NYU Tandon prof unveils Homeland Security–funded framework for software security in cars - Technical.ly Brooklyn

Dev

Jan. 19, 2017 11:37 am

NYU Tandon prof unveils Homeland Security–funded framework for software security in cars

The team said the time is coming when our cars have to have the same level of protection as our laptops. Meet Uptane.

Gotta keep these guys safe.

(Photo courtesy of Silvercar)

Here’s the scenario: You’re cruising in your electric car and you hear your doors lock all around you. A message pops up on your central console demanding you wire $10,000 in Bitcoin to a Russian hacker or else he’ll cut off your brakes and send you zooming, out of control down the highway.

That’s the nightmare scenario that a group of researchers, led by NYU Tandon professor Justin Cappos, wants to avoid. Cappos, along with collaborators from the University of Michigan Transportation Research Institute and the Southwest Research Institute, created a software security update framework for automobiles called Uptane, unveiled last week to reporters at an event at NYU Tandon.

NYU Tandon professor Justin Cappos.

NYU Tandon professor Justin Cappos. (Photo by Tyler Woods)

As our cars become more and more like computers with wheels, they will fall vulnerable to the same cybersecurity threats experienced by everything online now. Cappos said today’s cars have between 50 and 100 mini computers in them already.

“A car is still a mechanical thing but you can think of it as a bunch of computers that control mechanical aspects,” he said at a recent press conference at the engineering school. “They talk together and the networks inside of the car don’t have the necessary security to protect from a malicious hack. What security experts have shown is that they can go and exploit a problem in one part of the car to get into other parts that can disable the brakes, lock you in your car or turn on the A/C.”

Uptane, which has gotten funding from the U.S. Department of Homeland Security, is not a piece of antivirus software, but rather a way of thinking about software security in vehicles that Cappos hopes will become the industry standard. It suggests a separation of duties for different parts of the car’s software system doing different tasks, and a threshold of signatures, where for important software functions more than one actor will have to sign off on making changes.

Advertisement

“There’s Bluetooth, WiFi, cellular [communication],” said Sam Lauzon, of the University of Michigan. “Soon we’ll have vehicle to vehicle, so at any time there could be three or four devices communicating with your vehicle. Ten years ago this was all inside a car, they didn’t have WiFi or Bluetooth. Now all these systems are interconnected and hackers are finding ways of making them interact with each other in ways that weren’t intended.”

The researchers noted that we are still in the infancy of cybersecurity for cars. But in the years that come, particularly as cars become autonomous to varying degrees, this issue will come to the fore. These researchers are trying to get out in front of that problem.

You must appreciate accurate, relevant and productive community journalism.  Support this sort of work from professional reporters with seasoned editors.  Become a Technical.ly member for $12 per month -30-
LEAVE A COMMENT

Advertisement

Uber, we’re not your R&D lab. Get self-driving cars off the road now

Startups! Tonight is the deadline for Future Labs’ Catalyst NYC program

NYC tech advocacy group urges full speed ahead on autonomous cars

SPONSORED

Brooklyn

Explore how diverse teams build dynamic products with Dev Bootcamp

Philadelphia, PA

160over90

Digital Creative Director

Apply Now
WASHINGTON, DC

Nava

Designer / Frontend Engineer (DC, SF, NYC)

Apply Now
WASHINGTON, DC

Nava

Designer / Researcher (DC, SF, NYC)

Apply Now

Researchers develop breakthrough 3D-printed foam at NYU Tandon

3 companies from Urban-X’s 3rd cohort that we’d love to invest in

But what if the government did build a nationalized 5G network? Pros and cons

SPONSORED

Brooklyn

Learn from these Brooklyn founders in our Tomorrow Toolkit ebook

Brooklyn, NY

Propel

Senior Software Developer

Apply Now
Manhattan

ProPublica

Editorial Experience Designer

Apply Now
Manhattan

ProPublica

Product Developer, Business Tools

Apply Now

Sign-up for regular updates from Technical.ly

Do NOT follow this link or you will be banned from the site!