Transportation is undergoing a significant evolution with connected vehicles and enhanced autonomous function. These technologies, critical to new product salability and enhanced efficiency, pose unique cybersecurity challenges. As vehicles have become connected, the connectivity provides significant benefits, but also presents significant risks. These risks arise in part from the violation of design principles that were true for decades, such as a reasonable understanding that there would be no remote connectivity to the CAN bus.
These technical cybersecurity risks have the potential to significantly impact the trust consumers place in vehicle manufacturers and fleet operators. Even if the component responsible for a cybersecurity incident is made by a Tier 2 supplier, the reputational risk will most greatly impact the OEM or fleet operator.
IOActive has distinguished itself with publicly presented original research on local and remote CAN bus attacks, as well as higher level surveys of the security of various vehicle network architectures and analysis of commonalities in vehicle cybersecurity vulnerabilities. In addition, IOActive has published original research on various cybersecurity vulnerabilities impacting the aviation – SATCOM security, in-flight systems, wireless systems – and maritime industries. This original research has been applied in assessments for clients in the aviation, on-highway and off-highway commercial vehicle, passenger vehicle, maritime and rail industries, including fleet operators in each.
IOActive’s application of original research into emerging vehicle cybersecurity threats has helped our global transportation clients identify and manage risks to their products, customers, and society.