DOCSLIB.ORG

Document Title Security Models

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Document Title Security Models HEAVENS – HEAling Vulnerabilities to ENhance Software Security and Safety Dnr 2012-04625 Document Title Security models Document Type Deliverable Document Number D2 Aljoscha Lautenbach, [email protected], Chalmers Document Responsible Mafijul Islam, [email protected], Volvo AB Document Version 2.0 Document Status Released (March 18, 2016) Dissemination Level Public Last Change March 18, 2016 Project Acronym HEAVENS Project Title HEAling Vulnerabilities to ENhance Software Security and Safety Research Program Vinnova/FFI (Fordonsutveckling/Vehicle Development), Sweden Diary Number 2012-04625 Project Duration April 2013 – March 2016 Project Coordinator Mats Olsson, [email protected] , Volvo AB © 2016 The HEAVENS Consortium HEAVENS (Dnr 2012-04625) Deliverable D2 Security models This page is intentionally left blank © 2016 The HEAVENS Consortium 2(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models Executive Summary This deliverable (D2 Security models, Release 2, Version 2.0) presents the results and achievements of work package WP2 (Security models) of the HEAVENS project. The goal of this deliverable is to present a systematic approach of deriving security requirements for the automotive Electrical and/or Electronic (E/E) systems. It suggests an adaption of generic security engineering process for the automotive domain. The deliverable presents state-of-the-art threat analysis and risk assessment methodologies, processes, frameworks and tools, considering various industrial domains, for example, IT security, telecommunications, software engineering and defense. It presents the results obtained from performing a critical review of the state-of-the-art threat analysis and risk assessment in the context of the automotive industry. Based on this, a new security model − HEAVENS security model − for the automotive industry is proposed to facilitate deriving security requirements for the automotive E/E systems. The model includes methods, processes and tool support with focus on threat analysis and risk assessment aspects of security engineering process. Then, this deliverable presents the results obtained from a proof-of-concept implementation and evaluation of the proposed HEAVENS security model by using a couple of automotive use cases. This deliverable also discusses the HEAVENS security model in the context of existing standards, for example, ISO 26262 for functional safety and Common Criteria for IT Security Evaluation. © 2016 The HEAVENS Consortium 3(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models This page is intentionally left blank © 2016 The HEAVENS Consortium 4(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models Contributors Editors Affiliation Email Aljoscha Lautenbach Chalmers [email protected] Mafijul Islam ATR, GTT, Volvo AB [email protected] Contributors Affiliation Email Mafijul Islam ATR, GTT, Volvo AB Christian Sandberg ATR, GTT, Volvo AB Andreas Bokesand VE, GTT, Volvo AB Tomas Olovsson Chalmers Pierre Kleberger Chalmers Aljoscha Lautenbach Chalmers Andrew Söderberg-Rivkin Chalmers/Volvo AB Sathya Prakash Kadhirvelan Chalmers/Volvo AB Anders Hansson SECTRA AB Henrik Broberg Volvo Car Corporation (VCC) HEAVENS Consortium © 2016 The HEAVENS Consortium 5(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models This page is intentionally left blank © 2016 The HEAVENS Consortium 6(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models Document Change History Version Date Contributor Description 0.1 May 09, 2014 Aljoscha Lautenbach First draft of “D2 Security models” created. 1.0 Sep 29, 2014 Mafijul Islam Version 1.0, Release 1 of D2. 2.0 Feb 23, 2016 Christian Sandberg Moved material from D3.1 to this document. Draft version 2.0 Mar 18, 2016 Mafijul Islam Updated with comments and references. Released version © 2016 The HEAVENS Consortium 7(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models This page is intentionally left blank © 2016 The HEAVENS Consortium 8(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models Table of Contents Executive Summary ................................................................................................................................. 3 Contributors ............................................................................................................................................. 5 Document Change History ...................................................................................................................... 7 Table of Contents .................................................................................................................................... 9 List of Figures ........................................................................................................................................ 13 List of Tables ......................................................................................................................................... 15 List of Abbreviations .............................................................................................................................. 17 1. Introduction .................................................................................................................................... 19 1.1 Background .............................................................................................................................. 19 1.2 Objective ................................................................................................................................... 19 1.3 Scope and limitation ................................................................................................................. 19 1.4 Relation to other project activities ............................................................................................ 20 1.5 Document outline ...................................................................................................................... 21 2. Approaches to security modeling ................................................................................................... 23 2.1 What is security? ...................................................................................................................... 23 2.1.1 Security attributes ........................................................................................................................................... 24 2.1.2 Security objectives .......................................................................................................................................... 26 2.2 Security and safety engineering ............................................................................................... 27 2.3 Security modeling ..................................................................................................................... 31 2.4 Security metrics ........................................................................................................................ 31 3. Threat modeling and risk assessment – processes, methods and tools ....................................... 33 3.1 Concepts, frameworks and processes ..................................................................................... 33 3.1.1 Generic system security engineering .............................................................................................................. 33 3.1.2 Microsoft − threat modeling and security development lifecycle ...................................................................... 34 3.1.3 Trike ............................................................................................................................................................... 35 3.1.4 OCTAVE ......................................................................................................................................................... 36 3.1.5 Miscellaneous models ..................................................................................................................................... 37 3.2 Methods and models for threat analysis and risk assessment ................................................. 38 3.2.1 CIA model ....................................................................................................................................................... 39 3.2.2 Microsoft – STRIDE and DREAD .................................................................................................................... 39 3.2.3 CVSS model ................................................................................................................................................... 40 3.2.4 OWASP model ................................................................................................................................................ 41 © 2016 The HEAVENS Consortium 9(100) HEAVENS (Dnr 2012-04625) Deliverable D2 Security models 3.2.5 EVITA model .................................................................................................................................................. 42 3.2.6 Threat, Vulnerability, and Risk Analysis (TVRA) .............................................................................................. 42 3.2.7 SECTRA model .............................................................................................................................................. 44 3.3 Tool support .............................................................................................................................
Load more

Recommended publications
  • Intrusion Detection System for Automotive Controller Area Network (CAN) Bus System: a Review Siti-Farhana Lokman* , Abu Talib Othman and Muhammad-Husaini Abu-Bakar
    Lokman et al. EURASIP Journal on Wireless Communications and Networking (2019) 2019:184 https://doi.org/10.1186/s13638-019-1484-3 REVIEW Open Access Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review Siti-Farhana Lokman* , Abu Talib Othman and Muhammad-Husaini Abu-Bakar Abstract The modern vehicles nowadays are managed by networked controllers. Most of the networks were designed with little concern about security which has recently motivated researchers to demonstrate various kinds of attacks against the system. In this paper, we discussed the vulnerabilities of the Controller Area Network (CAN) within in- vehicle communication protocol along with some potential attacks that could be exploited against it. Besides, we present some of the security solutions proposed in the current state of research in order to overcome the attacks. However, the main goal of this paper is to highlight a holistic approach known as intrusion detection system (IDS) which has been a significant tool in securing networks and information systems over the past decades. To the best of our knowledge, there is no recorded literature on a comprehensive overview of IDS implementation specifically in the CAN bus network system. Thus, we proposed an in-depth investigation of IDS found in the literature based on the following aspects: detection approaches, deployment strategies, attacking techniques, and finally technical challenges. In addition, we also categorized the anomaly-based IDS according to these methods, e.g., frequency- based, machine learning-based, statistical-based, and hybrid-based as part of our contributions. Correspondingly, this study will help to accelerate other researchers to pursue IDS research in the CAN bus system.
    [Show full text]
  • Wittgenstein's Critical Physiognomy
    Nordic Wittgenstein Review 3 (No. 1) 2014 Daniel Wack [email protected] Wittgenstein’s Critical Physiognomy Abstract In saying that meaning is a physiognomy, Wittgenstein invokes a philosophical tradition of critical physiognomy, one that developed in opposition to a scientific physiognomy. The form of a critical physiognomic judgment is one of reasoning that is circular and dynamic, grasping intention, thoughts, and emotions in seeing the expressive movements of bodies in action. In identifying our capacities for meaning with our capacities for physiognomic perception, Wittgenstein develops an understanding of perception and meaning as oriented and structured by our shared practical concerns and needs. For Wittgenstein, critical physiognomy is both fundamental for any meaningful interaction with others and a capacity we cultivate, and so expressive of taste in actions and ways of living. In recognizing how fundamental our capacity for physiognomic perception is to our form of life Wittgenstein inherits and radicalizes a tradition of critical physiognomy that stretches back to Kant and Lessing. Aesthetic experiences such as painting, poetry, and movies can be vital to the cultivation of taste in actions and in ways of living. Introduction “Meaning is a physiognomy.” –Ludwig Wittgenstein (PI, §568) In claiming that meaning is a physiognomy, Wittgenstein appears to call on a discredited pseudo-science with a dubious history of justifying racial prejudice and social discrimination in order to 113 Daniel Wack BY-NC-SA elucidate his understanding of meaning. Physiognomy as a science in the eighteenth and nineteenth century aimed to provide a model of meaning in which outer signs serve as evidence for judgments about inner mental states.
    [Show full text]
  • Automotive Cybersecurity: Foundations for Next-Generation Vehicles
    Automotive Cybersecurity: Foundations for Next-Generation Vehicles Michele Scalas, Student Member, IEEE Giorgio Giacinto, Senior Member, IEEE Department of Electrical and Electronic Engineering Department of Electrical and Electronic Engineering University of Cagliari University of Cagliari Cagliari, Italy Cagliari, Italy [email protected] [email protected] Abstract—The automotive industry is experiencing a serious Vehicle-to-Vehicle), with a generic infrastructure (V2I) or with transformation due to a digitalisation process and the transition pedestrians (V2P). The typical application of these models is to the new paradigm of Mobility-as-a-Service. The next-generation smart cities, with the aim of optimising traffic management, vehicles are going to be very complex cyber-physical systems, whose design must be reinvented to fulfil the increasing demand sending alerts in case of incidents, coordinating a fleet of of smart services, both for safety and entertainment purposes, vehicles. causing the manufacturers’ model to converge towards that of As regards autonomous driving, it consists in expanding the IT companies. Connected cars and autonomous driving are the current Advanced Driver Assistance Systems (ADASs), such preeminent factors that drive along this route, and they cause the as lane keeping and braking assistants, in order to obtain a necessity of a new design to address the emerging cybersecurity issues: the ”old” automotive architecture relied on a single closed fully autonomous driverless car. The Society of Automotive network, with no external communications; modern vehicles are Engineers (SAE) provides, in fact, six possible levels of going to be always connected indeed, which means the attack autonomy, from level 0, with no assistance, to level 5, where surface will be much more extended.
    [Show full text]
  • Securing the Modern Vehicle: a Study of Automotive Industry Cybersecurity Practices
    Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices An independent study commissioned by and Table of Contents Executive Summary ............................................................................................ 1 Organizational Dynamics and Challenges ........................................................... 3 Technical Dynamics and Challenges .................................................................... 6 Product Development and Security Testing Practices ......................................... 9 Supply Chain and Third-Party Component Challenges ........................................ 13 Conclusions ........................................................................................................ 14 Methods ............................................................................................................. 15 Appendix: Detailed Survey Results ..................................................................... 18 Ponemon Institute .............................................................................................. 29 Executive Summary Today’s vehicle is a connected, mobile computer, which has introduced an issue the automotive industry has little experience dealing with: cybersecurity risk. Automotive manufacturers have become as much software as transportation companies, facing all the challenges inherent to software security. Synopsys and SAE International partnered to commission this independent survey of the current cybersecurity practices in the automotive
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • ARISTOTLE and the IMPORTANCE of VIRTUE in the CONTEXT of the POLITICS and the NICOMACHEAN ETHICS and ITS RELATION to TODAY Kyle Brandon Anthony Bucknell University
    Bucknell University Bucknell Digital Commons Honors Theses Student Theses 2010 ARISTOTLE AND THE IMPORTANCE OF VIRTUE IN THE CONTEXT OF THE POLITICS AND THE NICOMACHEAN ETHICS AND ITS RELATION TO TODAY Kyle Brandon Anthony Bucknell University Follow this and additional works at: https://digitalcommons.bucknell.edu/honors_theses Part of the Philosophy Commons Recommended Citation Anthony, Kyle Brandon, "ARISTOTLE AND THE IMPORTANCE OF VIRTUE IN THE CONTEXT OF THE POLITICS AND THE NICOMACHEAN ETHICS AND ITS RELATION TO TODAY" (2010). Honors Theses. 21. https://digitalcommons.bucknell.edu/honors_theses/21 This Honors Thesis is brought to you for free and open access by the Student Theses at Bucknell Digital Commons. It has been accepted for inclusion in Honors Theses by an authorized administrator of Bucknell Digital Commons. For more information, please contact [email protected]. Table of Contents Introduction 1 Chapter 1 What does it mean to live a good life? 7 The virtuous life 8 Ethical virtue 13 Bravery as an ethical virtue 20 Justice 22 Chapter 2 The Politics and the ideal polis 28 Development of a polis 29 Features of an ideal polis 32 What does it mean to be a citizen of a polis? 40 Aristotle’s views on education 42 Social groups in a polis who are not recognized as citizens 45 Non-ideal political systems 51 Chapter 3 Connections between the Politics and the Ethics 57 Chapter 4 Difficulties in applying Aristotle’s theories to a modern setting 68 Conclusion Where do we go from here? 87 Bibliography 89 iv Acknowledgements First off, I have to thank God, as He helped me endure this project and gave me the courage to press on when I became frustrated, angry, and ready to quit.
    [Show full text]
  • IS GOD in HEAVEN? John Morreall Religion Department the College of William and Mary
    IS GOD IN HEAVEN? John Morreall Religion Department The College of William and Mary 1. Introduction t first glance, this question may seem as silly as the quip “Is the Pope Catholic?” For in the Biblical traditions what Ais older and more accepted than the idea that God is in heaven? In his prayer dedicating the temple, Solomon says over and over, “Hear in heaven your dwelling place (I Kings 8:30, 32, 34, 36, 39, 43, 45, 49), and many Jewish prayers are addressed to God in heaven. The central prayer of Christians, composed by Jesus, begins, “Our Father, who art in heaven.” Both the Apostles’ Creed and the Nicene Creed say that Jesus ascended into heaven, where he is now “seated at the right hand of the Father.” What I will show, however, is that, far from being an obvious truth, the claim that God is in heaven is logically incoherent, and so necessarily false. I will begin by presenting four features of the traditional concept of heaven, two from the Hebrew Bible, and two from the New Testament and early Christianity. All of these features were developed at a time when God was thought of as a physical being. But, I will then argue, once Christians thought of God as nonphysical, the traditional concept of heaven was no longer acceptable. My argument is that: 1. Heaven is a place. 2. Only what is physical is located in a place. 3. God is not physical. 4. So God is not located in a place. 5. So God is not located in heaven.
    [Show full text]
  • Aristotle: Movement and the Structure of Being
    Aristotle: Movement and the Structure of Being Author: Mark Sentesy Persistent link: http://hdl.handle.net/2345/2926 This work is posted on eScholarship@BC, Boston College University Libraries. Boston College Electronic Thesis or Dissertation, 2012 Copyright is held by the author, with all rights reserved, unless otherwise noted. Boston College The Graduate School of Arts and Sciences Department of Philosophy ARISTOTLE: MOVEMENT AND THE STRUCTURE OF BEING a dissertation by MARK SENTESY submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy December 2012 © copyright by MARK SENTESY 2012 Aristotle: Movement and the Structure of Being Mark Sentesy Abstract: This project sets out to answer the following question: what does movement contribute to or change about being according to Aristotle? The first part works through the argument for the existence of movement in the Physics. This argument includes distinctive innovations in the structure of being, notably the simultaneous unity and manyness of being: while material and form are one thing, they are two in being. This makes it possible for Aristotle to argue that movement is not intrinsically related to what is not: what comes to be does not emerge from non‐being, it comes from something that is in a different sense. The second part turns to the Metaphysics to show that and how the lineage of potency and activity the inquiry into movement. A central problem is that activity or actuality, energeia, does not at first seem to be intrinsically related to a completeness or end, telos. With the unity of different senses of being at stake, Aristotle establishes that it is by showing that activity or actuality is movement most of all, and that movement has and is a complete end.
    [Show full text]
  • Specification-Based Automotive Intrusion Detection Using Controller Area Network
    This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.doi.org/10.1109/TVT.2019.2961344 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. XX, NO. XX, XXX 2019 1 SAIDuCANT: Specification-based Automotive Intrusion Detection using Controller Area Network (CAN) Timing Habeeb Olufowobi, Clinton Young, Joseph Zambreno, Senior Member, IEEE, and Gedare Bloom, Senior Member, IEEE Abstract—The proliferation of embedded devices in modern and attacks [2]. Vulnerabilities across the autonomous vehi- vehicles has opened the traditionally-closed vehicular system to cles, vehicular ad-hoc networks, vehicle-to-vehicle, vehicle-to- the risk of cybersecurity attacks through physical and remote infrastructure, connected car, intelligent transportation system, access to the in-vehicle network such as the controller area network (CAN). The CAN bus does not implement a security and even traditional (non-connected) automobiles motivate protocol that can protect the vehicle against the increasing cyber adversaries to launch cyberattacks against vehicles [3]. Unfor- and physical attacks. To address this risk, we introduce a novel tunately, today’s car lacks the necessary security mechanisms algorithm to extract the real-time model parameters of the CAN to protect the vehicular system from attack. bus and develop SAIDuCANT, a specification-based intrusion A critical asset to secure is the automotive in-vehicle detection system (IDS) using anomaly-based supervised learning with the real-time model as input. We evaluate the effectiveness of network, which facilitates communication between ECUs over SAIDuCANT with real CAN logs collected from two passenger multiple physical networks and protocols, with the most preva- cars and on an open-source CAN dataset collected from real- lent being the controller area network (CAN).
    [Show full text]
  • Security Control Mechanism for Safety Critical Functions Operating on an Automotive Controller Area Network
    Security Control Mechanism for Safety Critical Functions Operating on an Automotive Controller Area Network A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University By Matt Appel, Graduate Program in Electrical and Computer Engineering The Ohio State University 2020 Master's Examination Committee: Prof. Girogio Rizzoni, Advisor Prof. Ness Shroff Prof. Qadeer Ahmed c Copyright by Matt Appel 2020 Abstract Safety-critical systems in automotive design are facing new challenges associated with advancements in autonomous functionality and connectivity. One of those chal- lenges is security in these systems. There are a multitude of different problems with all of these additional connectivity and sensing units. The focus of this thesis is on the internal communication of Network Control Systems(NCS) of a vehicle. The Controller Area Network (CAN) is the primary network used in safety-critical vehi- cle operation and is lacking inherent security. This thesis presents a security control mechanism for CAN that uses vehicle models to detect and mitigate malicious mes- sages on CAN. The security control mechanism is an Intrusion Detection System (IDS) that uses an unknown input observer implementation to address stealth, re- play, and covert attacks. The goal of this method is to address performance challenges in the authentication of an entire CAN bus. It uses vehicle dynamic behavior to au- thenticate messages rather than using encryption methods to require CAN message authentication when the vehicle is not under attack reducing the burden caused by implementing and continually using secure communication protocols on top of CAN.
    [Show full text]
  • Kaspersky Transportation Systems Security Portfolio
    Driving automotive cybersecurity Introduction IHS Markit forecasts that by 2023, worldwide sales Connected cars are more than just physical cars of connected cars will reach 72.5 million units, with digital technology – they are vehicles with up from 24 million units in 2015. That means almost connected infrastructures that include mobile 69% of passenger vehicles sold will be exchanging data with external sources, bringing new services systems and more. As a result, we end up with and business models to bear in automotive connected car ecosystems with multiple entry markets*. points that are vulnerable to cyberattacks. But there’s still a long way to go to guarantee Kaspersky has introduced a set of products connected vehicles are safe and secure for and serv passengers. For that to happen there needs cybersecurity to connected cars and their to be a transformation in the multiple approaches infrastructures and to support the development used across the automotive industry. of new mobility technologies, including autonomous, electric and shared technologies. Transportation System Security Automotive In-vehicle Infrastructure services security security Kaspersky Kaspersky Kaspersky Transportation Kaspersky Kaspersky Kaspersky Kaspersky Security Penetration Tailored Threat Cybersecurity Automotive Mobile Security Fraud Threat Assessment Testing Intelligence for ECUs Adaptive SDK Prevention Intelligence Reporting Platform for Vehicle SOC * Ihsmarkit.com/topic/autonomous-connected-car.html Uncover the Security Risks Security Assessment The Security Assessment service is the ideal starting point for addressing the cybersecurity agenda for connected cars and their infrastructures. It detects vulnerabilities, software architecture inconsistencies, and gaps in ECUs, hardware and software security mechanisms both in manufactured vehicles and future models and their components.
    [Show full text]
  • Detecting and Preventing Automotive Hardware Security Vulnerabilities
    Detecting and Preventing Automotive Hardware Security Vulnerabilities Ensuring hardware security, one chip at a time. VISIT: TORTUGALOGIC.COM Automating the Automotive Security Development Lifecycle Connected and autonomous vehicles present a exposed not one but a chain of security issues. promising target, much like retailers or banks, For Fiat-Chrysler vehicles, it was a remote attack where hackers can troll for personal details and that could be performed against vehicles located identity theft. anywhere in the United State that caused a 1.4 million vehicle recall as well as changes to the Is your vehicle secure? Tesla found out the hard Sprint carrier network. way. Hacking typically begins by finding a series of vulnerability issues that create a path through European vehicles are also not immune. A study the car’s maze of defenses. So, when research- by German auto club ADAC found hackers could ers at the Chinese firm Tencent revealed they wirelessly open any BMW, Mini and Rolls-Royce could burrow through the Wi-Fi connection of vehicles in minutes. An estimated 2.2 million a Tesla S, all the way to its driving systems and vehicles equipped with BMW’s ConnectedDrive then remotely activate the vehicle’s brakes, they service were vulnerable. Connected and autonomous vehicles present a promising target, much like retailers or banks, where hackers can troll for credit card numbers, home addresses, e-mail information and other personal details required for identity theft. Hackers bent on identity theft are expected to infiltrate vehicles through the infotainment portal, as the Jeep hackers did, as well as with malicious apps that appear harmless or even helpful but steal personal information.
    [Show full text]