Senator Markey’s report raises valid concerns about the status of automotive security today and we are proud that our senator has highlighted this issue, continuing a long history Massachusetts technology leadership.
Wilmington, MA (PRWEB) February 12, 2015
Security Innovation, a pioneer in software and automotive security, today announced their endorsement of a report issued by Senator Edward J. Markey (D-Massachusetts) that highlights potential risks of automotive communications. Security Innovation sees the February 2015 report, “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk.”
However, the security consultancy emphasizes that the auto industry has already started investing in security improvements for future vehicles and are addressing the challenges of securing cars already on the road. Much of this work is being done on the car maker’s behalf by Tier 1 and other companies in the complex automotive supply chain.
“Senator Markey’s report raises valid concerns about the status of automotive security today and we are proud that our senator has highlighted this issue, continuing a long history of Massachusetts technology leadership,” says Pete Samson, senior vice president and general manager of the Embedded Security Business Unit at Security Innovation. “Although there is never a good time to publish information that may scare consumers or empower hackers, the problem of connected vehicle security has been a gathering storm, and wider recognition has become inevitable.”
“We would add to Senator Markey’s recommendations to NHTSA by stressing the importance of training software developers to architect and write more secure systems,” Samson added. “Most developers learn code efficiency and performance optimization, but relatively few understand or apply the principles of secure coding. The need to train developers, architects and QA people is not just confined to the automotive industry; it extends to any software that would be installed in, or interact with a vehicle.”
Security Innovation chief scientist, William Whyte is the technical editor of the IEEE 1609.2 standard, which specifies how security should be handled in Vehicle-to-Vehicle (V2V) communications. This standard, as implemented in Security Innovation’s Aerolink solution, is being adopted by a number of manufacturers including Delphi Automotive, which has selected Aerolink for General Motor’s launch of V2V communications on select 2017 Cadillac models.
Senator Markey’s report details that most cars and trucks are vulnerable to hacking through wireless technologies, which could impact driver privacy and safety.
“As vehicles become increasingly connected to the internet, the potential for remote hacks leading to loss of privacy and even loss of life becomes all too real,” Samson continued. “The key to acceptance and successful adoption of a connected vehicle is trust in the system to provide security and to ensure privacy. There is much work to do, but we are encouraged by how seriously the ecosystem is addressing this existential threat to the automotive industry.”
Security Innovation has worked closely with the US Department of Transportation, along with the global automakers and their major suppliers to help design and implement a system that ensures that all V2V messages are secure and the identity of a specific vehicle or driver is protected.
Security Innovation’s Automotive Center of Excellence (ACE) Labs provide the automotive industry with advanced cybersecurity knowledge to help them reduce the risks inherent in connected vehicles. ACE Lab specialists help identify secure development lifecycle gaps, review code, perform penetration tests, create threat models and develop secure coding training curricula.
US DOT research indicates that safety applications using V2V technology can reduce the majority of crashes, with survivability improvements expected to be even greater than from the introduction of seatbelts. When widely deployed, secure vehicle communications could prevent 80% of unimpaired driver accidents. Despite this, recent news coverage includes that of a remote hack by the Defense Advanced Research Projects Agency (DARPA) on a 2014 model year car and recently published research of hacks on Progressive’s Snapshot and ZUBIE, both OBD-II devices, potentially impacting more than two million cars. It is important to note that these hacks were not related to V2V equipment, which has been the first automotive technology where security and privacy were design imperatives from the start.
“Although interesting, recent reports provide few details on how the hacks were performed, leaving uncertainty about the potential threat. While it is clear that it is possible to hack a car remotely, it is not yet understood whether this threat is feasible on a large scale. But one thing we have learned over the years is that if it can be done, it will be done. Our job is to make it as difficult as possible,” Samson added.
A 2014 DOT safety pilot program concluded that V2V standards and technologies are mature enough to work in full-scale production. Security Innovation's Aerolink™ secure communications product was a key element in this success and the most widely recognized implementation of connected car standards in the US and Europe.
Information regarding Aerolink secure high speed communications solution http://bit.ly/1egpgpa
Security Innovation, Key Contributor to Privacy Standards for Vehicle-to-Vehicle Communications, Applauds U.S. DOT Decision to Move Forward with "Talking Cars" Program
Dr. William Whyte, Chief Scientist, co-authored wireless protocol (IEEE 1609.2) and chairs security sub-committee for secure vehicle communications
Security Innovation’s Aerolink software to secure Cadillac vehicle-to-vehicle communications
Teaming with NXP Semiconductors and Cohda Wireless to provide security software for Delphi Automotive and General Motors, the first–to-market for wireless communication
Aerolink is the industry-leading implementation of high speed communications security for connected vehicles based on the IEEE 1609.2 and ETSI TS 103 097 standards. Aerolink provides high-speed security in a flexible software architecture, which is easily adapted and integrated to any chipset or operating system. Aerolink’s well-documented code, full SDK, detailed logging support, and complete suite of certificate management protocols allows developers to easily assimilate the product into any desired platform. First deployed in 2007, Aerolink has been continually evolving in parallel with the evolving standards, to remain the most up-to-date implementation of message authentication and user privacy for the Connected Vehicle system.
About Security Innovation
A software security pioneer since 2002, Security Innovation is dedicated to protecting sensitive data in the world’s most challenging environments – whether on embedded systems, desktops, web applications, mobile devices, or in the cloud. Recognizing that software applications no longer exist in isolation, our clients are better prepared to anticipate, navigate and reduce software security risk regardless of technology or system complexity. There are more than a million licenses of Security Innovation’s eLearning products in use today and our embedded security products ship on tens of millions of systems each year. The company is privately held and is headquartered in Wilmington, MA USA. Visit the company at http://www.securityinnovation.com or follow on Twitter @SecInnovation.
More information, press only:
Tamarie Ellis, Kesselring Communications for Security Innovation
Leslie Kesselring, Kesselring Communications for Security Innovation