | Oui |
| Condensat | “lateral “supply 2020 about access achieve actors advanced aerials affect again against all almost already among analysis analysts any apart apparent approach apt are area article assumed attempting attention auto automate everything automated automatic automobiles automotive autonomous average avs banking beat because become becomes been beginning best between blog blogger bluetooth braking build built bulletins but can car car’s carjacking cars cases chain challenge comes companies components concern conclusion connect connected connectivity consequences: consumers contains contribute controls costs could country course cover crime criminal cumbustion cyber cyberattack cybersecurity cyberthreats data debate dedicated deeply designed designers desire desired detect detection device devices differences different difficult diligence does down drive driving due easily easy elements emails embedded emerging encryption engineers enhanced era even every everything execute expensive explore extensive face faced favorite features finally find finished forced found from function further future gain general generally get gets gives goes good greater guest hack hackers has have headache headphones heating heterogeneous highly home homes homogenous houses how human idea important impossible incorporate incredibly independent individual industry inescapable inhabit insecure instance instead insurance interact interest internal intrusion isolate issue it’s itself journey just keen keep kind knowledgeable known largely largest latest least less let level like likely little loaded long looking main mainframe make makes manage management manager manner manufacturer manufacturers market matter means might more most movement” natural network new niche nonetheless not now number numbers obsolete obviates obvious occurs off offer offered often one online only opportunities opportunity order other out pay pen penetrate performing perhaps persistent physically pose practical practice previous pricing problem process product program property protect protecting quite raised range reading real reasons regarded relates relatively render researching resolved rise risk risks round router running supply safe say scanning seconds secure securing security see seem seems seriously service set share sheer shield short should shouldn’t slightly slow smart smartphone solution some something somewhat soon spectrum spend standardizing stay strategy stuff successful such supercars suppliers sure swap system systems takes targets task tasks technology testing them themselves then therefore these things think those though thought threat threats through time toaster today top trade transfer tricked try turning turns type unbelievably unconventional undermine understanding unfortunately unique unprecedented until user using variety vehicle vehicles very vulnerabilities vulnerability way we’ll we’re week weekly well what when whether which which who whole wide wifi will within without words world worse would wrap written years your |
| Tags | Hack Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.