IoT Security Intel

Cyber IoT Security: McAfee on Threats and Autonomous Cars

IoT Security

Autonomous cars are just around the corner, there have been IoT security controversies surrounding their safety, and a few doubts still hang in the minds of people who don’t like the idea of a computer driving their car. However, the biggest news stories surrounding this topic have been to do with how safely the cars are driving, not how safe they are from cyber-attack – the McAfee Threat Predictions 2016 Report warned that autonomous cars could have up to 12 separate surfaces vulnerable to cyber-attack. As our cars become a part of this interconnected world, they too must be secured against the kind of attacks that corrupt our other IoT devices. The security of our cars from IoT attacks should be top of our priority list, given that we will be trusting them with driving us around every day.

IoT Device SecurityThe vulnerability of IoT cars was demonstrated in a terrifying experiment last year, two hackers gained access and control over a Jeep Cherokee, they were able to adjust the climate control, the radio, the dashboard, they were even able to cut the transmission. Now consider the implications of having 220 million cars worldwide connected like an IoT device – one that is vulnerable to hacks.

IoT Security and Devices

In the McAfee White Paper on Automotive Security they warn of the size and complexity of protecting a modern car from cyber-attacks, stating that “assessing the scope of threats is an immense job, and an attack surface may be left unprotected unintentionally”. In their report on threat predictions for 2017, they suggest that the control plane of IoT devices (namely autonomous cars) will be the primary target for hackers – the control plane often has access or control over other processes going on in the device. They claim that less time has been dedicated to the IoT security of these systems, than there has been to the devices themselves, and thus the systems are now the weakest point. The other main weak points are the aggregation points, which are likely to be cloud-based so cloud security has a role to play as well. I mean, why hack one vehicle when you could hack into a whole fleet?

We spoke with Steve Grobman, CTO at Intel Security to ask him a few questions about the risks of adding cars to our connected world.

What part of an autonomous vehicles is most vulnerable to cyber-attack?


I think part of the challenge is there is not one single component, that there are so many areas of vulnerability. The challenge is going to be where we find vulnerabilities that need to be addressed while the cars and vehicles need to remain service.

There is an inherent delay between detection and deployment of security threats, practices like responsible disclosure will make it so vulnerabilities can be better addressed. I’d be very careful to point at one part of the car, or one part of the control system as the weak point. Maybe a good analogy is the car itself – what is the most important part of a car? Is it the steering wheel? The engine? The brakes?

It’s not that there aren’t critical systems, we have to look at the whole vehicle. When you get down to the next level, there are so many sub-components and different processes going on, you can’t focus on one part.

Do you think we will see a lot of hacks of autonomous cars/fleets, as they become ever more prominent in society?

I think we need to be prepared for it, but we also need to recognise that most cyber-attacks occur for a reason. They are usually driven by incentives for the bad actor and the ability of a bad actor to infiltrate a device or network.

We need to consider what the opportunity costs are for an actor attacking an autonomous car. Something that scares me is the ransomware business models, if you consider ransomware applied to a fleet of vehicles, then a bad actor could take control and hold the fleet to ransom. We need to be looking at it through the lens of the attacker, what is the level of investment compared to the return on that investment?

Making large scale attacks more difficult is more critical than securing individual devices. Autonomous vehicles are going to be some of the most complex interconnected devices ever created. Having them built without any weaknesses is unrealistic. We need to strive for strong security measures that minimise the risk to large scale attacks. There needs to be as much investment in patching and repair technology as there has been in vehicles themselves.

How can the industry best respond to these threats, or deal with them before they arise?

It is a multifaceted approach

  1. Strong investment in original design
  2. Investment in infield repair and upgrade vulnerabilities
  3. Invest in an aggressive research community to identify vulnerabilities before bad actors can exploit them

It Is a confluence of these 3 factors that will allow us to fully utilize this fantastic technology.

What advice would you give to those purchasing an autonomous car to ensure it is secure?

I think they key is going to be thinking about cyber security in the same way consumers think about safety and reliability. In the same way a consumer can’t run their own crash test, but they can look at independent evaluations. That same lens that is used for safety and reliability should be used for cyber security – look at which companies are investing in cyber security and what companies are passing independent security tests. It just becomes yet another criteria in the buying process.

So there is a need for a comprehensive security network to be built into the autonomous vehicle network. In the McAfee White Paper, they suggest a 4 pronged security plan, that encompasses Hardware Security, Software Security, Network Security, and Cloud Security. Only by focussing on all 4 aspects, can you truly secure an IoT device or system, especially one as sophisticated as an autonomous car. The future is autonomous, it is up to the manufacturers to decide how secure it will be.

By Josh Hamilton

Josh Hamilton

​Josh Hamilton ​is an aspiring journalist and writer who has written for a number of publications​ involving Cloud computing, Fintech and Legaltech​. ​Josh has a Bachelor’s Degree in Political Law​ from ​Queen's University in Belfast​​.
Studies included, Politics of Sustainable Development, European Law, Modern Political Theory and Law of Ethics​.

View Website
Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices With workplace mobility now a way of life and companies investing in cloud-based apps more than ever, security is moving beyond the four walls. Just a few years ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry. With the rise of social media, the way customers interact with brands has changed forever ...
Cloud Advances One Funeral at a Time

Cloud Advances One Funeral at a Time

The Advancing Cloud Forecasts scream huge growth rates for cloud but in the big picture it is tiny. Max Planck noted: “Science advances one funeral at a time.” Is cloud the same? The demand for ...
Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the CSA Code of Conduct for ...
5 Ways the Cloud and IoT Have Transformed the Transportation Industry

5 Ways the Cloud and IoT Have Transformed the Transportation Industry

IoT Transportation Industry The Internet of Things has caused many industries to evolve - but few more than transportation. Here are just a few ways it’s changed the delivery of goods. Remember when websites like ...
startup tech comic series
The Lighter Side Of The Cloud - Low Tech
The Lighter Side Of The Cloud - Machine Learning
The Lighter Side Of The Cloud - The Money Grab
The Lighter Side Of The Cloud - The Robo-Revolution
The Lighter Side Of The Cloud - Big Broadband
The Lighter Side Of The Cloud - Hydro Cancellation
The Lighter Side Of The Cloud - Virtual Office Space
The Lighter Side Of The Cloud - Dial-up Speeds

CLOUDBUZZ NEWS

SAP Customer Data Cloud Brings Trust to Personalized Marketing Campaigns

SAP Customer Data Cloud Brings Trust to Personalized Marketing Campaigns

WALLDORF — SAP SE (NYSE: SAP) today released SAP Customer Data Cloud solutions from Gigya, the industry’s only solution based on a consent-based data model. The solution helps businesses nurture trusted relationships with customers by providing them more transparency ...
Researchers combine wearable technology and AI to predict the onset of health problems

Researchers combine wearable technology and AI to predict the onset of health problems

A team of Waterloo researchers found that applying artificial intelligence to the right combination of data retrieved from wearable technology may detect whether your health is failing. The study, which involved researchers from Waterloo’s Faculties ...
Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

SAN ANTONIO – May 16, 2018 – Rackspace today announced Rackspace Kubernetes-as-a-Service, a highly-available managed service that transforms the way enterprises can utilize new container technologies, accelerating their digital transformation. Rackspace is focused on delivering true transformation ...