Sign & Help to Improve Automotive Security

A group of security professionals have formed “The Cavalry“: dedicated to improving collaboration between the cyber security and automotive industries.

Because what if things like adaptive cruise control, electronic braking and stolen vehicle recovery technology could be used nefariously? What if all Toyotas in Canada were instructed to go left next Tuesday at 1pm? Like that.

Specifically, they’re proposing a Five Star Automotive Cyber Safety Program:

1 – Safety by Design
2 – Third-Party Collaboration
3 – Evidence Capture
4 – Security Updates
5 – Segmentation & Isolation

Why I signed: 

Sign it too, here.

Non-security nerds: I know this stuff can seem shadowy and strange, with a name like “The Cavalry” and a blank profile pic, but in this particular case it’s okay, I know one of the guys in real life; I signed with my real name, not Blog.

 

 

Join an Industry with a 100% Employment Rate

Online security.

There’s 1 day left of SecTor, Canada’s premiere security conference.

That blog title is not dramatic, it’s like 98%. Makes sense, look how fast we adopted the internet of everything, that’s currently pretty vulnerable and held together with popsicle sticks, a nightmare is coming, one day you’ll tell your grandchildren of a time when people’s password was password, tada! You have a job for life.

I went straight for the car hacking stuff.

What to do while there

Check out the Keynote while eating lunch, and making friends.

Sit in on a talk, which looks like this.

That’s Christopher Pogue of Nuix, talking about cybercrime and forensics. He made a good point: if the 3rd parties and vendors connecting to your network aren’t secure, neither are you.

Or if you feel shy, go to the lock picking village and grab a seat; I find people into locking picking are generally welcoming and fun.

Take the requisite conference-bathroom-selfie.

Don’t be shy to ask questions! And don’t let the nature of the information put you off, it’s a friendly crowd.

Too bad you missed the annual party, though. Finally after 1,000 emails got meet Sabrina, who runs communications & media, and edited my article about the car hacking keynote by Chris Valasek.

Whom I also met IRL, read that piece here.

Tickets and location information here, and whomever’s running their Twitter is funny @SecTorCa #SecTorCA

One day I’d like to give a talk, maybe another year of quiet study first.

I have 3 possible topics, but they’re not yet strong enough to type here.

Blog tag = SecTor

 

 

Hi SecTor Good to Meet You, I’m Keri

I publish here daily Monday – Friday: Cars, Security and a Peek into my Life.

I’m also a full-time auto journalist with Sun Media Newspapers; news, reviews, and a weekly column called, ‘Keri On Driving’: 300 words weekly about whatever I want.

I’ve combined the cars & security worlds a few times, columns that may interest you include:

- Let’s go War Driving – here
- Securing your Car in the City – here
- Computers in Cars – here
- Your Car can be Hacked, but Not Really – here
- Stick Families are a Terrible Idea – here
- and maybe this post - Went Armoured Car Shopping

And over at the paper, I own the security section, here.

If we’ve met before, I’ve probably said the same thing that I’ll say again now:

I am way beneath you in skills; a script kiddie at best.

The Security category of my blog is best suited not to you but like, your relatives.

- How to change your Router Password – here
- Don’t Name your Phone your Name – here
- Most Common iPhone Passwords – here
- My blog being spidered looks like this – here
- You’re responsible for Hotspot users – here
- Ransomware is terrifying – here
- Buy this type of shredder – here
- Your screen can be seen 20 feet Away – here
- It’s a good idea to monitor connections – here

There’s a hole in the internet for end-user security stuff, so that’s the goal here.

Plus fun videos:

Smarten Up, Internet – for the housewives of Iowa

Blackberry security is why you buy (original post)

Please don’t hack me. It wouldn’t be a challenge even, like picking on the kid at recess wearing a helmet, really.

Look forward next week to seeing some old faces and meeting new ones, and am always up for car talk - Jag’s F-TYPE‘s engine note is my favourite, Audi is my interior benchmark because minimal, I love minivans, I own a ’99 Jetta that’s a lunch box, I just competed in Targa Newfoundland 2014; tracking a Porsche this summer was a highlight, and if you’d like to talk about hacking a car, I would too.

Blog tag = auto security

Twitter@KeriBlog
Email - Keri AT KB dot com

 

 

A Rare Chance to Hear a Car Hacking Expert

Chris Valasek is the Keynote speaker on October 21, 12pm at SecTor Security Conference.

While hacking a car almost always requires physical access,
it won’t be long before it doesn’t.

Consider this scenario: a virus is accidentally downloaded onto a driver’s phone, who unknowingly pairs it to his car, now the infection is inside the vehicle, where the Bluetooth and brakes run on the same network… what’s the defence?

How do you mass-update the software in tens of thousands of cars? It can costs millions just for an automaker to mail a “come in and get updated” letter to its customers.

As vehicles become more computers-on-wheels than cars, the act of securing them should be a priority for automakers, yet there’s an absence of information on this topic.

Here’s a rare opportunity to hear from a bleeding-edge expert at this year’s SecTor, Canada’s premier IT security conference.

Christopher Valasek is a pioneer in automotive security. He serves as Director of Vehicle Security Research at IOActive, one of the first companies to specialize in automotive security.

He’s not just a theory guy, Chris is an actual practitioner. Remember last year when the headlines screamed “a Prius and Ford have been hacked!’ – that was him. If you’ve read anything in the news about car hacking, it probably contains a quote or citation to his work.

He’s not out to do bad and hack your product, or show up individual OEMs, this is a rare chance to hear from one of the good guys, plus – the added advantage of having a mind like this assessing your product, for free.

On October 21 at noon, Chris’ keynote presentation, ‘The Connected Car: Security Throwback’ , will demonstrate how present-day automotive security is like a hard shell with a gooey inner layer – protect the outside, but once inside, it’s a field day.

(photo via Forbes)

He’ll draw comparisons between today’s auto landscape and the early 2000s of the internet, when protection mechanisms were an afterthought. He feels automotive security is stuck in a hole in time, and that the same solutions used to secure the networks of 10 years ago, can be applied to today’s automotive security issues.

Because the more computers and code that go in to cars, the greater the odds of a mistake being made and someone like Chris finding it. Moreover, with the automotive production cycle being so long (2018 model years are now being finalized), a problem found today is going to be prevalent for some time.

Automotive industry types – is your product resistant against a cyber-attack? If you’re not securing the vehicles you’re producing, then they can be weaponized, and yes that sentence is intended to give you chills.

His keynote will include the opportunity to ask questions. Catch it at SecTor on Tuesday, October 21 at 12:00 – 1:10pm. Ticket information here

Blog tag = auto security

Meet me in this post

 

 

How to Cheat at Motorsports

Racing is a real dirty sport, so it surprises me a group with such minds haven’t gotten into this, and we don’t hear more about it.

Got the idea at Indy 2012.

Why aren’t teams attacking other team’s
networks, internet & communications?

Examples:

The WiFi connection went down? And you were relying on the cloud?

The telematics, feedback and monitoring systems stopped functioning? Or instead, started to output false data?

An F1 engineer in the pits can remotely control the car, so how about altering those settings? Make the engine blow, you only get so many engines per race…

You in position? Preparing to cut crew-driver communications, you’ll have 5 seconds to pass until the system is again live, starting in 3, 2…

This isn’t a barely-subtle way of saying I’m for hire, these are rate card items, don’t ask me that at races.

This photo has nothing to do with anything, just needed one more to round out this post.

It’s a 2015 Jaguar F-TYPE S

3.0L V6 Supercharged
380 hp
339 lb-ft
$110,000-ish
Googly-eyed button
Best engine note ever.