HouseCall for Home Networks
Noticed any strange devices connected to your Wi-Fi?
Scan connected devices in your home network for security risks
Scan connected devices for security risksLearn more
Trend Micro participated in the 2019 edition of Connected & Autonomous Vehicles, which was co-located with Internet of Things World. At the event — held from May 14 to 16 in Santa Clara, California, with more than 300 exhibiting companies and over 12,500 visitors — Trend Micro highlighted the security risks of connected cars.Attack Vectors of Connected Cars
Spencer Hsieh, a security researcher at Trend Micro, talked about the security risks of connected cars. He discussed the kinds of devices that are susceptible to cyberattacks. He emphasized that devices can be targeted by attackers if they are remotely accessible and have access to the Controller Area Network (CAN) bus, which is used as the internal network that allows different electronic components to communicate with one another within a car. In his presentation, titled “Security Risks of Connected Cars: Exploring the Attack Surface of Connected Cars and How to Stop Attacks,” he identified in-vehicle infotainment (IVI) systems and on-board diagnostics (OBD-II) dongles as the most vulnerable devices, and showed how they can be hacked.
Spencer Hsieh, a security researcher at Trend Micro, presenting “Security Risks of Connected Cars: Exploring the Attack Surface of Connected Cars and How to Stop Attacks”Hacking an In-Vehicle Infotainment (IVI) System
A modern IVI system is the central hub for connected cars: It provides various kinds of connecting technologies such as Bluetooth, Wi-Fi, and 3G/4G cellular networks, allowing cars to connect with outside networks. Its network-connecting abilities make an IVI system accessible remotely and thus a potential target for hackers.
Trend Micro’s demonstration showed how to hack an IVI system with the following scenario:
Designed for self-diagnosis of vehicle problems, OBD-II allows vehicle owners or technicians to access the status of and assess issues with vehicles. Some OBD-II devices can function as Wi-Fi hotspots for their 3G/4G networks, and some vendors use OBD-II and Bluetooth to provide devices that can allow users to check and even adjust their vehicles through their smartphones. The abilities to access the CAN bus and communicate wirelessly with other devices or access the internet expose these OBD-II devices to security risks.
Trend Micro’s demonstration showed how an OBD-II dongle can be hacked with the following scenario:
For more information about Smart Car Related News from Trend Micro: https://www.trendmicro.com/us/iot-security/search/tag/keyword/Smart CarSecurity Recommendations
IVI systems and OBD-II dongles both have wireless connecting capabilities and have access to the CAN bus. These two characteristics introduce security risks that can allow attackers to remotely control hardware components in a connected car. To address the security issues, vendors must be aware of these risks and dedicate more resources to securing their products, considering the following:
For more information about IoT Security Solutions for Automotive: https://www.trendmicro.com/us/iot-security/Solutions?h=All&v=Automotive