auto - Automotive - Red Sky Alliance2024-03-29T13:43:37Zhttps://redskyalliance.org/automotive/feed/tag/autoHacking Your New Carhttps://redskyalliance.org/automotive/hacking-your-new-car2023-08-19T14:00:00.000Z2023-08-19T14:00:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12199344262,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12199344262,RESIZE_400x{{/staticFileLink}}" alt="12199344262?profile=RESIZE_400x" width="250" /></a>Picture driving down the highway in your brand-new car when suddenly your brakes slam, your engine turns off and your doors lock. What the heck is going on? After you recover from hitting your head on the steering wheel, you think, “all I wanted was a nice new car, so I can hit the campaign trail in running for our open Congressional seat.” Chances are a hacker has remotely taken control of your car.</p>
<p>Preventing this hypothetical scenario is a focus of all automakers, as modern day cars are mobile computers often connected to the Internet. As cars become loaded with computerized parts, they also become vulnerable to cyberattacks and privacy leaks, at least to a degree.<a href="#_ftn1">[1]</a></p>
<p>Professional "good guy" hackers demonstrated that they could attack computerized technology in cars as recently as this spring, when French security business Synacktiv proved that it could hack the infotainment system of a leading electric vehicle at the annual Pwn2Own computer hacking competition.</p>
<p>This cybersecurity sector is becoming more of a focal point for research, particularly as advancements in artificial intelligence (AI) make their way into the auto industry. "If you have a classic car with almost zero computers, then there is almost no chance someone can remotely take control of your car. But now, with advancement and widespread integration of computing devices in modern cars, we are thinking about things differently," said M. Hadi Amini, an assistant professor at the Knight Foundation School of Computing and Information Sciences at FIU's College of Engineering and Computing.</p>
<p>Amini is an expert in developing machine learning, AI and optimization algorithms and tailoring them towards real world applications, including health care, homeland security and infrastructure resilience. He researches how to integrate AI into complex systems while considering cyber, physical and societal perspectives at the Sustainability, Optimization, and Learning for InterDependent networks laboratory (solid lab). Amini is leading the university's investigation of AI for the National Center for Transportation Cybersecurity and Resiliency, which is funded by the US Department of Transportation.</p>
<p>The potential of AI in vehicles is seemingly great—already, some drivers are using the technology to operate their vehicles semi-autonomously—but the technology also brings new challenges.</p>
<p>One of the key focuses is the storage of drivers' information. AI needs your data to make smarter decisions. So, Amini is looking into whether or not someone's personal information might be vulnerable if a car is hacked.</p>
<p> </p>
<p>According to the Federal Trade Commission, a car's electronic system might store:</p>
<ul>
<li>Phone contacts</li>
<li>Mobile app log-in information</li>
<li>Location data</li>
<li>Garage door codes</li>
</ul>
<p>So a major cybersecurity concern for the auto industry arises. If the central server of a network of cars gets hacked, would that mean every driver's personal information in that network is up for grabs? "Privacy is the first of many challenges we will face in applying classic AI algorithms to vehicles," Amini said. "Drivers of autonomous vehicles will want to use AI to help their cars perform better. The question is, how will drivers ensure that their data stays private while automakers use that data to improve vehicle performance? If we are able to implement AI in a responsible, privacy-preserving and secure way, then we might be able to have more control over these attacks."</p>
<p>The algorithms that power artificial intelligence are hungry for data, Amini explained. They become good at what they do by having a lot of examples to learn from. But all this learning must take place somewhere. It needs to be computed. This often happens at a centralized, high-powered server.</p>
<p>Amini is exploring a way to use AI without having to ask all the drivers in a network to share their data to a central location. He is researching a more decentralized form of AI which would not rely as much on one central server. Instead, many of the computing and learning responsibilities would be left up to individual cars. Cars would digest data on their own and come up with suggestions to improve their algorithms. These suggestions, which would not contain raw data, would then transmitted to servers that help improve the overall algorithm for all the devices in a network. The result: an AI network that is more difficult to steal personal information from.</p>
<p>Amini has been studying this form of AI and computing algorithms like it for about a decade. Today, this type of AI is best known as federated learning, a name that Google coined in 2016. This style of AI has the potential to not only protect drivers' privacy, but also enable more efficient and scalable computing with an increasing number of cars, Amini said. "In centralized machine learning, if we lose the power to the central server during an attack or a natural disaster, then the entire system will fail. But when we are operating in distributed machine learning, the rest of the system can operate and continue functioning for some time by relying on local data," Amini said.</p>
<p>While no computerized system is ever 100% secure, Amini added, the research into federated learning provides a promising pathway for automakers to capitalize on advances in AI while protecting the personal information of drivers and ensuring the secure operation of transportation systems against cyberattacks.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://techxplore.com/news/2023-08-self-driving-car-privacy-cyberhackers-age.html">https://techxplore.com/news/2023-08-self-driving-car-privacy-cyberhackers-age.html</a></p></div>Automobile Cyber Securityhttps://redskyalliance.org/automotive/automobile-cyber-security-12023-05-08T15:39:56.000Z2023-05-08T15:39:56.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11072914671,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11072914671,RESIZE_400x{{/staticFileLink}}" width="250" alt="11072914671?profile=RESIZE_400x" /></a>With hundreds of thousands of dollars on the line at the Pwn2Own Hacking Competition, a group of hackers from Synacktiv, an offensive security company, had quite the incentive to display the cybersecurity weaknesses of Tesla's Model 3. Tesla, a company famous for its lacking public relations but also for its technology, actually volunteered the Model 3 for this hacking test, in an effort to explore just how vulnerable modern cars are. And the short answer is that all cars, even Teslas, are generally vulnerable.</p>
<p>The team at Synacktiv was able to compromise the Model 3's infotainment through Bluetooth, ultimately gaining access to the top level of internal code. Everything besides the Autopilot system was available for hackers to disrupt remotely. This involuntary adjustment of lighting, maps, and music may seem diminutive for roadway safety, but it sets a dangerous precedent for the future of connected cars.<a href="#_ftn1">[1]</a></p>
<p><em><a href="{{#staticFileLink}}11072914499,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072914499,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072914499?profile=RESIZE_584x" /></a>Tesla full self-driving option</em></p>
<p>TESLA - Tesla's participation should be cautiously praised for furthering automotive cybersecurity prowess, though the company isn't exactly known for keeping its customers' data safe. A new privacy breach lawsuit against Tesla has illuminated a lack of virtual safety even from within, and consumers are starting to catch on to a new venue of cybersecurity considerations. Of course, cars aren't just a frame, an engine, and wheels anymore but rather a system of electrical systems.</p>
<p>But if other OEMs are at a similar risk of penetration, should consumers spend their waking hours worrying about the cybersecurity of their vehicles? Is their personal information safe? And will a compromised navigation system drive them into nearby bodies of water?</p>
<p>Dustin Childs, head of Threat Awareness, Zero Day Initiative at Trend Micro, says consumers shouldn't panic about these issues, mostly because they can't do much about it alone. However, Childs says cybersecurity is set to be a defining factor for the auto industry, as manufacturers develop new infotainment and tech features at a rapid pace.</p>
<p><em><a href="{{#staticFileLink}}11072915266,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072915266,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072915266?profile=RESIZE_584x" /></a>Navigation device</em></p>
<p>"In the next five to 10 years, we will see something big in automotive security that happens and hopefully it's just a big recall. It's more likely than not that something will happen very negatively when it comes to automotive technology," Childs tells Autoweek in an interview.</p>
<p>The systems at risk will vary by vehicle and the kind of threat, though a few key features are of particular interest to both sides of the cybersecurity spectrum. As most modern vehicles feature advanced driver-assistance systems and even some semi-autonomous capabilities, experts' worst fear is that bad actors will maliciously disrupt the movement of a vehicle.</p>
<p>This problem may be exacerbated by the slow shift away from hydraulically connected vehicle controls, as computer-operated drive-by-wire style controls could be more susceptible to remote attacks. The infiltration of navigation systems even poses a significant risk for stalking and targeted theft. Of course, your personal data and information are always at risk, and a connected vehicle provides yet another entry point.</p>
<p>Alternatively, there are some gray-area reasons for hacking into the infotainment of your vehicle. For example, Childs says subscription-based features like heated seats or certain screen functions could be easily jail-broken, allowing consumers to skirt monthly payments for already installed features. This could also allow for the integration of custom functions or displays from the infotainment screens, like those who stream videos from their Tesla.</p>
<p>In either case, these virtual intrusions pose a challenge for automakers, who are now tasked with creating a mechanically and technologically sound product. In order to build virtually secure vehicles, you need to understand how bad actors actually get in. And Childs says that Bluetooth, WiFi, and other external connections like charging ports are often to blame, given these systems are designed to connect with other devices. "Obviously, the systems need to talk to each other, but we need to make sure that it's the right systems giving the right messages, and there's not an opportunity for a threat actor to send the wrong messages and the wrong communications between the systems," Childs explains. "In a way, it's a bit like the Titanic, in that it was designed so that water could come in and then be stopped."</p>
<p><em><a href="{{#staticFileLink}}11072915092,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11072915092,RESIZE_584x{{/staticFileLink}}" width="500" alt="11072915092?profile=RESIZE_584x" /></a>2023 Cadillac Lyriq interior</em></p>
<p>Childs says these kinds of infiltrations are happening now, and it will likely only get worse as cars get more advanced. The National Highway Traffic Safety Administration concurs as it has already recorded 1.4 million vehicles impacted by a 2015 cybersecurity recall. Furthermore, the federal agency issued a 24-page memo on best practices for automotive cybersecurity, with a primary focus on the mitigation of safety-critical risks and containing intruders.</p>
<p>Even so, manufacturers continue to roll out new, personalized tech features, in order to stay competitive in a fierce market. For example, Hyundai's Ioniq 6 will feature a Metaverse connection while the Polestar 3 and Volvo EX90 boast internal electronics from Nvidia, Luminar, and Qualcomm. All of these features make up the selling points of these models, whether for safety reasons or modern social media connectivity, but they might also offer an entry point for hackers too.</p>
<p>In fairness to every automotive manufacturer, it's obvious that cybersecurity is massively important, with many automakers employing specific cybersecurity engineering teams. And it's not a problem with a clean, easy solution either, given the complexity and mystery factor of potential future attacks. Despite this, Childs says he doesn't want consumers to be driven away from technology by fear, because it's not a bustling dark market just yet. "Really, more than anything else, it's profitability. Right now, there's no money in taking out these cars," Childs says. "If there comes a time where a threat actor can really figure out how to monetize their research, even in a negative light, then it's much more likely to pop out."</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.autoweek.com/news/technology/a43554143/cybersecurity-auto-industry-hacking/">https://www.autoweek.com/news/technology/a43554143/cybersecurity-auto-industry-hacking/</a></p></div>Auto AI Security Technologyhttps://redskyalliance.org/automotive/auto-ai-security-technology2023-05-03T18:21:39.000Z2023-05-03T18:21:39.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11063084701,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11063084701,RESIZE_400x{{/staticFileLink}}" width="250" alt="11063084701?profile=RESIZE_400x" /></a>Auto dealers across the US are facing the highest vehicle theft rates in history and many are turning to AI security technology to stop these escalating attacks before more losses are incurred.</p>
<p>Auto theft is rising and nationwide surpassed one million stolen vehicles for the first time since 2008, according to statistics released by the National Insurance Crime Bureau (NICB) in March 2023. Parts were also pinpointed for black market resale: catalytic converter theft ticked up 1,200% over the last three years.</p>
<p>Thieves are becoming increasingly sophisticated and expanding their threat vectors. Now they are stealing cars through Controller Area Network (CAN) injection attacks, which inject code into headlights and target wiring for the auto’s electronic control units.<a href="#_ftn1">[1]</a></p>
<p>Liberty Buick-GMC in Matthews, NC is taking pro-active steps to protect open air-assets with iDter commercial AI security technology from KEYper Systems, who in partnership are using AI technology to deter unwanted intrusion on their property. iDter uses AI and 4K ultra-high resolution camera technology embedded in Niō Guardian nodes located around the property to detect intrusion and take immediate and programmable deterrence actions.</p>
<p>Liberty Buick-GMC, has 16 Niō Guardians installed around the outside of the dealership on buildings and light poles, along with a Niō Guardian to protect the KEYper key management solution inside the building. The owner said in one incident shortly after installation, unauthorized activity on the property was immediately confronted by the system and the person moved off the property, preventing possible theft or damage. “The combination of immediate detection and deterrence with live video monitoring provides a strong sense of security,” he said.</p>
<p>KEYper partnered with iDter last year in offering customers with the MX Electronic Key Management System its total intrusion deterrence and monitoring solution featuring Niō Guardians. The MX Key System provides key and asset management that leverages analytics, AI security technology and asset control.</p>
<p>Visibility is important to the dealership, who stays apprised of notifications of activity at the dealership and can access video footage remotely to see what is happening at night and on weekends. “Knowing what is occurring on the property has great value to me,” the owner said.</p>
<p><a href="{{#staticFileLink}}11063085273,RESIZE_400x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}11063085273,RESIZE_400x{{/staticFileLink}}" width="250" alt="11063085273?profile=RESIZE_400x" /></a>Niō Guardians are positioned around the protected premises to detect intrusion with a powerful high-resolution camera with wide-angle lens, multiple motion detectors, quad-core computer intelligence, omni-directional speakers, microphone and powerful LED lights for illumination and red/blue strobing. When a late-night intruder is detected, Niō activates an array of programmable deterrence measures, including instantaneous illumination of 10,000 lumens of multi-directional LED floodlights, blinding strobes of red and blue LEDs, piercing sirens, situation-appropriate voice-down warning messages and intimidating sound effects. During the early evening hours, Niō has welcoming messages explaining the dealership is closed: “Feel free to browse our inventory, we use lights and cameras for your safety and ours.”</p>
<p>Events are monitored in real time to ensure deterrence actions were successful, and if not, a video verified alarm is sent to a UL Listed, Five-Diamond Certified central station for dispatch of authorities through 911 operators.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securitysales.com/news/ai-security-technology-stops-auto-thefts/">https://www.securitysales.com/news/ai-security-technology-stops-auto-thefts/</a></p></div>Auto Dealers and Cyber Security June 2021https://redskyalliance.org/automotive/auto-dealers-and-cyber-security-june-20212021-06-03T13:18:27.000Z2021-06-03T13:18:27.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9029238069,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9029238069,RESIZE_400x{{/staticFileLink}}" width="250" alt="9029238069?profile=RESIZE_400x" /></a>Auto News recently published a cautionary article reporting, “Auto dealers are getting better at protecting their computer networks from cyberattacks, an information technology consultant who works with dealerships told me last week. They are investing in phishing training, a process that tests whether employees click on suspicious emails and trains those who do on proper security practices. More are carrying cyber insurance. They are talking to colleagues in industry peer groups about best practices. Just as dealerships have improved their defenses against hackers, the hackers have started using a different playbook.” </p>
<p>In the past, criminal hackers would deploy automated programs that would lock up files once someone clicked a malicious link or attachment in an email. Then antivirus software and firewalls improved and started blocking the malware. Hackers are smart and pivoted to new techniques. Today, when they gain access to networks, they embed malware into systems to figure out how systems are designed and create a malicious foundation for a cyber-attack <u>before</u> it is launched.<a href="#_ftn1">[1]</a></p>
<p>The attacks in question, often ransomware variants, can be devastating to a dealership. In the forefront is the Colonial Pipeline ransomware attack, which resulted in the ransom payment of USD $4.4 million. Auto dealerships are not immune. So have dealerships. A cyber security firm who specializes in supporting auto dealerships says, "we see credible, critical-level threats a few times a week." "The attackers have identified industries where they're not doing enough defense. And dealers are one of those."</p>
<p>New threat intelligence software can better detect hackers rooting around inside computer networks, but it's newer technology, and many dealerships aren't yet using it. Awareness to the severity of cyberattacks and what's at stake for dealers, including the possibility of having their operations shut down entirely, is a top priority. "Dealers have always struggled with readiness when it comes to cybersecurity. Dealers started doing more things, but now the game has changed substantially, and they are not ready," said the researcher. </p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice and very important, however, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. </p>
<p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p>Interested in a RedXray subscription to see what we can do for you? Sign up here: <a href="https://www.wapacklabs.com/RedXray">https://www.wapacklabs.com/RedXray</a> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.autonews.com/retail-technology/hackers-are-playing-new-rules-and-dealerships-defenses-arent-ready">https://www.autonews.com/retail-technology/hackers-are-playing-new-rules-and-dealerships-defenses-arent-ready</a></p></div>Auto Repair Shops and Cyberhttps://redskyalliance.org/automotive/auto-repair-shops-and-cyber2020-01-16T19:50:59.000Z2020-01-16T19:50:59.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3822631512,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3822631512,RESIZE_710x{{/staticFileLink}}" width="275" alt="3822631512?profile=RESIZE_710x" /></a>Independent auto repair owner in Massachusetts (MA) are carefully watching a 2020 state ballot issue, for auto manufacturers to fairly provide and share automotive digital data collected by new vehicles. Cynical legislators recently had many questions while hearing testimony on 13 January 2020 as they weighed cyber ramifications for them to create new related laws. </p>
<p>The auto shop owners are seeking an update to the 2012 MA “right-to-repair” law that was originally passed to make sure auto manufacturers provide the same diagnostic repair information available at a reasonable cost to both dealerships “and” independent mechanics. The lobby who then persuaded the state legislature to pass that statute more than seven years ago, is back pushing lawmakers to guarantee the law is expanded to cover data that is being collected and transmitted to manufacturers wirelessly, and thus potentially used to give car dealerships a significant competitive advantage. </p>
<p>The MA Joint Committee on Consumer Protection and Professional Licensure heard testimony on a variety of right-to-repair proposals, including the proposed ballot question that is now before the Legislature for consideration. Proponents of a new “right-to-repair” law say it is about protecting consumer choice, but auto manufacturers counter that independent shops already have access to all the information they need to repair vehicles, though manufacturer repair codes. Some are claiming that the exclusion of remote telematics was a previous concession made by repair shop owners during past negotiations. The Right to Repair Coalition, told the legislative committee that their group of more than 2,000 independent auto repairers want to make sure that technological advances in vehicles do not stifle consumers in their choice of where to have their vehicles repaired. The coalition said, “This is about mechanical information necessary to diagnose, repair and maintain a car.”</p>
<p>Some repair shop owners are struggling to fully explain just “how” access to the telematics data could help them in proper repairs. Some mechanics fear about how auto manufacturers might restrict access to data in the future. This would hurt their independent business. Asked by legislators for an example of how their business are directly impacted, and one mechanic told the committee the story of one customer whose OnStar system identified a “check engine” light and gave her the option of bringing the vehicle to one of two dealerships for repair. Some say, “it sounds like it’s a competitiveness issue more than a [just] repair codes.” The 2012 law already guarantees independent repair shops with access to the same repair diagnostic information (codes) as dealerships and at the same cost. Yet the law does not address the two-way wireless diagnostic information flow. </p>
<p>Auto manufacturers report that most modern vehicles collect volumes of data on how those vehicles are functioning and being driven; even recording a driver’s weight, where they drive and how fast. Some of this collected data is deleted immediately, while some is anonymized and used to give consumers real time info on traffic or to help manufacturers identify and issue safety recalls. A small amount of data is tied to an identifiable user and can be used for emergency responses (like OnStar type technology). Some experts say expanding access to telematics data would create a greater risk of personal data being exposed or vehicle telematics systems being hacked. This is the heart of the cyber security issue.</p>
<p>Late last year, Popular Mechanics published a report on hacking auto Rf technology. One such example is hacking your car’s key fob to gain entrance. Similar hacking techniques could be utilized to steal auto diagnostics and possibly your proprietary information. It's convenient to open your car door without having to dig around in your bag or pocket for the key fob. It is certainly a great marketing pitch for push-to-start cars, but it is also making life extremely easy for cyber criminals. As with so many “advances” in technology; there have been serious unintended consequences for newer cars. According to the FBI, auto theft hit an eight-year high in 2017, with 773,139 reported cases, up from an all-time low of 686,803 in 2014. That is occurring in conjunction with an increase in keyless ignition systems. In 2018, 62 percent of cars sold use keyless ignition as standard equipment, up from 11 percent in 2008. So why is it possible to pull off any kind of theft? Keyless ignition systems come with a fob that transmits a unique low-frequency signal to the car's computer system, which then validates the correct signal has been sent and allows you to push a button on the dashboard or console to unlock the doors and start the engine. Hackers can take advantage of this by using a cheap relay box to copy and transmit the signal from your key fob while it is still inside your home or in your pocket. This is called a relay attack, and it is very easy for hackers to execute as long as they have a “friend.” Here is how the relay attack works. Each person carries a relay box, which can be purchased for as little as $20 online. The boxes can pick up the radio frequency from a car key fob that is sitting on a table inside, hung up on a key rack, or even resting in a purse. The relay boxes allow one person to stand near the home to pick up and amplify the key fob signal and then transmit it to the second box, which the other person holds outside the door of a car. Once the key fob signal reaches the second box, it unlocks the door, as the car thinks you're holding your key fob nearby. Now the criminals just have to drive away without getting caught and then change the various locks. If you have any computer equipment, smart phones or other valuables inside – you now have real problems. </p>
<p>Can these type attack methods be used to steal your automobile information? Maybe, maybe not. Time will tell; if and how stealing automobile diagnostics occurs. Cyber laws and regulations are always 5-10 steps behind keeping pace with technology and bad hackers’ malicious intentions. The MA pending law addendum will be an example of lawmakers trying to keep up with technology. </p>
<p><strong>About Red Sky Alliance</strong></p>
<p>Red Sky Alliance is in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization and offer RedXray and RedXray-Plus for cyber analysis and protection. For questions, comments or direct assistance, please contact Red Sky directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p></div>