Automotive News - Traverse City - August 7, 2019 - 9

AUTOMOTIVE NEWS CAR MBS DAILY

WEDNESDAY, AUGUST 7, 2019

9

Aftermarket an unlocked door in cybersecurity
Why a successful
hack of car alarms
raised eyebrows
Published June 17, 2019,
in Automotive News

T

Jim Henry

autonews@crain.com

he success of "white hat"
hackers in remotely penetrating
vehicle
controls
through aftermarket car-alarm
systems has sounded a new warning
in cybersecurity circles.
The hacks, carried out last year by a
research team in the U.K., make plain
that the entire automotive supply
chain will probably have to be enlisted
to ensure future vehicle security - including Tier 2 and even aftermarket
manufacturers, experts say.
Being able to reach into a vehicle
through parts made outside of an automaker's control represents a new
wrinkle in cybersecurity. The vast and
growing marketplace of aftermarket
add-on electronics remains a largely
unmonitored field of activity, said Ken
Munro, a security researcher with Pen
Test Partners of Buckingham, England, which conducted the hacks.
"There is so much more vulnerability," Munro told Automotive News. "In
my experience, the OEMs are really
waking up. But they have a lot of legacy
product in the market already.
"My concern is not so much the
OEMs, it's all their suppliers and the
aftermarket."

cle's occupants; and in some cases,
kill the engine, even when the vehicle
was moving, Munro said.
David Barzilai, chairman of Karamba
Security of Hod Hasharon, Israel, said
the Pen Test hack did not surprise him.
Karamba has gathered intelligence
on hacking activity by setting up
what Barzilai calls "honey pot" decoys, connected to the Internet with
no security protection or with easily
guessed passwords. He said that
within a month, each decoy recorded
more than 300,000 hacking attempts.
All those attempts were almost certainly carried out by automated means.
Hackers don't necessarily know what
kind of device they're breaking into,
Barzilai said. But once robotic hackers

gain access to a device, any device running sophisticated programs such as
those used in vehicles would become
targets, he said.
Karamba's security technology will
go into its first mass-produced vehicles
this year, Barzilai said. He declined to
disclose the automaker customer.
Monique Lance, marketing director
for another Israeli supplier, Argus Cyber Security of Tel Aviv, said she was
aware of the Pen Test hack. Argus is
part of Elektrobit, which is owned by
the global Tier 1 supplier Continental.
"It's just another example of how
increased connectivity is exposing
OEMs to higher and higher risks,"
Lance said. "It's a warning signal for
all the OEMs." m

AUTOMOTIVE NEWS ILLUSTRATION

Vulnerability
Munro said the Pen Test team
hacked into vehicles through alarm
systems from Directed Electronics of
Vista, Calif., and from the Russian-based Pandora Car Alarm Systems. Directed's products include
Viper-brand car alarms that are
available in the United States.
Pen Test normally conducts what is
referred to as "penetration testing" as
a service to companies that want their
security tested. But Munro said his
company hacked the car alarms not
for a client, but simply as a challenge.
Directed Electronics said in a written statement that Pen Test had notified it about its vulnerability. Pandora Car Alarm Systems could not be
reached for comment.
"We appreciate the diligence of
groups like Pen Test Partners in bringing this matter to our attention and are
happy that it was quickly and successfully addressed," Chris Pearson, director of marketing for Directed Electronics, said in the written statement. "The
issue was quickly rectified."
Directed Electronics said it believes
"no customer data was exposed, and
that no accounts were accessed without authorization during the short period this vulnerability existed."
Pen Test conducted the research in
a controlled experiment after equipping different vehicle makes and
models with car alarms that researchers bought.

Hacking results
The results varied by vehicle and
alarm brand. But once the systems
were hacked, researchers could locate a vehicle in real time; identify
the car type and the owner's identity;
disable the alarm; unlock the vehicle; possibly eavesdrop on the vehi-

Follow us on
HELLA Corporate Center USA, Inc.
Marketing Original Equipment
15951 Technology Drive
Northville, MI 48168
www.hellausa.com
Info-usa@HELLA.com

PASSION
FOR CLEAN
MOBILITY
HELLA is shaping mobility of the future with
energy management systems and thermal
management solutions that make eco-friendly
driving even better.



http://www.hellausa.com

Automotive News - Traverse City - August 7, 2019

Table of Contents for the Digital Edition of Automotive News - Traverse City - August 7, 2019

Automotive News - Traverse City - August 7, 2019 - 1
Automotive News - Traverse City - August 7, 2019 - 2
Automotive News - Traverse City - August 7, 2019 - 3
Automotive News - Traverse City - August 7, 2019 - 4
Automotive News - Traverse City - August 7, 2019 - 5
Automotive News - Traverse City - August 7, 2019 - 6
Automotive News - Traverse City - August 7, 2019 - 7
Automotive News - Traverse City - August 7, 2019 - 8
Automotive News - Traverse City - August 7, 2019 - 9
Automotive News - Traverse City - August 7, 2019 - 10
Automotive News - Traverse City - August 7, 2019 - 11
Automotive News - Traverse City - August 7, 2019 - 12
Automotive News - Traverse City - August 7, 2019 - 13
Automotive News - Traverse City - August 7, 2019 - 14
Automotive News - Traverse City - August 7, 2019 - 15
Automotive News - Traverse City - August 7, 2019 - 16
Automotive News - Traverse City - August 7, 2019 - 17
Automotive News - Traverse City - August 7, 2019 - 18
Automotive News - Traverse City - August 7, 2019 - 19
Automotive News - Traverse City - August 7, 2019 - 20
Automotive News - Traverse City - August 7, 2019 - 21
Automotive News - Traverse City - August 7, 2019 - 22
Automotive News - Traverse City - August 7, 2019 - 23
Automotive News - Traverse City - August 7, 2019 - 24
https://www.nxtbook.com/nxtbooks/crain/an_20240429_supp
https://www.nxtbook.com/nxtbooks/crain/an3219542277LMDFA_supp
https://www.nxtbook.com/nxtbooks/crain/an3435609782TWTKL_supp
https://www.nxtbook.com/nxtbooks/crain/an2737646517HKDWS_supp
https://www.nxtbook.com/nxtbooks/crain/an2746596872HIAJD_supp
https://www.nxtbook.com/nxtbooks/crain/an4955867723FWRSS_supp
https://www.nxtbook.com/nxtbooks/crain/an1326535475LMTIM_supp
https://www.nxtbook.com/nxtbooks/crain/an3887461294KHGFY_supp
https://www.nxtbook.com/nxtbooks/crain/an3245837562PLINN_supp
https://www.nxtbook.com/nxtbooks/crain/an4756684734HIGTK_supp
https://www.nxtbook.com/nxtbooks/crain/an8475647221RWSTS_supp
https://www.nxtbook.com/nxtbooks/crain/an4475637112TIGSM_supp
https://www.nxtbook.com/nxtbooks/crain/an4472236451GHTLT_supp
https://www.nxtbook.com/nxtbooks/crain/an8875623549CBWAF_supp
https://www.nxtbook.com/nxtbooks/crain/an2713984755IBPIT_supp
https://www.nxtbook.com/nxtbooks/crain/an2365889566CBASA_supp
https://www.nxtbook.com/nxtbooks/crain/an2713985847ISTTW_supp
https://www.nxtbook.com/nxtbooks/crain/an9826351139SHNKT_supp
https://www.nxtbook.com/nxtbooks/crain/an4239576129HTSKA_supp
https://www.nxtbook.com/nxtbooks/crain/an4859867123HPGMF_supp
https://www.nxtbook.com/nxtbooks/crain/an9875632144BLASA_supp
https://www.nxtbook.com/nxtbooks/crain/an5948576134HMTFC_supp
https://www.nxtbook.com/nxtbooks/crain/an4958670126PBWGM_supp
https://www.nxtbook.com/nxtbooks/crain/an9384756453JBFPW_supp
https://www.nxtbook.com/nxtbooks/crain/an8395756432AMIHC_supp
https://www.nxtbook.com/nxtbooks/crain/an9405856762CSFLS_supp
https://www.nxtbook.com/nxtbooks/crain/an3873120954AMTCW_supp
https://www.nxtbook.com/nxtbooks/crain/an8097364512SITPF_supp
https://www.nxtbook.com/nxtbooks/crain/an3478925478LIALS_supp
https://www.nxtbook.com/nxtbooks/crain/an9894756324SSFTL_supp
https://www.nxtbook.com/nxtbooks/crain/an5847323487AICCS_supp
https://www.nxtbook.com/nxtbooks/crain/an3874321237DILDC_supp
https://www.nxtbook.com/nxtbooks/crain/an8784431649FWCWY_supp
https://www.nxtbook.com/nxtbooks/crain/an8392274512LCCSM_supp
https://www.nxtbook.com/nxtbooks/crain/an5623423988AMCTW_supp
https://www.nxtbook.com/nxtbooks/crain/an9384756213BALRS_supp
https://www.nxtbook.com/nxtbooks/crain/an9382218435SPOMB_supp
https://www.nxtbook.com/nxtbooks/crain/ANshowdaily80819
https://www.nxtbook.com/nxtbooks/crain/ANshowdaily80719
https://www.nxtbook.com/nxtbooks/crain/ANshowdaily80619
https://www.nxtbook.com/nxtbooks/crain/an3214543326LCFPC_supp
https://www.nxtbook.com/nxtbooks/crain/an9381127498RISGS_supp
https://www.nxtbook.com/nxtbooks/crain/an8473635224CDSLM_supp
https://www.nxtbook.com/nxtbooks/crain/an8373746387BIMHS_retail
https://www.nxtbook.com/nxtbooks/crain/an7698534210IRHTD_supp
https://www.nxtbook.com/nxtbooks/crain/an8447751218IHAGC_supp
https://www.nxtbook.com/nxtbooks/crain/an8576321197WMPRC_supp
https://www.nxtbook.com/nxtbooks/crain/an6399112438IRHAH_supp
https://www.nxtbook.com/nxtbooks/crain/an8736450912ADGJT_supp
https://www.nxtbook.com/nxtbooks/crain/an8700873122RNARH_supp
https://www.nxtbook.com/nxtbooks/crain/an1093836455HAGTA_supp
https://www.nxtbook.com/nxtbooks/crain/an9808765635GTJTW_supp
https://www.nxtbook.com/nxtbooks/crain/an6525367432FHMLB_supp
https://www.nxtbook.com/nxtbooks/crain/an8597421143MCFPA_supp
https://www.nxtbook.com/nxtbooks/crain/an4298726547VWGGA_supp
https://www.nxtbook.com/nxtbooks/crain/an7799856412ILBOV_supp
https://www.nxtbook.com/nxtbooks/crain/an2056982648AHHIA_supp
https://www.nxtbook.com/nxtbooks/crain/an5678154982IEHDT_supp
https://www.nxtbook.com/nxtbooks/crain/an0211270720DPISS_supp
https://www.nxtbook.com/nxtbooks/crain/an2325269754PSINO_supp
https://www.nxtbook.com/nxtbooks/crain/an5627892889EASBC_supp
https://www.nxtbook.com/nxtbooks/crain/an4778021396LTBFA_supp
https://www.nxtbook.com/nxtbooks/crain/an1549365874TIUIG_supp
https://www.nxtbook.com/nxtbooks/crain/an9685896971RTQAT_supp
https://www.nxtbook.com/nxtbooks/crain/an3126539765SSIKM_supp
https://www.nxtbook.com/nxtbooks/crain/an2348716424IHBFN_v2
https://www.nxtbook.com/nxtbooks/crain/an2713112513DPIAA_GEDsupp
https://www.nxtbook.com/nxtbooks/crain/an2713112513DPIAA_GIEsupp
https://www.nxtbook.com/nxtbooks/crain/an5740978765KIYTC_v2
https://www.nxtbook.com/nxtbooks/crain/an8786483429YWIRB_v2
https://www.nxtbook.com/nxtbooks/crain/an1441850607BCEKP_supp
https://www.nxtbook.com/nxtbooks/crain/an2231982341SHRK_supp
https://www.nxtbook.com/nxtbooks/crain/an9824752309LOLIKP_supp
https://www.nxtbook.com/nxtbooks/crain/an8849332574YIKP_supp
https://www.nxtbook.com/nxtbooks/crain/an3756575112SAIKPv2
https://www.nxtbook.com/nxtbooks/crain/an7389812526DOQKPv2
https://www.nxtbook.com/nxtbooks/crain/an7474633298JQMKPv2
https://www.nxtbook.com/nxtbooks/crain/an8763487432NAOKPv2
https://www.nxtbook.com/nxtbooks/crain/an3748383922LRGKPv2
https://www.nxtbook.com/nxtbooks/crain/an8347508927POTKPv2
https://www.nxtbook.com/nxtbooks/crain/an9610620377FSKKP_supp
https://www.nxtbook.com/nxtbooks/crain/an4981263095CBNKP_supp
https://www.nxtbook.com/nxtbooks/crain/an6723445245SDFLF_supp
https://www.nxtbook.com/nxtbooks/crain/an4862340134FSEJC_supp
https://www.nxtbook.com/nxtbooks/crain/an4596813450LQFCN_supp
https://www.nxtbook.com/nxtbooks/crain/an2348692346SDGCN_supp
https://www.nxtbook.com/nxtbooks/crain/an1634224522ASDLC_supp
https://www.nxtbook.com/nxtbooks/crain/an0267104334RTSJC_supp
https://www.nxtbook.com/nxtbooks/crain/an6029878560PGSCN_supp
https://www.nxtbook.com/nxtbooks/crain/an5214469855HGBKP_supp
https://www.nxtbook.com/nxtbooks/crain/an1062061234GSGBL_supp
https://www.nxtbook.com/nxtbooks/crain/an5038325406GSDCN_supp
https://www.nxtbook.com/nxtbooks/crain/an3992752354ASPLF_supp
https://www.nxtbook.com/nxtbooks/crain/an7986445324GHYCN_supp
https://www.nxtbook.com/nxtbooks/crain/an1455687392FTBTE_v2
https://www.nxtbook.com/nxtbooks/crain/an2289678453HBCLF_v2
https://www.nxtbook.com/nxtbooks/crain/an5633892673TBEKP_v2
https://www.nxtbook.com/nxtbooks/crain/an4663981572FBCJC_v2
https://www.nxtbook.com/nxtbooks/crain/ane_7746982457HCTBV_supp
https://www.nxtbook.com/nxtbooks/crain/an8994656823RVGCN_v2
https://www.nxtbook.com/nxtbooks/crain/an4566329884GVTLF_supp
https://www.nxtbook.com/nxtbooks/crain/an7466398157YCPTS_supp
https://www.nxtbook.com/nxtbooks/crain/an5334987156YBHBL_supplement
https://www.nxtbook.com/nxtbooks/crain/an2822679175GTHTS_bestpractices
https://www.nxtbook.com/nxtbooks/crain/an4893356182CJPCN_v2
https://www.nxtbook.com/nxtbooks/crain/an8388619274RBCCN_v2
https://www.nxtbook.com/nxtbooks/crain/an7833092572SPRBW_v2
https://www.nxtbook.com/nxtbooks/crain/an5533789923FTBLF_v2
https://www.nxtbook.com/nxtbooks/crain/an7884599237HYQJC_v2
https://www.nxtbook.com/nxtbooks/crain/an1335576249HBWKP_v2
https://www.nxtbook.com/nxtbooks/crain/an7855749033KPMLF_v2
https://www.nxtbook.com/nxtbooks/crain/an8946778932RBTTS_v2
https://www.nxtbook.com/nxtbooks/crain/an6735519136YBPMG_v2
https://www.nxtbook.com/nxtbooks/crain/an_20130318Top125
https://www.nxtbook.com/nxtbooks/crain/an3766500224HBPJC_v2
https://www.nxtbook.com/nxtbooks/crain/an_080612_supp
https://www.nxtbookmedia.com