The FBI this week warned carmakers and owners that they need to pay much closer attention to automotive cybersecurity.
The National Highway Transportation Safety joined with the FBI in warning consumer that the increasing number of computers in the form of electronic control units (ECUs) that control numerous vehicle functions from steering, braking, and acceleration, to the lights and windshield wipers make them vulnerable to potential cybersecurity problems.
+更多网络世界:有个足球雷竞技appWorld’s coolest concept cars+
“A wide range of vehicle components also have wireless capability: from keyless entry, ignition control, and tire pressure monitoring, to diagnostic, navigation [GPS], [wireless hot spots, Bluetooth] and entertainment systems. While manufacturers attempt to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, these new connections to the vehicle architecture provide portals through which adversaries may be able to remotely attack the vehicle controls and systems. Third-party devices connected to the vehicle, for example through the diagnostics port, could also introduce vulnerabilities by providing connectivity where it did not exist previously,” the FBI stated.
联邦调查局指出一些漏洞最近几个月宣传并解决了,但“消费者和制造商必须了解可能的威胁以及攻击者在未来可能会如何寻求远程利用漏洞的可能威胁。第三方与互联网或蜂窝访问插入诊断端口的第三方售后市场也可以引入无线漏洞,“FBI陈述。
汽车黑客肯定是进入许多专家和一些政治家的网络安全屏幕。美国参议员Edward Markey(D-Mass)监督的报告说,去年表示,有一个“明确缺乏适当的安全措施,以保护驱动程序对抗可能能够控制车辆或者可能希望收集的人的士兵并使用个人驾驶信息。“
+更多网络世界:有个足球雷竞技appWhat advanced tech will dominate your car by 2025? IBM knows+
That report referenced a segment on CBS News' "60 Minutes" that detailed how easily cars can be hacked and how many automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not have ways to secure such data.
“跟踪和黑客攻击” report also noted that inJanuary 2015 BMW had to fix a security flawthat could have allowed up to 2.2 million vehicles with the automaker’s ConnectedDrive to have their doors remotely opened by hackers.
“司机已经依靠这些新技术,但遗憾的是汽车制造商没有完成保护我们免受网络攻击或隐私入侵的影响。即使我们比以往任何时候都比以往任何时候都更加联系,我们的技术系统和数据安全性仍然很大程度上是无保护的,“陈述的商业,科学和运输委员会成员参议员马略说。马基的目标是通过国家公路交通安全管理和联邦贸易委员会等设定汽车和汽车业主的数据,安全和隐私标准。
Markey’s study detailed a number of disconcerting trends including:
- 市场上的近100%的车辆包括可能对黑客或隐私入侵构成脆弱性的无线技术。
- 大多数汽车制造商都没有意识到或无法报告过去的黑客事件。
- Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.
- 只有两个汽车制造商能够描述任何能力,可以实时诊断或有意义地响应渗透,并且大多数人表示他们依赖于不能用于此目的的技术。
- Automobile manufacturers collect large amounts of data on driving history and vehicle performance.
- 大多数汽车制造商提供了将驾驶历史信息收集和无线传输到数据中心的技术,包括第三方数据中心,并且大多数都没有描述保护信息的有效手段。雷竞技电脑网站
The FBI meanwhile listed a number of things consumers can do to help minimize cybersecurity risks, including:
- 如果您有更新的汽车,请确保车辆软件是最新的。如果制造商发布了一个通知软件更新可用的通知,则消费者采取适当的步骤以验证通知的真实性并采取行动以确保车辆系统最新。作为谨慎的说明,如果制造商定期为在线提供的车辆进行软件更新,则犯罪分子可能会利用此送货方式。避免从第三方网站或文件共享平台下载软件。
- Be careful when making any modifications to vehicle software. Making unauthorized modifications to vehicle software may not only impact the normal operation of your vehicle, but it may introduce new vulnerabilities that could be exploited by an attacker. Such modifications may also impact the way in which authorized software updates can be installed on the vehicle.
- Maintain awareness and exercise discretion when connecting third-party devices to your vehicle. All modern vehicles feature a standardized diagnostics port, OBD-II, which provides some level of connectivity to the in-vehicle communication networks. This port is typically accessed by vehicle maintenance technicians, using publicly available diagnostic tools, to assess the status of various vehicle systems, as well as to test emissions performance. More recently, there has been a significant increase in the availability of third-party devices that can be plugged directly into the diagnostic port.
- 请注意谁有物理访问您的车辆。与您不会让您的个人计算机或智能手机解锁,在不安全的位置或与您不信任的人的人中,或者与您不相信的人的方式相同,您认为对那些可以访问您车辆的人非常重要。
- 联系the National Highway Traffic Safety Administration and FBI. In addition to contacting the manufacturer or authorized dealer, please report suspected hacking attempts and perceived anomalous vehicle behavior that could result in safety concerns tonhtsa.和/或我nternet Crime Complaint Center(IC3).
查看这些其他热门故事:
DARPA: Show us how to weaponize benign technologies
Boeing’s self-cleaning aircraft bathroom lets you use loo without touching anything (mostly)
DARPA moves ahead with radical vertical takeoff aircraft
US Marshals warn of ongoing nationwide telephone scam
联邦调查局在数据中心合并节省中找到了28亿美元 - 雷竞技电脑网站看门狗说可以做得更好
Energy Dept. sets 9 finalists for $2.25M wave energy prize
Facebook.cyberstalker gets 10 years in slammer