Besides a whole array of sensors, today's cars have computer systems that control several vital functions such as the automatic transmission, the anti-lock brakes, airbags, cruise control system, etc. But how secure are these computers?
A group of security researches who go by the name I Am the Cavalry issued an open letter to the Automotive Industry urging the car makers to build computer systems with security features based on the "safety by design" principle. Furthermore, they went on to say that the auto manufacturers should publish clear vulnerability disclosures in order to stimulate third-party collaborations.
I Am the Cavalry is a global organization that focuses on the matters in which public safety and computer security intersect. This collective of researchers is centered around four major areas: medical equipment, home devices, auto-vehicles and public infrastructure.
According the group, the wireless functionality added to the latest car computer systems can prove to be very dangerous without proper isolation and segmentation procedures to keep the vital systems out of harm's way. In their opinion, this partition should be done on a physical level rather then on logical one, to make it harder to bypass. Moreover, car makers should also find a way to deliver security updates without recalling the vehicles. Lastly, the automobile should keep logs to help out potential forensic investigations.
This open letter comes right after the Black Hat security conference where researchers presented a study on wireless attack surfaces of 24 car models from various auto makers.