Tag Archive for: Automotive

Ethical Hackers Hack into $1.323 Million Worth of Vulnerabilities at Automotive World

/in


VicOne, a leading provider of automotive cybersecurity solutions, hosted “Pwn2Own Automotive 2024”, its first ethical hacking event exclusively for the automotive sector, at Automotive World in Tokyo (January 24-26, 2024) to explore and address cybersecurity challenges in the automotive industry.

The event was dedicated to discovering and fixing digital security vulnerabilities of connected cars to protect the cybersecurity of vehicles. Specifically, 17 white hat hacker team and individuals from nine countries participated in a total of over 50 entries both remotely and on-site in four categories:

  • Tesla
  • In-Vehicle Infotainment (IVI)
  • EV Chargers
  • Operating System

The participants competed for cash and prizes worth US $1,323,750. A total of 49 unknown security vulnerabilities (zero-day vulnerabilities) were discovered by the participants over the three days. To win, participants had to take advantage of newly discovered vulnerabilities to attack target systems and devices and execute arbitrary instructions. The event was not only about prestige and competition between the best white hat hackers on the scene, but also about collaboration within the automotive industry and with external IT cybersecurity experts to make the entire industry safer.

VicOne’s parent company, global cybersecurity leader Trend Micro™, co-hosted the event through the Zero Day initiative™ (ZDI), the world’s largest vendor-agnostic bug bounty program. Electric vehicle manufacturer Tesla, as the main sponsor of the event, put its own products to the test including a modem, infotainment system, and Model Y vehicle. Individual hackers and hacking teams from countries including the USA, Vietnam, Japan, the UK, Hungary, the Netherlands, France, and Germany took part.

The winning team Synacktiv from France came away with a total profit of US $450,000, and now holds the title of “Master of Pwn.” With a total profit of US $177,500, the German fuzzware.io team took second place. The hackers from fuzzware.io targeted the Sony XAV-AX5500 and the Alpine Halo9 iLX-F509 in the In-Vehicle Infotainment (IVI) category, as well as the ChargePoint Home Flex, the Autel MaxiCharger AC Wallbox Commercial,…

Source…

The Hidden Security Risks Of Automotive Electronic Systems

/in


The Internet of things (IoT) is driving new capabilities that are transforming how we live, work and play. However, as our lives become more connected, the risk from hackers and other security breaches increases with every new IoT device. While most of us are pretty well versed in why we need to keep our most trusted devices secure – such as cell phones and laptops – we often don’t think about the connected intelligence that is now powering our cars. The truth is, these systems are ripe for security breaches. Just look at the Telsa Model 3, which is one of the most intelligent cars on the market. Back in March 2019, hackers targeted this car’s infotainment system and by using a JIT bug in the renderer, they were able to take control of the system. Granted, this was part of a hacking event so it posed no risks to the owner, but it did expose a gaping hole in the security of automotive electronic systems. If autos are going to continue to become more intelligent and connected to the world’s growing IoT infrastructure, this weakness must be addressed and solved.

Applications are driving the need for more security and safety

Automobile electronic systems are steadily becoming more intelligent. As the figure below illustrates, advanced electronic functionality is being added throughout the vehicle such as ADAS, Gateway, Power Train, Infotainment, V2V, and V2X. These new capabilities are driving the need for increased security and safety, particularly around the flash memory that has become a key component of these systems. Flash memory has been around for decades and it has evolved to now serve the automotive market. The problem, however, is that current embedded flash solutions pose significant security risks because they are based on legacy technology and architectures that don’t have the proper certification to guarantee both security and safety.

In automotive systems, safety and security are fundamental requirements to guarantee a tolerable level of risk, as defined by the ISO 26262 standard. These risks are managed by car manufacturers and subsystem providers, but with an increasing complexity of vehicle electronics, the functional safety is now also the…

Source…

China Automotive Cybersecurity Hardware Research Report 2022: OEMs Generally Adopt the Security Chip + HSM Strategy to Build their Cybersecurity Protection System – ResearchAndMarkets.com

/in


DUBLIN–()–The “China Automotive Cybersecurity Hardware Research Report, 2022” report has been added to ResearchAndMarkets.com’s offering.

Security chip and HSM that meet the national encryption standards will build the automotive cybersecurity hardware foundation for China.

OEMs generally adopt the security chip + HSM strategy to build their cybersecurity protection system.

At the core of cybersecurity hardware are security chip and hardware security module (HSM).

Security chip, or secure element (SE), is an integrated circuit that integrates cryptographic algorithms and features physical attack prevention design.

Hardware security module (HSM) is a computer device used to protect and manage the keys and sensitive data applied by the strong authentication system, and also provide related cryptographic operations. It is the basic support for automotive security solutions.

At present, most OEMs employ the security chip + HSM strategy to build an automotive cybersecurity protection system.

For example, in its automotive cybersecurity security system, NIO uses security chips and HSM to reinforce hardware and networks; in terms of secure communication, the HSM and certificate system featuring integrity, encryption, pseudonymization and anonymity is the basis for enabling data privacy protection. In addition, bug fixes over the air (OTA) are available in the case of emergency.

GAC completes the hardware security design and creates the four systems of border protection, automotive security, PKI certification & transmission, and security services, using security chip (SE) + HSM, and secure boot, trusted zone and encryption technologies. And at the vehicle end, GAC conducts in-depth research on vehicle inside and outside multi-node security protections, such as Linux OS for T BOX 4G module, Android OS for vehicle head unit, QNX OS for gateway and MCU, and communication interaction, aiming to establish an in-depth protection system for in-vehicle security.

Homemade SE chips are mass-produced and applied in vehicles.

As the US passed CHIPS Act, the localization of semiconductors in China assumes greater urgency. More chip equipment, materials and…

Source…

Automotive Cyber Security Market Is Estimated To Expand At

/in


Automotive Cyber Security Market

Automotive Cyber Security Market

Automotive Cyber Security Market overview

By 2028, the Automotive Cyber Security Market is estimated to be worth USD 8.94 billion, recording a CAGR of 18.56% during the predicted period (2021 – 2028). The market was valued at a rate of USD 2.16 billion in 2020. The choices, preferences and desires of drivers are rapidly changing. Consumers are now expecting personalized experiences, so the vehicle industry is adapting the technique to meet those demands. More software results from increased personalization and connectedness, which means more vulnerability.

Connected vehicles can function similarly to smartphones and smart appliances. The sharing of internet and wireless network access with other vehicles and external equipment can send and receive data. New and advanced software is already providing greater features and capabilities to fulfill the needs and expectations of drivers. In such cases, automobile cybersecurity is serious, and it should be a part of the design process.

The factors that are estimated to drive the growth of the automotive cybersecurity market are an increase in the need for automotive cybersecurity, government initiatives for implementing connected car technology, and mandatory cybersecurity standards. However, the increase in the development of common podiums is leading to high risks, and the challenge is making the applications secure, which restrains the market growth. However, improving vehicle security using adaptive security and increasing the complexity of cars’ electronic systems are estimated to offer profitable growth opportunities for the market players.

Request Free Sample of Report @ https://www.marketresearchfuture.com/sample_request/2970

The outbreak of covid-19 forced governments across the globe to impose strict lockdowns and made social distancing mandatory to stop the virus from spreading. This resulted in a drop of demand for new vehicles significantly. However, the automotive industry also had a slow production rate; there was a reduction in the supply of raw materials and breakage in the supply chains globally. The losses observed by the automotive sector have affected the…

Source…