National Oil & Lube News

February 2017

Digital issues of National Oil & Lube News, the trade magazine for the preventive maintenance industry

Issue link:

Contents of this Issue


Page 38 of 67

February 2017 | NOLN 39 Software Hacks Computer viruses have existed practically as long as there have been connected comput- ers, and these viruses became an issue for businesses and consumers alike in the 1990s and early 2000s. While malware or malicious software — a blanket term for viruses, Trojan horses, rootkits, backdoors and other soft- ware exploits — has remained an issue for computer users, the anti-virus/anti-malware industry has managed to combat and address this ongoing threat. At the same time, soft- ware designers have done a better job of pull- ing so-called holes or exploits in the code on desktops. In addition, developers of mobile phones and tablets have sought to create a better strategy of ensuring software compatibility and security through an approval process. is is also where software is largely obtained through app stores, and it has helped reduce the spread and prolifer- ation of malware to mobile devices. e problem today is cars are more connected yet largely unprotected when compared to the mobile phone or personal computer. Earlier this year, Internet security firm FireEye warned that connected vehicles could be at risk to certain types of software. is could include the manip- ulation of vehicle operation, by using vehicular systems as "command and control (C2) infra- structure" for illicit purposes and ransomware. e hacking of actual vehicles to take control is not only theoretical but has actually been achieved in a controlled test. During the Black Hat USA 2016 security conference in Las Ve- gas, professional security consultants/white hat hackers Charlie Miller and Chris Valasek, presented a video where they were able to take control of a 2014 Jeep Cherokee by sending false messages to its internal networks. is allowed them to take control of the Jeep's steering, ac- celerator and brakes. is hack came a year after the pair showed they could kill the engine in the same vehicle by hacking into its network, which prompted a recall of 1.4 million Jeeps and other vehicles so as to provide a software update. e C2 infrastructure hack could be used to target a connected vehicle, whereby that vehi- cle could spread malware to other nearby vehi- cles — much in the way a PC can be overtaken by malware and become a zombie machine to spread spam and viruses at the behest of the hackers. However, the greatest threat facing drivers could be ransomware, more recently dubbed jackware. It would be similar to attacks on PCs, whereby a computer or network is locked and essentially held for ransom. It has suggested that with a vehicle it might not be just a matter of being locked out of the device, but possibly even being locked in the car! While there hav- en't been any targeted attacks against vehicles, ransomware has been used against government and commercial institutions. A side category of ransomare is scareware, where the user is essen- tially fooled into paying a fee for service. is particular threat could be one that has the potential of fooling the less tech-savvy drivers — possibly with warnings that a vehicle's warranty needs to be renewed or that a driver violated a traffic law. Such threats, which could come in via the infotainment systems could seem very real to drivers, especially those who may be so wor- ried over a fine or warranty concern they pay first and research later. All of these threats could be serious enough that the industry will have to do something to combat it, including the hardening of systems

Articles in this issue

view archives of National Oil & Lube News - February 2017