Tesla recently demonstrated its new electric pickup vehicle, dubbed “Cybertruck”, which has polarised public opinion. Some have stated it looks like a vehicle from a child’s sketch come to life, while others consider it to be a vision of the future. There were also concerns about the safetyof the unusual cube-like design as the prototype lacks windscreen wipers, turn signals and side mirrors. Whichever side you agree with, givenTesla’s ability to set trends, it’s possible this design could determine what the exterior of cars will look like in the future.
To be honest, I don’t like this car and wouldn’t own it or drive it. However, the use of the term “cyber” in the brand name is very relevant for current autonomous vehicles. In time this will be important not only for this truck with its unusual design, but for the automotive industry in general. Today, more and more cars are becoming cyber cars, and in the future it’s likely every car will be a cyber car. Cyber here doesn’t mean that they will all have a polygonal cyberpunk-like design though. It means that the focus of the car’s operating process will rely on digital systems, both inside and outside the car. So, the logical question here is: “how secure will all those cyber cars of future be?”.
Based on our experience working with car manufacturers on penetration testing and vulnerability research, we have seen two top issues that raise concern around automated and cyber cars:
#1 Impact on vehicle safety
One of the biggest worries is that someone can exploit vulnerabilities in a car’s system to take over a connected car’s control or manipulate its functions. That’s why we recommend car manufacturers conduct regular assessments and penetration tests to detect vulnerabilities before the car is released. They should also ensure that all components that can affect car security are tested.
To mitigate risks, if any security issues are found in released cars, best practice is to enable over-the-air (OTA) updates. With this technology, patching a car’s software resembles the way we update the software on our smartphones, as it allows us to install necessary updates for a car remotely, without the need to go in for a service. Provided the communication channel between the car manufacturer and the car is reliably protected, this is quite good practice.
OTA updates are still not commonplace in the auto market; it’s a real challenge to deploy rapid security updates which comply with all the quality and safety requirements for all vulnerable Electronic Control Unit (ECU) types. In case the OTA update distribution isn’t possible, we recommend deploying intrusion detection and prevention security modules to ECUs. This allows virtual patching alongside protection of in-vehicle systems, including connected devices, communication forms used and applications launched.
Car manufacturers can also introduce special bug bounty programs, so third-party researchers can report issues to resolve before the general public and therefore, threat actors, are aware of them.The good news is that some carmakers already support these initiatives. So, we hope that this step can transform from a good option to an industry standard soon.
#2 Private data exfiltration
Data is a form of second fuel for a connected car — the more contextual information the car has, the smarter decisions it can make on the road. For example, there are infotainment (IVI) systems — which deliver entertainment and information to the driver and passengers — and telematics units (TCU) that control the tracking of a car. They can collect and transmit to car manufacturer or app developer, a vehicle’s GPS location, mobile data (including information from social networks), driver style information and voice assistant recordings, as well as communication information.
Car location, the driver’s favorite routes and places (such as shops, cafes and gas stations), data from paired smartphones (including contacts, calls and voice requests) and data from in-vehicle cameras and microphones are held both by the vehicle itself and in the wider ecosystem. This can be a tempting target for malefactors. If this private information is in the wrong hands, it can be used for stalking or blackmailing. And, even if we don’t take into account the “usual suspects” – i.e. cybercriminals – the privacy of the owner of smart car is a serious question nowadays. Therefore, consumers are increasingly interested in how the data they generate while driving a cyber car is used.
Connectivity affects not only new cars but used ones as well. For example, it has been provenalready by our researchers, that connected cars are introducing some privacy risks for a forgetful owner. When a connected car is sold second hand, it can be possible for the new driver to access all of the same apps and data as the previous owner, if he or she didn’t log out. This can lead to the compromise of previous owner accounts – even ones that have card or bank details connected. Depending on the type of services saved in the car’s software, this could lead to financial or reputational losses, among others.
This means that, surprisingly, car manufacturers now have a new asset to deal with – their customer’s private data. What happens if this data leaks? Do car manufacturers have a plan on how to deal with these privacy issues?
Those are definitely questions to think about, but it is clear now that car manufacturers must also take care of privacy. Encryption of a vehicle’s communication networks when transmitting sensitive data outside a car is a good place to start in this area.
Driving automotive сybersecurity
The development of connected vehicles is incredibly exciting and combines two of my favorite interests – cars and technological innovation. We are now seeing how advancements in technology are driving the development of the automotive industry and its safety in today’s world. For example, a neural network can be trained to recognise anomalies under regular operating conditions through telemetry from a car engine.
I believe that cybersecurity posture of a vehicle will soon become a competitive advantage for car manufacturers, as customers are now more concerned about privacy issues. Besides that, some security issues can also pose danger to physical safety, which is the main factor for the majority of the public when choosing a car. In other words, it is important to show now what an automotive company is doing to protect the drivers of its cars from security risks.
So, if you ask me what makes a car a cyber car, I’d say that it is not simply a sci-fi, or even retro-sci-fi look. It is not the ability to drag another truck uphill or have cameras instead of rear-view mirrors. I’d say it is the ability of the car to cope with the challenges that connectivity and smart ecosystems bring to the way a car is produced, sold and used. Such cars have yet to arrive on the market but I’m sure that when the cybersecurity and automotive industries collaborate, this will happen very soon.
Security issues grow with transition to smart TVs
You can’t picture a modern home without smart equipment. Smart thermostats, smart refrigerators, robot vacuums, and smart TVs won’t surprise anyone these days. For example, around 70% of the TVs being sold worldwide are smart TVs. Although they bring more entertainment, these devices also carry new digital threats.
Sometimes people forget that smart TVs are as vulnerable to cybercrime as their smartphones and computers. Daniel Markuson, the digital privacy expert at NordVPN, says that “although smart TVs are connected to the internet and have similar functions to computers, they aren’t equipped with the same security tools, which makes them easy prey for hackers.”
What’s so scary about your TV getting hacked? As smart TVs gain more features, the amount of your private information they handle increases too. TVs aren’t just for watching movies and shows anymore. Now you can use them for web browsing, streaming video content, gaming, and even shopping online.
To enjoy your smart TV to the fullest, you need to download various apps and games. These cost money, so you need your credit card details filled in. Putting your financial information, logins, and passwords on your TV makes it an appealing target for hacking.
According to Daniel Markuson, a smart TV can be used to spy on its users. Hackers can access its camera and microphone through malware, which they can slip into your TV when it is connected to Wi-Fi. They can use footage from your bedroom or living room to blackmail you and your family. By watching your home and listening to your conversations, hackers know what goods you have, where you keep them when you’re away, and what your plans are.
If you use your smart TV for web browsing, you can infect it with various viruses too, says the digital privacy expert at NordVPN. Like computers, smart TVs run on software, but they don’t have the same strong antivirus and firewall systems installed. Once your TV gets infected, your browsing history, passwords, and other private data become accessible to hackers. And they won’t miss the opportunity to use this information in ransomware attacks.
Even though smart TVs are vulnerable to cyber threats, Daniel Markuson says there is no need to panic yet. The expert names a few simple principles every smart TV owner should follow to protect their device.
Always update your TV’s software whenever a new version becomes available. The expert says that software updates are crucial for cybersecurity as manufacturers do their best to patch vulnerabilities. Updates often repair security flaws, fix or remove various bugs, add new features, and improve the existing ones. Some TVs install updates automatically by default. With others, you may need to check for updates periodically to make sure your device runs on the latest version.
Use available security measures such as a VPN. The best practice for any internet-connected device is to install a firewall and use a VPN such as NordVPN. It secures your device and lets you enjoy fast internet access with encryption-powered privacy.
Connect your smart TV to the internet only when needed. It isn’t necessary to have your TV connected to Wi-Fi all the time. To make it less vulnerable to hacker attacks, turn on the Wi-Fi connection only when you are using it.
Download apps from official stores only. Do not install any programs and games from unofficial sources on your smart TV. Make sure that both the app and its provider are reliable. Moreover, if an application asks for access to your data, camera, or microphone that isn’t necessary for its operation, never accept it.
Be careful with personal files and financial data. Shopping online on a big smart TV screen might be fun, but be careful providing your credit card details and other sensitive information this way. Although some manufacturers equip their TV sets with security features, they cannot guarantee safety online. “People who synchronize their smart TVs with their computers to access compatible media content should be especially cautious,” warns Daniel Markuson. The connection between your smart TV and your computer can be a weak link and lead to a data breach.
Use strong Wi-Fi passwords. This practice is the most obvious and the easiest to follow. Create a strong password to protect your Wi-Fi connection at home and don’t share it with any outsiders.
Turn off your TV camera when not in use. Whether it’s a built-in camera or the one connected to a TV via Wi-Fi, turn it off when not using it. If you can’t turn off your camera, use a piece of tape or a sticker over the camera lens to cover it.
Tech too complex? It stresses out even the tech-savvy
Even the savviest members of the tech industry get stressed by common devices that power their everyday lives, according to a recent poll conducted at CES 2020 by Asurion, the global leader in helping people connect, protect and enjoy their tech.
Asurion surveyed nearly 1,400 attendees of CES 2020, the world’s largest and most influential tech industry event, about their relationship with personal tech and their role as tech expert for family and friends. What the tech care company found is that even the tech-savvy, tech DIY’ers and early adopters stress out over some of the most ordinary devices in our hands and homes.
So, what tech tops the list of devices that stress out some of the consumer electronics industry’s tech enthusiasts?
- Mesh routers and Wi-Fi networks (33%)
- Phones (26%)
- Smart home security systems (23%)
And, the tech-related activities that even the tech-savvy dread the most?
- Troubleshooting a device that worked perfectly yesterday (39%)
- Device security (27%)
- Setting up devices (nearly 27%)
Asurion helps nearly 300 million customers worldwide unlock the potential of their tech with a team of over 10,000 Experts who are just a call, click or tap away. The company’s Experts provide ongoing tech support, same-day device repair, and same-day delivery and setup services. They’ll meet customers virtually, in-home, at select partner stores, and in more than 540 uBreakiFix stores across the country or wherever it’s convenient.
“The tech industry just spent four amazing days experiencing and celebrating the latest innovations in the future of tech,” said Teresa May, Senior Vice President and Chief Marketing Officer at Asurion. “What we heard is that even common tech tasks and devices can be challenging. Every day, our Experts help people across the country with their devices – everything from setting up a new phone to troubleshooting streaming issues on their smart TVs. Our CES poll reveals that the industry’s top tech innovators share the same pain points affecting millions of Americans.”
Asurion’s Experts received more than 18.5 million calls and chats from customers seeking tech help last year. And while the No. 1 question this holiday was a strong “How do I activate my new phone?” Asurion Experts also received many questions ranging from “How do I connect to Wi-Fi?” to “Can I sync my smart speakers to play them in tandem?”
And while the tech industry may have tech challenges of their own, they also get tapped by family and friends for help. Eight out of 10 attendees surveyed said their family and friends rely on them to help set up and troubleshoot their tech. Nearly two-thirds (63%) said they hesitate to gift tech to their loved ones because the recipient won’t know how to use it, and nearly half (46%) gave pause to gifting tech to family and friends because they didn’t want to be the one to help set it up.
Asurion CES Tech Poll
Consumer Tech Devices That Stress CES Attendees Out the Most
1. Mesh Routers and Wi-Fi Networks (33%)
2. Phones (26%)
3. Smart Home Security Systems (23%)
4. Smart Home Assistants/Hubs (20%)
5. Bluetooth Printers (19%)
6. Smart Home Automation (19%)
7. Laptops/Tablets (18%)
8. Smart TVs (17%)
9. Smart Appliances (14%)
10. Home Energy, Lighting and Switches (13%)
Tech Activities That Stress Out CES Attendees the Most
1. Troubleshooting Tech That Worked Perfectly Yesterday (39%)
2. Security (27%)
3. Setting up a Device (27%)
4. Privacy (23%)
5. Helping Others With Their Tech (20%)
6. Managing or Connecting Multiple Devices (19%)
7. Wi-Fi Connectivity (19%)
8. Paying for Personal Data Storage (18%)
9. Learning a New Operating System (17%)
10. Choosing Which Brand To Purchase (17%)
To learn more about where you can get tech support and protection, visit Asurion.com.