Robert Bosch has announced that it will be rolling out a patch for its aftermarket connectivity dongle and smartphone app after a cybersecurity firm named Argus identified vulnerabilities in the authentication process between the Bosch’s Drivelog Connector dongle and its paired smatphone app. The dongle allows motorists to check vehicle diagnostics and to keep tabs on driving behavior and fuel consumption.
After identifying the weak point the experts at Argus ran a simulation which demonstrated that commands could be sent to a car through a Bluetooth connection, which could force a vehicle to stop. Argus did not try using the weak spot to get a running vehicle on a public road to stop, instead testing it on a moving vehicle in a parking lot.
Argus immediately revealed the details of the vulnerability to Bosch and Bosch quickly issued an immediate fix followed by a patch to prevent similar issues in the future.
Speaking about the issue, Argus CTO Yaron Galula said in a statement that the problem highlighted the fact that solutions based on cryptography, even when they are designed by the finest minds in the industry are foolproof. Vehicles need to be protected from hacking and cyber threats through multi-layered defenses.
Bosch commented saying that it welcomed collaboration from external security researchers, and anyone who identifies vulnerabilities is encouraged to report them to Bosch’s Product Security Incident Response Team. If any weak spots are identified internally, Bosch issues a public advisory and acknowledges the party who made the original report.
Tesla, FCA and General Motors are three automotive manufacturers who run programs which reward hackers who identify and report any weaknesses in their vehicles or websites. In 2015, automotive manufacturers and suppliers joined hands to form the Automotive Information Sharing and Analysis Center to work on best practices for automotive cybersecurity.
Your email address will not be published. Required fields are marked *
© 2017 Morjan Media LLC. All Rights Reserved.