The car in the focus of hackers
Cars connected to the Internet can become the target of hackers - with potentially serious consequences. One comment.
Safety experts have already shown how they can remotely control the braking and power transmission system on a Jeep. Chrysler reacted immediately and delivered a software fix for 1.4 million vehicles after just a few days. Competitor GM was different: After the auto giant was alerted to a security flaw in its automotive software in 2010, exactly - nothing happened. For nearly half a decade, the OnStar on-board computer installed in millions of vehicles was vulnerable. Hackers could have tracked the vehicle, applied the brakes at high speed or shut it down completely - a real danger to road traffic.
Roland Messmer, Director EMEA of LogRhythm, commented:
"As Internet-enabled devices and vehicles become more widespread, they are increasingly the focus of professional hackers who see a lucrative market here. In the GM case, the car manufacturer should have ensured that the security vulnerability was closed immediately after it became known - because such vulnerabilities can endanger human lives. After all, this is not about the theft of credit card numbers or intellectual property!
In the wake of the new IT security law, GM should have reported this security gap - and that's a good thing. Other countries such as England have led the way and massively increased the level of security in companies through similar regulations. Therefore, with the introduction of the IT Security Act in Germany, we are looking forward to a very positive development, towards the rapid detection and defense against cyber attacks.
Many companies fear a loss of reputation as a result of the reporting obligation. However, this is more likely to happen if it becomes public that they, like GM, sit out known security gaps for several years, do nothing about them - and possibly expose customers to a real danger.
Roland Messmer's advice: It's no use ducking! Companies are better advised to recognize cyber attacks as a daily normality and to implement tools in good time with which they can detect an intrusion into their network at an early stage and immediately take countermeasures. Reactive defense systems such as firewalls and IPS/IPD alone cannot stand up to modern attacks. Only an overarching security intelligence system can capture and evaluate all sensor data, quickly detect attacks and actively defend against them immediately."
