Study shows carmakers use ‘auto-aware’ software in cars to detect flaws
By Chris Hunkin | 03/06/18 10:01:26Automakers are turning to the power of self-driving cars to spot vulnerabilities in their software and exploit them before they do.
In a new study published in the journal IEEE Transactions on Security and Privacy, researchers from Carnegie Mellon University and Carnegie Mellon Robotics Research analyzed the security and privacy implications of the auto-aware software used in the cars of some of the world’s biggest automakers.
The study found that a significant amount of the cars’ vulnerabilities were being exploited before they were fixed.
The researchers found that auto-assessment software on some cars was being used to scan a vehicle’s interior, looking for security holes and bugs.
The software then used machine learning to analyze the information gathered and create a list of vulnerabilities that were then used to trigger a remote code execution vulnerability.
The vulnerabilities the researchers found could potentially allow attackers to run malicious code on the vehicles, according to the study.
The research also found that some automakers were actively exploiting security vulnerabilities in the auto software before they even became publicly known.
In some cases, the cars were running on a software update that had not been released by the manufacturers.
The software on the cars was often being used by auto manufacturers to monitor the vehicles’ behavior to detect vulnerabilities and to patch the flaws before they made them public.
The researchers found there were over a dozen instances where auto-scanning software was being actively used by manufacturers to track the cars.
The report was the first to demonstrate the use of self auto-identification software in auto-driving vehicles.
The research team, led by Carnegie Mellon professor and auto security researcher Jens Reichert, identified about 70 vulnerabilities in auto systems that could have been exploited.
The vulnerabilities were exploited before the automakers were publicly known, which could have caused serious damage to their systems.
According to the researchers, the use by auto-safety regulators of auto-auto software is likely to increase.
“The companies that are going to use this [auto-assessed] software to help them in their safety certification process have a very large stake in that software,” Reichelt said in a press release.
“And if the software gets out there and it’s misused by the automakers, the automakers could be liable.”
The researchers are continuing to monitor and assess the auto industry’s auto-automation technologies to see how they will protect their systems from malicious use and other problems.
They also plan to release a full analysis of auto technology in the future.