NYU Tandon prof unveils Homeland Security–funded framework for software security in cars - Technical.ly Brooklyn

Dev

Jan. 19, 2017 11:37 am

NYU Tandon prof unveils Homeland Security–funded framework for software security in cars

The team said the time is coming when our cars have to have the same level of protection as our laptops. Meet Uptane.

Gotta keep these guys safe.

(Photo courtesy of Silvercar)

Here’s the scenario: You’re cruising in your electric car and you hear your doors lock all around you. A message pops up on your central console demanding you wire $10,000 in Bitcoin to a Russian hacker or else he’ll cut off your brakes and send you zooming, out of control down the highway.

That’s the nightmare scenario that a group of researchers, led by NYU Tandon professor Justin Cappos, wants to avoid. Cappos, along with collaborators from the University of Michigan Transportation Research Institute and the Southwest Research Institute, created a software security update framework for automobiles called Uptane, unveiled last week to reporters at an event at NYU Tandon.

NYU Tandon professor Justin Cappos.

NYU Tandon professor Justin Cappos. (Photo by Tyler Woods)

As our cars become more and more like computers with wheels, they will fall vulnerable to the same cybersecurity threats experienced by everything online now. Cappos said today’s cars have between 50 and 100 mini computers in them already.

“A car is still a mechanical thing but you can think of it as a bunch of computers that control mechanical aspects,” he said at a recent press conference at the engineering school. “They talk together and the networks inside of the car don’t have the necessary security to protect from a malicious hack. What security experts have shown is that they can go and exploit a problem in one part of the car to get into other parts that can disable the brakes, lock you in your car or turn on the A/C.”

Uptane, which has gotten funding from the U.S. Department of Homeland Security, is not a piece of antivirus software, but rather a way of thinking about software security in vehicles that Cappos hopes will become the industry standard. It suggests a separation of duties for different parts of the car’s software system doing different tasks, and a threshold of signatures, where for important software functions more than one actor will have to sign off on making changes.

Advertisement

“There’s Bluetooth, WiFi, cellular [communication],” said Sam Lauzon, of the University of Michigan. “Soon we’ll have vehicle to vehicle, so at any time there could be three or four devices communicating with your vehicle. Ten years ago this was all inside a car, they didn’t have WiFi or Bluetooth. Now all these systems are interconnected and hackers are finding ways of making them interact with each other in ways that weren’t intended.”

The researchers noted that we are still in the infancy of cybersecurity for cars. But in the years that come, particularly as cars become autonomous to varying degrees, this issue will come to the fore. These researchers are trying to get out in front of that problem.

You must appreciate accurate, relevant and productive community journalism.  Support this sort of work from professional reporters with seasoned editors.  Become a Technical.ly member for $12 per month -30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

Could HEVO be Brooklyn’s next unicorn?

How Nava PBC helped government make Medicare’s largest change ever

Uber, we’re not your R&D lab. Get self-driving cars off the road now

SPONSORED

Brooklyn

You can win up to $360,000 at the WeWork Creator Awards

Baltimore, MD

Terbium Labs

Software Engineer

Apply Now

NYC tech advocacy group urges full speed ahead on autonomous cars

H-1B lessons in the time of Trump

Researchers develop breakthrough 3D-printed foam at NYU Tandon

SPONSORED

Brooklyn

Explore how diverse teams build dynamic products with Dev Bootcamp

Sign-up for daily news updates from Technical.ly Brooklyn

Do NOT follow this link or you will be banned from the site!