idw – Informationsdienst Wissenschaft
Nachrichten, Termine, Experten
Nachrichten, Termine, Experten
Many auto workshops do not know enough about how to keep our cars safe from cyberattacks. This is revealed in a new study from the University of Skövde. "A large proportion of the vehicle fleet could practically be entirely open to attacks or already breached," says Marcus Nohlberg, docent in cybersecurity at the University of Skövde.
Our modern cars can be described as connected, advanced computers on wheels, and these computers handle everything from anti-skid systems to adaptive cruise control.
Cars can become targets for cyberattacks
Recently, car computer systems have also started communicating with each other. This communication occurs outside the car. The intention is to avoid collisions, but it also opens up risks, and cars can become targets for cyberattacks. In 2015, two security researchers demonstrated how they could take control of a Jeep Cherokee’s brakes and steering.
However, a new study from the University of Skövde shows that security awareness and knowledge among auto workshops are still low when it comes to cybersecurity. So, what happens if auto workshops do not have the necessary knowledge or awareness to handle car software correctly?
"A large proportion of the vehicle fleet could practically be entirely accessible to attacks or already breached," says Marcus Nohlberg, who, together with Martin Lundgren, senior lecturer in informatics, and David Hedberg, a former student at the University of Skövde, is behind the study.
Car owners cannot protect themselves
But the extent is difficult to assess. This is due to a lack of transparency in how car manufacturers operate. One issue highlighted in the study is that car manufacturers have devised a solution for managing software exclusively accessible to authorised workshops. This exclusivity fosters significant uncertainty regarding the proper handling of the software, consequently leading to unaddressed security concerns.
"This is particularly true for workshops that are not authorised. They are often forced to use unofficial methods to manage the cars. For most people, the car is the most advanced computer they have, but they currently have no way to influence updates and information security," says Martin Lundgren.
Significant risks that are not addressed
The researchers behind the study believe that both the public and professionals need greater insight into the systems. If more than just authorised workshops were allowed to use official software to update cars and had insight into the car's security, it would benefit safety. The current situation makes sense from the manufacturers’ perspective, but the consequences for owners and society at large could be enormous.
“A large portion of the vehicle fleet may have significant vulnerabilities without us having any opportunity to control or protect ourselves against them at all. For us, it has been an eye-opener that there are such significant previously unknown risks in the automotive industry that are not being addressed," says Marcus Nohlberg.
Marcus Nohlberg, phone: +46 500-448270, e-mail: marcus.nohlberg@his.se
Hedberg, D., Lundgren, M. and Nohlberg, M. (2024), "Cybersecurity in modern cars: awareness and readiness of auto workshops", Information and Computer Security, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/ICS-11-2023-0211
https://doi.org/10.1108/ICS-11-2023-0211
https://www.mynewsdesk.com/se/his/images/uppkopplad-bil-3032915
Merkmale dieser Pressemitteilung:
Journalisten
Informationstechnik, Verkehr / Transport
überregional
Forschungsergebnisse
Englisch
Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.
Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).
Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.
Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).
Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).
