Are There Cybersecurity Risks in Over-the-Air Tech Used in Autos? (cnbc.com) 13
CNBC reports:
The automotive industry's increasing use of over-the-air technology to update vehicle systems makes it more susceptible to cyberattacks, analysts say, urging more intervention in the sector... Its use represents "a unique national security concern," Gabriel Lim, senior analyst at the S. Rajaratnam School of International Studies in Singapore, told CNBC. "Aside from data privacy concerns, the potential of a foreign actor sabotaging the controls of a moving vehicle is a possibility that countries like Norway, Denmark, and Britain have expressed concerns about," Lim added.
In May, the American Enterprise Institute warned that safeguarding the automotive sector was crucial to limit foreign governments' espionage capabilities. "To protect against foreign espionage threats, the US should consider additional security reviews, implement restrictions on certain foreign-made hardware and software in vehicles, and mandate increased data-collection disclosures," the report said. The concerns come as real-life tests reveal vulnerabilities. Late last year, Norwegian bus company Ruter conducted tests on two buses and found that one had potential risks linked to OTA technology. "There is access to the control system for battery and power supply via mobile network through a Romanian SIM card. In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer," the company said. The investigation by Ruter then sparked the U.K. and Denmark to conduct their own investigations...
While these investigations were conducted on buses made by Chinese firm Yutong, [Siraj Ahmed Shaikh, systems security professor at the UK's Swansea University] said the issue goes beyond one manufacturer or country, as the technology becomes more pervasive. "Other sectors adopting OTA include other transport modes [such as] maritime and rail, aerospace (particularly drones), industrial machinery and robotics," he said.
In May, the American Enterprise Institute warned that safeguarding the automotive sector was crucial to limit foreign governments' espionage capabilities. "To protect against foreign espionage threats, the US should consider additional security reviews, implement restrictions on certain foreign-made hardware and software in vehicles, and mandate increased data-collection disclosures," the report said. The concerns come as real-life tests reveal vulnerabilities. Late last year, Norwegian bus company Ruter conducted tests on two buses and found that one had potential risks linked to OTA technology. "There is access to the control system for battery and power supply via mobile network through a Romanian SIM card. In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer," the company said. The investigation by Ruter then sparked the U.K. and Denmark to conduct their own investigations...
While these investigations were conducted on buses made by Chinese firm Yutong, [Siraj Ahmed Shaikh, systems security professor at the UK's Swansea University] said the issue goes beyond one manufacturer or country, as the technology becomes more pervasive. "Other sectors adopting OTA include other transport modes [such as] maritime and rail, aerospace (particularly drones), industrial machinery and robotics," he said.