"APIs in Vehicle Software Vulnerable to Attacks"

Application Programming Interfaces (APIs) are used in all of today's software, including the software in newer vehicles. This dependency has already resulted in critical vulnerabilities involving car owners' Personally Identifiable Information (PII), GPS tracking, and basic vehicle controls. As shown by the attack on Sirius XM, few automakers are immune to the problems posed by vulnerable APIs. The car industry must adopt a defense-in-depth cybersecurity approach, according to Ted Miracco, CEO of Approv. However, until the automotive industry and the related third-party vendors take steps to enhance API security, car owners and drivers face an increased risk. Any company with a fleet of vehicles or that provides company cars to employees must be aware of the existing and potential cybersecurity risks associated with each vehicle make and model. Compromised car APIs could manifest as a mere annoyance (e.g., honking horns) or pose a grave risk to the driver, as the engine could be remotely shut off while the vehicle is in motion. Runtime monitoring is one approach to checking car APIs for vulnerabilities. Insight into API activities will be required to ensure continued operation. This article continues to discuss vehicle APIs being vulnerable to attacks, the similarities between vehicle APIs and mobile apps, the UK's approach to bolstering the cybersecurity of vehicles, and how to check vehicle APIs for vulnerabilities.  

Security Boulevard reports "APIs in Vehicle Software Vulnerable to Attacks"