A top security researcher has warned that as objects become more connected through the internet of things, security considerations should be paramount in order to avoid real-world consequences.
Speaking after Cloudsec 2018, Rik Ferguson vice president of security research at Trend Micro, told NS Tech: “If we’re not engineering security in at the base level then we’re not only doing ourselves a disservice, we’re setting ourselves up for a massive failure.
“We’re talking about real physical things that can have kinetic consequences in the world.”
One of the biggest fears for Ferguson involves the use of driverless vehicles becoming widespread before cyber security is properly implemented.
“A vehicle is currently a terrorist’s favourite weapon,” he said. “If you look at any of the major terrorist attacks we’ve seen they all involve vehicles in one way or another, whether it’s here in London, Nice, Barcelona, New York or Berlin. It’s an extremely effective weapon.
“If we talk about the future where there are fleets of autonomous cars and they all share a common security vulnerability that allows remote exploitation and control of a vehicle, in a worst case scenario – and I know it’s alarmist – you are potentially handing a fleet of weapons to any interested party. That’s a real world example of why engineering security in at the base level is really important.”
He believes that too much emphasis is put on being the first to market, capturing customers and making a profit and that this commercial focus is coming at the detriment of security
“Security is seen as something that will slow you down in that regard. If we don’t do something to address it, through effective co-operation of the security industry and the manufacturing industry that’s creating IoT and between regulation, legislation, standards bodies and the security industry, then we will end up with this toxic legacy of connected devices that are easily exploitable.”
Trend Micro have been working with Panasonic to work on cyber security solutions for connected cars. The system works by detecting and preventing intrusions into the Electrical Control Units which control acceleration, steering and braking, as well as in-vehicle infotainment devices such as satnavs.
A spokesperson for Panasonic and Trend Micro said: “The risks of hackers taking control of steering and braking systems in connected cars are real. New security vulnerabilities are discovered every day, and they pose a risk for remote exploitation. It is therefore more important than ever to not only implement security measures in each vehicle but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilising the results to implement countermeasures against cyber-attacks to all vehicles.”