Las Vegas Review-Journal

CARS

-

Francisco-based Cruise Automation, said hacking autonomous ride-sharing cars will be more difficult than believed as automakers reduce the number of ways a vehicle software system can connect with users, and as owners regularly update operating systems. Cruise is helping General Motors develop a fleet of autonomous cars.

Miller and Valasek said self-driving cars will also include devices that are expensive and not available to the general public, making it harder for hackers to get their hands on to analyze.

“It’s hard to hack the car when you don’t have the hardware, software and radars,” Valasek told hundreds of attendees at the session.

Update security flaws

Several groups have remotely hacked semi-autonomous cars over the years, including a Tesla, raising concerns about the security of fully autonomous cars. Miller and Valasek said they remotely hacked a Jeep Cherokee in 2015, taking control of the automobile’s operations.

The first self-driving vehicles will likely be owned and operated by corporatio­ns, such as ride-sharing companies, they said.

The corporatio­ns will have the ability to update any software security flaws the day they become available across their fleet, Miller and Valasek told the audience.

Manufactur­ers of autonomous ride-sharing cars can reduce the ability of hackers to gain control by removing potential remote access points like Bluetooth, they said.

Companies owning cars would also be able to monitor the engine control units in each vehicle and stop the car — or prevent it from starting — if any unauthoriz­ed changes have been made to it.

Hackers need to break through two, three, or even four security blocks to remotely gain access to a car today. By increasing the strength at each level, companies can make hackers’ “return on investment so low” that some won’t even bother, Valasek said.

“I think we are doing a pretty good job right now,” he said about the industry’s progress to stop remote hacking.

However, the situation changes when the fully autonomous car is owned by an individual, who may not regularly update security flaws.

“It’s a harder problem” to resolve and not something Cruise is focused on at the moment, he said.

Pacemakers, insulin pumps

Jonathan Butts, founder of QED Secure Solutions, and Billy Rios, founder of Whitescope, demonstrat­ed that they could alter the operation of implanted medical devices such as pacemakers as well as insulin pumps.

The two said they found flaws that allowed them to increase or halt delivery of insulin as well as alter the pulses sent by pacemakers.

Butts and Rios told the audience they found vulnerabil­ities in four of the major pacemaker devices, but added people should nonetheles­s use them as the health benefits outweigh the cybersecur­ity risks.

“Most vendors are trying to do the right thing, but the industry has a long way to go,” said Butts.

Contact Todd Prince at 702-3830386 or tprince@reviewjour­nal.com. Follow @toddprince­tv on Twitter.

?? K.M. Cannon ?? Las Vegas Review-journal @Kmcannonph­oto Joel Thomassino of Nashville, Tenn., tries to pick a lock to win a prize at the Coalfire Labs booth Wednesday during the Black Hat annual cybersecur­ity conference at Mandalay Bay.
K.M. Cannon Las Vegas Review-journal @Kmcannonph­oto Joel Thomassino of Nashville, Tenn., tries to pick a lock to win a prize at the Coalfire Labs booth Wednesday during the Black Hat annual cybersecur­ity conference at Mandalay Bay.

Newspapers in English

Newspapers from United States