The Dark Web's Automobile Hacking ForumsEtay Maor of IntSights Says Car Hacking Chats Thrive
There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights.
IntSights recently published a report on vehicle cybersecurity, exploring dark web forums where attacks are discussed.
"I actually was surprised at how many underground forums are actually dedicated and talking about these issues," he says in an interview with Information Security Media Group. "There are a lot of discussions on how to physically break into a car."
The goal is not to raise suspicion by breaking a window but rather to wage software-based attacks. The options include creating custom tools like those used by legitimate automotive technicians or capturing and replaying wireless signals used by remote entry systems, he says.
Vehicle manufacturers and cybersecurity experts are worrying about the potential for interference with mission-critical systems that could hurt someone. Luckily, Maor says he doesn't see a trend yet of cybercriminals aiming to, for example, remotely trigger an accident.
"The forums today are mostly around stealing and profiting, not really attacking and making the car crash," he says.
In this interview (see audio link below photo), Maor discusses:
- The attack surface of modern vehicles and the risks;
- How security must be balanced with the real-time requirements of critical data transmitted by computers in vehicles;
- What kind of attacks cybercriminals on the dark web are exploring.
Maor is chief security officer for IntSights, a New York-based cybersecurity firm that specializes in threat intelligence. He's an adjunct professor at Boston College's Woods College of Advancing Studies and serves on RSA's conference committee. He previously was executive security adviser with IBM.