"Will SOTA Updates Help Hackers Steal Your Car?"

Software-Over-The-Air (SOTA) updates can help hackers steal a car, depending on the vehicle's level of SOTA capability and its level of communication security. A vehicle would directly receive SOTA updates from a cloud-based server. SOTA is an important capability for updating a car's software-controlled functions via a Wi-Fi or mobile network. However, these vehicle software updates must be hacker-proof as it has already been proven that malicious hackers could take over a vehicle. Updates transmitted by SOTA can affect the software controlling the vehicle's physical components, electronic processing systems, infotainment, and critical safety systems. A SOTA system could face attacks, including identity theft and the manipulation or repetition of transmitted messages, which could result in hackers gaining control of the vehicle. Software vulnerabilities pose a significant threat to passenger safety and vehicle performance, and could lead to many recalls. More than 8 million vehicles were recalled in the past few years, and about 4 million of those involved software problems. Symantec released a paper on vehicle security, focusing on the protection of the connected car architecture's various layers, such as the cloud-based layer, radio layer, Single-Board Computer (SBC), Body Control Module (BCM), and more. Symantec's work suggests that it will take many years to secure all components of the connected car, but an essential starting point is securing the head unit in the vehicle and then using it to manage and update the rest of the car. Recommended techniques include white-listing pre-approved code, controlling how that code can behave, running code in sandboxes, and monitoring code and activity across the Controller Area Network (CAN) bus, over the air, and within the modules. Ensuring SOTA security requires the combined responsibility of the vehicle manufacturers and their suppliers. This article continues to discuss the concept of SOTA, the security risks that SOTA may facilitate, and efforts to strengthen vehicle Internet-related security. 

Electropages reports "Will SOTA Updates Help Hackers Steal Your Car?"