by Wayne Mitchell, global director, sales and marketing
In the past decade, legislators and federal agencies have introduced legislation to counter cyberattacks across many industries, including automotive.
With the rise of autonomous vehicles, a variety of concerns have been laid out as several third-party researchers have been able to publicly identify weak points in these vehicles’ systems. However, autonomous vehicles are not the only cars at risk of security breaches.
According to recently published research, a number of well-known automakers were found to be vulnerable to a previously unknown security flaw that might have enabled a cunning hacker to commandeer vehicles and steal customer data. Researchers claim that a bug in the telematics infrastructure of the car would have allowed a hacker to remotely locate a vehicle, unlock and start it, flash the lights, honk the horn, and open the trunk. Additionally, a hacker would have been able to access private customer information like the owner’s name, phone number, address, and vehicle specifics.
The flaw was found by a team of security experts who were investigating the types of issues that could arise through an automaker’s so-called “telematic services.”
The majority of contemporary vehicles are web-connected. While more adaptable than ever before, thanks to the inflow and outflow of vehicle data, or telematics, they are also more susceptible to hacker attacks and remote hijacking. Car manufacturers have been known to sell vehicle data to surveillance vendors, who may in turn sell it to government agencies, making the telematics industry a huge privacy risk.
Researchers interrogated the code of several different vehicle apps and found an authentication flaw in the infrastructure offered by a satellite radio company that is housed within the infotainment systems of the majority of cars. The system in most automobiles connects to the radio’s API through the internet and satellite, and can conduct operations on the car such as locking or unlocking it. This implies that information can be hijacked under the correct circumstances as individual automobiles send and receive commands and data to and from the radio corporation.
If left unchecked, this authentication flaw would have given a cybercriminal the opportunity to hijack the car as well as the associated customer account information.
Brand and reputation are the most valuable assets a business has, they are also the most vulnerable. Automotive manufacturers need to be in close contact with every third-party supplier to ensure they are constantly checking for (and remedying) flaws in their software systems. Several manufacturers have come under fire in the past for not protecting their customer’s private information, even if it is unknowingly sharing it.
Trusted by the world’s leading brands, Sedgwick has managed more than 5,000 of the most time-critical and sensitive product recalls in 60+ countries and 50+ languages, over 25 years. To find out more about our experience within the automotive sector, visit our website here.