U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Doubts about a draft anti car hacking law

Doubts about a couple of draft anti car hacking laws, they could create serious problems with innocent drivers and cyber security experts. Car hacking is a scaring reality, modern vehicles use a huge quantity of connected components that could be easily compromised knowing the communication protocol used by principal vendors. The interest in car hacking gained […]

Doubts about a draft anti car hacking law

Doubts about a couple of draft anti car hacking laws, they could create serious problems with innocent drivers and cyber security experts.

Car hacking is a scaring reality, modern vehicles use a huge quantity of connected components that could be easily compromised knowing the communication protocol used by principal vendors.

The interest in car hacking gained a high profile last summer when the popular hackers Miller and Valasek hackers remotely hacked a Jeep Cherokee SUV on a St. Louis highway on behalf of the Wired magazine. The hackers exploited security vulnerabilities in the wireless vehicle systems that automakers hope eventually will allow vehicles to communicate with each other.

The car vendor recalled 1.4 million vehicles for a software upgrade after the security duo disclosed the results of their experiment.

jeep cherokee remote-hacking

Two state senators in Michigan, Mike Kowall (R-White Lake) and Ken Horn (R-Frankenmuth), have proposed a law framework (SENATE BILL No. 927, SENATE BILL No. 928) that addresses car hacking with laws that promise life imprisonment for hackers.

Ironically also security researchers that investigate car hacking techniques stand outlaw.

The two draft bills state that anyone who repeatedly attempts to “intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle,” is committing a crime and risks the jail.

“I hope that we never have to use it,” said Kowall. “That’s why the penalties are what they are. The potential for severe injury and death are pretty high.”

Charlie Miller expressed his doubts about the new law and highlighted the problems it would cause to the security community.

The law forbids any manipulation of car firmware, even by the car owners.

There is no doubt about the necessity to carefully address cyber security issues in the automotive industry, but let me hope that in the future the experts from the cyber security industry will work together to approach the technical aspects of a law framework that will cover the car hacking.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – car hacking, connected cars)