When batteries go bang as electric cars charge: Insights from a cyber security perspective. The image above shows an incident captured by CCTV in my own back garden earlier this year.
This occurred when a power drill battery, which was being charged by builders working on my house, exploded and shot in the air. Fortunately, no-one was injured and no damage was done, apart from some slightly scorched grass. The lithium-ion battery in question was a branded product that had apparently been purchased from a reputable retailer. So why did it explode in such a spectacular way? Why do lithium-ion batteries catch fire? There are two electrodes inside a lithium-ion battery, one positive (called an anode) and one negative (called a cathode). However, if the lithium-ions move too quickly towards the anode during charging, lithium is deposited around the anode. Millions of cars at risk as keyless entry systems can be hacked, report says. Tens of millions of cars are made vulnerable to theft by their keyless entry systems, according to a report by computer security experts.
The paper claims many of the 100m Volkswagen vehicles sold over the past 20 years are vulnerable and can be hacked using cheap tools. Audi, Seat and Skoda models sold since 1995 are also said to be affected as they share Volkswagen’s remote keyless entry system. Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot models are also at risk from a similar exploit, the researchers claim. The three researchers from the University of Birmingham in England and a fourth from security company Kasper and Oswald GmbH in Germany, found models as recent as this year’s Audi Q3 were vulnerable. They said it is conceivable that all VW Group cars, with the exception of some Audis, are thus vulnerable to attacks because they rely on a ‘constant-key’ scheme.
Is your car the most stolen model in England and Wales? Hundreds of millions of cars can be easily unlocked by attackers - Help Net Security. Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security conference in Austin, Texas.
They have devised two attacks: One that target cars of the Volkswagen Group (VW, Seat, Škoda, and Audi), and includes recovering the cryptographic algorithms and keys from electronic control units that allows them to clone the signal that will open the car, and Another that takes advantage of the cryptographically weak cipher in the Hitag2 rolling code scheme used by Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, Ford and other car makers. The result of the attack is the same: an unlocked car. “Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles,” the researchers noted. Both attacks can be performed in mere minutes.
Car hacking. Transport security – should we worry? My blog this month focusses on a completely different aspect of operations; that of security and information.
At a meeting of the Parliamentary Advisory Council on Transport Safety (PACTS) held in January this year, members were briefed on automotive cyber security. Whilst this focussed on cars, as they are early adopters of on-board technologies, it can also be relevant to buses and coaches as more and more data is received and transmitted to and from vehicles. This may either be data from the vehicle or to and from passengers. What sort of items are we talking about that were vulnerable to attack? Items such as tyre pressure monitoring, vehicle diagnostic port, infotainment systems and telematics just to name a few. “Vehicle manufacturers expected the data/systems service providers to provide the security protection and the providers expected the manufacturers to do this” Are we really bothered though?
New Security To Stop Hackers Taking Control Of Cars. How hackers can impede connected vehicles A Security Framework that protects vehicles connected to external networks such as the internet from hackers has been created by Harman; the automotive electronics specialist.
Much like a laptop computer, a hacker that bypasses a car's security could make it behave in a manner which is detrimental to the legitimate operator. Harman explained that there has not been a single instance of malicious vehicle hacking, so far. There have, however, been a series of experiments – conducted by industry professionals in controlled environments – that emphasised the potential consequences.
Consider a test conducted in the U.S.A., for example. The cybersecurity risk of self-driving cars. Ten million self-driving cars will be on the road by 2020, according to an in-depth report by Business Insider Intelligence.
Proponents of autonomous vehicles say that the technology has the potential to benefit society in a range of ways, from boosting economic productivity to reducing urban congestion. But others—including some potential consumers and corporate risk managers—have expressed serious concerns over the cybersecurity of the so-called fleet of the future. As one tech reporter put it: "Could cybercriminals remotely hijack an autonomous car's electronics with the intent to cause a crash? Could terrorists commandeer the vehicles as weapons? Could data stored onboard be unlocked? " Experts say that self-driving cars will be particularly susceptible to hackers. Car hacking is the future – and sooner or later you'll be hit. “Car companies are finally realising that what they sell is just a big computer you sit in,” says Kevin Tighe, a senior systems engineer at the security testing firm Bugcrowd.
It’s meant to be a reassuring statement: proof that the world’s major vehicle manufacturers are finally coming to terms with their responsibilities to customers, and taking the security of vehicles seriously. But given where Tighe and I are talking, it’s hard not to be slightly uneasy about the idea that it’s normal to sit inside a massive computer and trust it with your life. We’re meeting at Defcon, the world’s largest hacking conference, just outside the “car-hacking village”, a recent addition to the convention’s lineup, where enthusiasts meet to trade tips on how to mess about with those same computers for fun and profit. At that year’s Defcon, Twitter’s Charlie Miller and IOActive’s Chris Valasek demonstrated they were able to wirelessly take over a Jeep. Hackers Remotely Kill a Jeep on the Highway—With Me in It.