Cars billed as the latest and greatest and partially powered by software may have security vulnerabilities the automakers haven’t yet caught on to. That’s the word from The Security Ledger blog, which advises that such vulnerabilities are “unlikely to be resolved through after-the-fact security fixes,” according to an anaylsis by the firm IOActive. Check its “Commonalities in Vehicle Vulnerabilities” paper.
In the IOActive work, advises Security Ledger, “The results, while not dire, are not encouraging. The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation.
“These are all great things that the software industry learned as it has progressed in the last 20 years,’ IOActive adds, “But (automakers) are not doing them.” So, when being urged on by a car salesman about state-of-the-art security gear, let the buyer beware.