Automaker General Motors is using feedback from the public on potential security risks to better understand its vulnerabilities and build up its cybersecurity initiatives.
Through its public disclosure program, GM said it has received numerous reports pertaining to possible information-security vulnerabilities in its vehicles that it hopes to address as its cars become more connected through cellular and in-cabin Internet connections, The Wall Street Journal reported on Tuesday (March 22).
While speaking at an automotive security summit this week, Kevin Baltes, cybersecurity director at GM, explained that the information garnered from the public is part of a practice the company instituted in recent months and that the feedback helps to build relationships, identify and understand vulnerabilities, and ultimately fix the problem, WSJ stated.
As the technology used to help make vehicles more connected and essentially “smarter,” so have the oncoming threats to the safety and security from cybercriminals.
Earlier this month, Wired reported on a study released by vehicle security researchers in Germany who were able to use a radio attack to hack into the wireless key fobs of vehicles. According to the report, the Munich-based automobile club ADAC found that 24 different vehicles from 19 different manufacturers were vulnerable to a radio “amplification attack” that used the wireless key fobs to unlock the cars and start their ignitions.
The news comes at a time when the FBI, along with the Department of Transportation and the U.S. National Highway Traffic Safety Administration, is issuing serious warnings about the critical threats facing connected cars. The organizations cited not only the expected increase in the number of vehicles that rely heavily on computer systems for control, acceleration and everything else once handled by human chauffeurs, but also the increasing number of entry points that hackers are afforded by the veritable eruption in the way customers jack into the Matrix around them.
In a public service announcement released just this week, the bureau said:
“Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device — such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth or Wi-Fi — or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.”