Cisco, the networking hardware company, recently released an open-source hardware tool dubbed ‘4CAN’ to find security vulnerabilities in connected cars. The newly launched security tool will allow automobile security researchers and car manufacturers to identify potential flaws in sensors and control systems in modern cars, to ensure vehicle security.
Cisco stated that vulnerabilities in the control systems might cause serious threats in the cars, which allows attackers to get control of the vehicle’s system.
“To help secure modern automobile technology, Cisco has dedicated resources for automobile security. The Customer Experience Assessment & Penetration Team (CX APT) represents the integration of experts from the NDS, Neohapsis, and Portcullis acquisitions. This team provides a variety of security assessment and attack simulation services to customers around the globe. CX APT specializes in identifying vulnerabilities in connected vehicle components,” Cisco said in a statement.
“During a recent engagement, the Connected Vehicle Security practice identified a gap in tooling for automobile security assessments. With ease-of-use, modern car computing requirements, and affordability as motivating factors, the Connected Vehicle Security practice has built and is open-sourcing a hardware tool called “4CAN” with accompanying the software, for the benefit of all automobile security researchers. We hope 4CAN will give researchers and car manufacturers the ability to test their on-board computers for potential vulnerabilities, making the vehicles safer and more secure for drivers before they even leave the lot,” the statement added.
Consumer Watchdog, a non-profit organization, also had come up with a report stating that all advanced cars with Internet connections to their safety-critical systems are apparently vulnerable to fleet-wide hacks.
The report, Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off, revealed that automakers have disclosed the high risk of such hacks to their investors, but are keeping the public in the dark as they market new features based on Internet connections. For example, Ford disclosed to the Securities Exchange Commission in its 10K filing that the company and its suppliers have been the subject of a malicious hack, but the public is unaware of the exact details.