Veracode maps out security risks accelerated by connected vehicles

May 1, 2013
Infographic provides tips for securing the latest and future generations of connected vehicles

BURLINGTON, Mass.-- May 1, 2013, (BUSINESS WIRE)--Veracode, Inc., the leader in cloud-based application security testing, today released the “Connected Vehicles: Too Smart For Their Own Good?” infographic, which maps out the IT security risks of features in connected cars.

“Connected Vehicles: Too Smart For Their Own Good?”
In an effort to provide new conveniences as well as meet physical security standards, many new consumer vehicles are offering more complex features. According to the recent “Connected Car Market (2013-2018)” report by ReportnReport.com, global connected car market shipments are expected to reach 59.86 million units and reach $98.42 billion by 2018. The introduction of features such as remote, self-diagnostics, satellite radios and built-in GPS systems, as well as features like keyless entry and ignition becoming commonplace, create a luxurious driving experience. However, these features which use integrated telecommunication and informatics systems called “telematics,” can also introduce IT security consequences.

Veracode’s “Connected Vehicles: Too Smart For Their Own Good?” infographic outlines many of the features vehicle manufacturers are developing, as well as the potential risks these applications can introduce. It includes recent examples of connected vehicles’ vulnerabilities such as:

Researchers at UCal hacked into telematics software to control engines, brakes, locks, alerts and more.
Researchers at BlackHat 2011 unlocked and started a Subaru Outback using only their smartphones.
The Self Destruct Virus starts a 60-second countdown that ends with the virus turning off headlights, locking the doors, shutting down the engine and disabling the brakes.
The infographic will also help car manufacturers and consumers navigate risks so they can improve the security of connected vehicles through the use of tools such as the Vendor Application Security Testing (VAST) program.

“The development of features meant to improve the auto industry can also introduce security vulnerabilities that have the potential to cause harm or the loss of data,” said Chris Wysopal, co-founder and CTO of Veracode, Inc. “Bottom line, smarter does not mean more secure, and information contained in vehicles should be treated much like data in a personal or corporate computer. As car companies continue to develop technology meant to make our lives easier, consumers need to be aware of the potential consequences, and car manufactures must take security into consideration throughout the development and implementation process.”

The “Connected Vehicles: Too Smart For Their Own Good?” infographic is available for download from the Veracode website here: http://www.veracode.com/blog/2013/03/connected-vehicles-how-smart-are-they/. Interested parties can embed and share the infographic on their websites or blogs with attribution.