Browse Topic: Cybersecurity
The added connectivity and transmission of personal and payment information in electric vehicle (EV) charging technology creates larger attack surfaces and incentives for malicious hackers to act. As EV charging stations are a major and direct user interface in the charging infrastructure, ensuring cybersecurity of the personal and private data transmitted to and from chargers is a key component to the overall security. Researchers at Southwest Research Institute® (SwRI®) evaluated the security of direct current fast charging (DCFC) EV supply equipment (EVSE). Identified vulnerabilities included values such as the MAC addresses of both the EV and EVSE, either sent in plaintext or encrypted with a known algorithm. These values allowed for reprogramming of non-volatile memory of power-line communication (PLC) devices as well as the EV’s parameter information block (PIB). Discovering these values allowed the researchers to access the IPv6 layer on the connection between the EV and EVSE
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
The ISO TR 5469 Technical Report provides a framework to classify the AI/ML technology based on usage level and the properties and requirements to mitigate cyber and functional safety risks for the technology. This paper provides an overview of the approach used by ISO TR 5469 as well as an example of how one of the six ISO TR 5469 desirable properties (resilience to adversarial and intentional malicious input) can be analyzed for adversarial attacks. This paper will also show how a vehicle testbed can be used to provide a student with an AI model that can be used to simulate a non-targeted cyber security attack. The testbed can be used to simulate a poisoning attack where the student can manipulate a training data set to deceive the AI model during a simulated deployment.1 The University of Detroit Mercy (UDM) has developed Cyber-security Labs as a Service (CLaaS) to support teaching students how to understand and mitigate cyber security attacks. The UDM Vehicle Cyber Engineering (VCE
This SAE Technical Information Report (TIR) establishes the instructions for the documents required for the variety of potential functions for PEV communications, energy transfer options, interoperability, and security. This includes the history, current status, and future plans for migrating through these documents created in the Hybrid Communication and Interoperability Task Force, based on functional objective (e.g., [1] If I want to do V2G with an off-board inverter, what documents and items within them do I need, [2] What do we intend for V3 of SAE J2953, …).
Cybersecurity, particularly in the automotive sector, is of paramount importance in today’s digital age. With the advent of connected commercial vehicles, which leverage telematics for efficient fleet management, the landscape of automotive cybersecurity is rapidly evolving. These vehicles, integral to logistics and transportation businesses, are becoming increasingly connected, thereby escalating the risks associated with cybersecurity threats. These commercial vehicles are becoming prime targets for cyber-attacks due to their connectivity and the valuable data they hold. The potential consequences of these cyber-attacks can range from data breaches to disruptions in fleet operations, and even safety risks. This paper analyses the unique challenges faced by the commercial vehicle sector, such as the need for robust telematics systems, secure communication channels, and stringent data protection measures. Case studies of notable cybersecurity incidents involving commercial vehicles are
Virtualization features such as digital twins and virtual patching can accelerate development and make commercial vehicles more agile and secure. There is one sure-fire way to secure commercial vehicles from cyber-attacks. “You just remove the connectivity,” quipped Brandon Barry, CEO of Block Harbor Cybersecurity and the moderator of a panel session on “cybersecurity of virtual machines” at the SAE COMVEC 2024 conference in Schaumburg, Illinois. Obviously, that train has left the station - commercial vehicles of all types, including trains, are only becoming more automated and connected, which increases the risks for cyber-attacks. “We have very connected vehicles, so attacks can be posed not just through powertrain solutions but also through telemetry, infotainment systems connected to different applications and services, and also through cloud platforms,” said Trisha Chatterjee, current product support and data specialist for fuel cell and hydrogen technology at Accelera by Cummins.
A research team led by Rice University’s Edward Knightly has uncovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links, widely employed in critical applications such as 5G wireless cell phone signals and low-latency financial trading on Wall Street.
In today’s world, Vehicles are no longer mechanically dominated, with increased complexity, features and autonomous driving capabilities, vehicles are getting connected to internal and external environment e.g., V2I(Vehicle-to-Infrastructure), V2V(Vehicle-to-Vehicle), V2C(Vehicle-to-Cloud) and V2X(Vehicle-to-Everything). This has pushed classical automotive system in background and vehicle components are now increasingly dominated by software’s. Now more focus is made on to increase self-decision-making capabilities of automobile and providing more advance, safe and secure solutions e.g., Autonomous driving, E-mobility, and software driven vehicles, due to which vehicle digitization and lots of sensors inside and outside the vehicle are being used, and automobile are becoming intelligent. i.e., intelligent vehicles with advance safe and secure features but all these advancements come with significant threat of cybersecurity risk. Therefore, providing an automobile that is safe and
When cybersecurity firm Crowdstrike's platform went down in July, it became the most significant outage in the history of information technology, according to The Guardian. About 8.5 million Microsoft operating systems were affected, including almost every sector of the economy. In the wake of the crash, which was traced to a faulty software update pushed by Crowdstrike, the automotive business is among those developing new policies to avoid repeat incidents.
Data encryption is an essential part of keeping patient information private. It’s also remained relatively unchanged in recent decades — a rarity for anything in the cybersecurity space. The dawn of quantum computing will change that.
Usage of cloud technology is essential for aftersales tester providers. It eases the rollout of new tester content - for example, diagnostic data of new vehicle types, updated repair manuals or ECU software for flash programming. Cloud technology also implements security services such as user authentication information. Figure 1 shows a typical setup as it is implemented for the service of vehicles such as trucks and buses. The vehicle is parked (vehicle speed = zero) in the service workshop, and its E/E system is connected to the vehicle communication interface (VCI) via CAN or Ethernet. On the tester (TST) side, the TST-to-VCI connection is either USB or WiFi.
In the increasingly connected and digital world, businesses are sprinting to integrate technological advancements into their corporate fabric. This is evident with the emerging concept of “digital twinning.” Digital twins are virtual representations of real-world objects or systems used to digitally model performance, identify inefficiencies, and design solutions. This helps improve the “real world” product, reduces costs, and increases efficiency. However, this replication of a physical entity in the digital space is not without its challenges. One of the challenges that will become increasingly prevalent is the processing, storing, and transmitting of Controlled Unclassified Information (CUI). If CUI is not protected properly, an idea to save time, money, and effort could result in the loss of critical data. The Department of Defense's (DoD) CUI Program website defines CUI as “government-created or owned unclassified information that allows for, or requires, safeguarding and
Items per page:
50
1 – 50 of 548