Cybersecurity for embedded systems has come onto the limelight
in recent years. The connected systems in vehicles have pulled this as a
primary focus. If these systems are compromised, no one is safe on or near the
roadways. With the emphasis on this, a bit of history is warranted. Without a
quick baseline of where we began, the present trajectory does not mean as much
to us. Just over four years ago, there was an astounding event. About this same
time, the infamous Jeep hack occurred. This was a well-financed, researched
endeavor. There was another interesting event involving ingenuity and the cost
of two movie tickets.
Curiosity Pushing
Creativeness or Ingenuity is the Mother of Invention
In 2015, a 14-year-old boy decided to fiddle around with a
vehicle’s embedded system. The creative mind thought through the attack and figured
it would be a great way to spend his time. A person, generally, is not able to
simply walk up to a vehicle and miraculously hack it. There has to be some form
of research to even attempt this. The young researcher when to the local (at
the time) Radio Shack and purchased $15 of electronics. The equipment was
openly available to anyone with the money and did not require anything
special. He was able to use this to unlock and start a connected vehicle. The
target vehicle was not manufactured by a new, small automaker with little
experience, however, just the opposite.
What makes this
significant?
There has been many different vehicle attacks and compromises
published over the years. These vary from the basic to the attacks requiring
multiple steps and everything to line up perfectly. This particular attack was
different. This shifted the attack theory. The industry easily could be caught
up in applying technology. They have to purchase the newest equipment and use
this wherever possible to highlight the capabilities for the investors and
industry. The “look at what we can do” is warranted in certain environments.
This works to advance technology and capabilities in pertinent circumstances.
This sounds wonderful, however, certain parties become wrapped up in equating
the expense with testing and cybersecurity. Dependent on the circumstances, it
may be acceptable to spend $200-$300 on equipment to create a new testing
device, instead of $3,500 for something which may or may not work well given
your use. With this, your business may distinctly not spend a mass amount, if
the business does not need to. As with independent labs and testing facilities,
the real focus should be the mission-to independently test the products using
what is needed. A successful test and attack are based on the results, not
necessarily the amount spent on the equipment. It is notable with certain tests;
high end equipment is required. This is however not the case with all the
circumstances. At time simple ingenuity is more pertinent.
Resources
Bigelow, P. (2015, February 15). A 14-year-old hacker caught
the auto industry by surprise. Retrieved from https://www.autoblog.com/2015/02/18/14-year-old-hacker-caught-industry-by-surprise-featured/
King, L. (2015, February 23). 14-year-old hacks connected
cars with pocket money. Retrieved from https://www.forbes.com/sites/leaking/2015/02/23/14-year-old-hacks-connected-cars-with-pocket-money/#69286a702f81
Lavrinc, D. (2015, February 15). How a 14-year-old hacked a
car with $15 worth of radio shack parts. Retrieved from https://jalopnik.com/how-a-14-year-old-hacked-a-car-with-15worth-of-radio-1686620075
Mearian, L. (2015, February 20). With $15 in radio shack
parts, 14-year-old hacks car. Retrieved from https://www.computerworld.com/article/2886830/with-15-in-radio-shack-parts-14-year-old-hacks-a-car.html
Vijay. (2015, February 20). 14 year old hacks car with
homespun kit with circuits bought from radio shack. Retrieved from https://www.techworm.net/2015/02/14-year-old-hacks-car-with-homespun-kit-with-circuits-bought-from-radio-shack.html
No comments:
Post a Comment