Industry News

Car Makers Urged to Sign Security Manifesto against Hacking

Automobile manufacturers could deter hackers from hijacking cars by following a five-principle manifesto, according to I Am The Cavalry, as quoted by The Register. The security pressure group wrote an open letter to car makers, urging them to increase their products’ security.

“Modern vehicles are computers on wheels and are increasingly connected and controlled by software and embedded devices,” I am the Cavalry co-founder Josh Corman said.

“New technology introduces new classes of accidents and adversaries that must be anticipated and addressed proactively,” he said. “Malicious attackers, software flaws, and privacy concerns are the potential unintended consequences of computer technologies driving this latest round of innovation.” 

Car Makers Urged to Sign Security Manifesto against HackingInnovative but hackable car technologies include vehicle-to-vehicle communication, driverless functions, automated traffic flow and parking assist, collision avoidance, and remote control functions such as stolen vehicle shutdown and remote emergency response.

The pressure group asked auto makers to sign up to a Five Star Automotive Cyber Safety Program, which includes:

1. Safety by Design (producers should have a secure software development lifecycle, summarizing the cars’ design, development, and adversarial resilience testing programs).

2. Third-Party Collaboration (car makers should admit they are not flawless, implement a disclosure policy, and invite security researchers to contribute).

3. Evidence Capture (learn from mistakes; safety investigations based on tamper evident, forensically sound logging and evidence capture).

4. Security Updates (promptly address new safety issues).

5. Segmentation & Isolation (non-critical systems such as entertainment shouldn’t affect critical/physical systems such as braking).

Automotive CEOs can support the safety program by signing the petition within the next 90 days. The Cavalry open letter was presented at last week’s Defcon hacker convention in Las Vegas.

I am The Cavalry is a grassroots organization focused on issues where computer security intersects with public safety, in the areas of medical devices, automobiles, home electronics and public infrastructure.

Bitdefender has written about car security issues as early as 2011. Two years later, hackers thought of publishing a how-to guide for taking over Toyota Prius and Ford Escape.

Car hacking was also recently documented at the BlackHat conference in a paper titled “A Survey of Remote Automotive Attack Surfaces.” According to The Register, Twitter security expert Charlie Miller and IOActive’s director of security intelligence, Chris Valasek, concluded that the hacking process is difficult and depends on the car model.

About the author


Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.