Back to Anatol's Profile

T-Systems Podcast - Car Hacking

0:00
0:00
Voice Over • Podcasting
1731

Description

A podcast style VO for T-Systems, whom operate under the German \"Telekom\".

Original Source Posted:
(Website hidden)

Vocal Characteristics

Language

English (North American)

Voice Age

Middle Aged (35-54)

Accents

North American, US General American (GenAm), US Mid-Atlantic

Transcript

Note: Transcripts are generated using speech recognition software and may contain errors.
systems put cost putting the brakes on car hacking By YVONNE Nesler For a long time, cars remained one of the last bastions of analog living. Not anymore, though. Today's cars Air four wheels computers with Internet access, and that makes them targets for hackers. The automotive industry has spotted the threat and is strengthening its products against cyberattacks. Theo Jast Pedal didn't STOP working until Andy Greenberg got on the highway, swearing the wire journalist punched the Flashers as his Jeep Cherokee shed speed and other cars roared past him. He was helpless. His car had been hacked. His two tormentors, Charlie Miller and Chris Valasek, crashed over a laptop 10 miles away. They had taken control of the jeep. First, the radio blared hip hop. Then wiper fluid covered the windshield in a blurry film. And now Greenberg could no longer accelerate Onley after he turned the ignition off and then on again, did the nightmare finally end? Even though this was an experiment and Greenberg had been forewarned, the stunt caused quite a stir worldwide. In July of 2015 it had for the first time revealed the dark side of connected cars without adequate protection they're vulnerable to remote hacking and hijacking. In the past, hackers would have to fall of off a music CD with viruses onto motorists or stay within a few meters in order to break in over an insecure Bluetooth connection. Today, however, many cars come standard with Internet access that can act as a back door for cybercriminals. In 2015 that included 1/3 of all new cars, according to Roland Bunga, a consultancy. However, few drivers realize they're sitting behind the wheel of a mobile data center. A modern car bristles with over 100 small computers in the form of electronic control units or PC use motives of plenty. Various things can motivate a cyber attack. One criminal may want to steal a car without having to break open doors or windows. Another may want to hijack a car SIM card to surf the Internet for free, and 1/3 may hold vehicles hostage remotely immobilizing certain car models until the manufacturer pays a ransom. Even intelligence services have begun scoping out cars. Wiki leaks Ah, whistle blowing platform published a document in early March of 2017 indicating that the C. I A considered infecting cars and trucks in October of 2014. Perhaps it was to track the locations of targets or eavesdrop on conversations in cars in his Connected Car study of 2015 PWC, a consulting firm, notes. Most troubling of all is the possibility that terrorists could hack into autonomous driving systems and cause accidents that kill a targeted individual or large numbers of people. Cyber calamities like thes air still just theoretical. Most car vulnerabilities have been exploited by white or gray hat hackers in the name of improving technology or building a reputation. Nevertheless, personal safety is now inextricably bound up with cybersecurity. Seeing the big picture. The message isn't lost on the automotive industry, which is already strengthening its bulwarks against cybercrime, PwC warns. When industry executives think about information security, they usually focus on in car systems as the point of vulnerability. But threats extend well beyond the dashboard interface. The also encompass automotive cellular links as well as back end systems operated by manufacturers and third party service providers. That's why T Systems is developing security solutions for the entire I T and telecommunications infrastructure for connected cars and has started implementing solutions with major carmakers. Thomas Fisher from T Systems said the key to end to end security and privacy is to design it into new car models, components and software right from the start. That goes not only for oh yea EMS, but for Tier One and Tier two suppliers to these efforts can ******* the perimeter. But hackers who break through can still hunt for vulnerabilities once they're in the cars network. Hence the need to establish a second line of defense beyond the perimeter intrusion detection systems that act as guard dogs and sound an alarm if in attack is launched. Digital guard dog in the Car T Systems has developed just such a solution. Called S locks or embedded security locks, this digital bloodhound sits in the gateway between the vehicle buses here at the heart of the cars electrical system. It checks all messages for anomalies such a setting an airbag to deploy it full speed. Once it finds one. It takes an action that T Systems and the carmaker have defined in advance, for example, warning the driver or disabling hijacked functions anomalies Air reported to a back end system that analyzes the data with modern machine learning algorithms. The findings are shared with the systems in all the vehicles. T systems second guard dog watches over car, cellular communications, Christian old from T System says. Additionally, securing the cellular interface between vehicles and vehicle back ends is an important part of any end to end security solution. Cellular connections are ripe targets for criminal specializing in fraud attacks, illegally piggybacking on an automobile sim card to call phone numbers. Not normally access by connected cars. These incidents are a big red flag. Cars don't have a phone dialing pad after all, so someone must have tampered with the system to head off the threat. T Systems is currently working on a fraud detection solution for vehicles security for blabber mouths. The security experts first identify vulnerabilities for each car maker and find ways to detect corresponding exploits. T systems then modifies its solution accordingly. The fraud detection system scans the vehicles communications data for events that qualify as unusual based on pre defined rules. If an automobile calls an unknown phone number, for example, a notification is automatically sent to the manufacturer. The incident also appears on an online portal. At the same time, giving the Manufacturers Service technician all the information he or she needs to select the right countermeasure. That could include alerting the car owner, blocking the SIM card or taking legal action. For example, the Deutsche Telekom security team, working closely with the manufacturer and Deutsche Telekom's data protection department, determines what data the automotive companies are legally allowed to use in this fraud detection. As a service package connected cars or blabber mouths, they talk to back end systems, other vehicles, smart homes, traffic infrastructure, content providers, smartphones and tablets. Not to mention all the communications between EEC use inside the vehicle. This list gets longer every day to especially a smart, charging infrastructure is built for electric vehicles. Much of this communication is critical, and so it has to be encrypted, and the communicators have to be authenticated. That requires a digital identity for the car. Or, to be more precise, it's easy use. This identity consists of two mathematically related keys, one public and the other private. If a back end system wants to send data to a car, it uses its private key to generate a digital signature. Essentially, it's I D that the car can validate with the back end systems public key that guarantees that the date of really came from a trusted source and not from a hacker. Quantum COMPUTERS Tomorrow's threat. This approach gives hackers two points of attack. One. The mathematical relationship between the keys. If Attackers know how the keys air related, they can generate the private key from its public counterpart. To prevent this, the automotive industry has to keep a close eye on current technology developments and try to anticipate future cyberattacks in a market that has 3 to 5 year development cycles and vehicle service lives of 15 to 30 years. A daunting challenge. To be sure, it will get even more daunting, though once quantum computers arrive, these new supercomputers can crack previously impervious cryptographic schemes such as Arcee and elliptical curves to counterfeit keys. Luckily, carmakers, Public key Infrastructure, or PK I protects drivers from these kinds of attacks. The auto manufacturer uses its own digital identity to validate the vehicle's public keys. Can I trust you? An entirely new challenge arises when vehicles talk to traffic lights, railroad crossing gates and other makes of cars. To do that, the communicators have to agree on a shared vendor Independent Trust center toe authenticate their digital identities so they can communicate securely. Mark Gross A from data Khan says Deutsche Telekom has had a trust center accredited by the German Federal Network Agency since 1994. It's where we operate public key infrastructures for customers such as manufacturers, government agencies and state governments. According to Gartner Inc. The production of new automobiles equipped with data connectivity either through a built in communications module or by a tether to a mobile device, is forecast to increase to 61 million in 2000 and 20. The automotive industry has already made I T Security a top priority. Among other things, it has launched initiatives such as autos Are and DaVita to develop standards for E. C. U software and secure electrical systems, and started paying bug bounties for reports of security vulnerabilities, systems podcast