SBD Explores: Leveraging Automotive SBOMs to Enhance Security and Traceability
Initially, Software Bill of Materials (SBOM) were developed outside of the automotive industry to handle software license compliance. The...
top of page
The challenge at hand for OEMs and suppliers is, through the whole life-cycle of the vehicle, the question of 'how much security is enough'.
After many years of building up a cyber security awareness culture, the industry has been moving towards integrating and evaluating cyber security controls. A unique, holistic design and test support service is vital to address this challenge and help OEMs roll out vehicles that are secured by design. "
Jithesh Joshy
Security Domain Principal
SBD Automotive
As the industry rapidly adopts higher levels of built-in and brought-in connectivity, over-the-air software updates, and vehicle autonomy – attack surfaces from sensors, cameras, connectivity modules, digital keys, cloud systems, and electrical architectures are becoming increasingly popular targets for bad actors.
An effective automotive threat monitoring strategy requires OEMs to not only detect vulnerabilities on their own vehicles, but also be aware of vulnerabilities to competitor products so the industry as a whole can promote a positive and open security culture.
From an anti-threat perspective, the impact of COVID-19 on vehicle theft and overall crime is now clear: vehicle theft is likely to increase. As job losses and personal debt mount, low-skilled vehicle crimes, financial fraud and the demand for low-cost replacement component parts are driving theft figures in many markets worldwide.
SBD Automotive
Security
Automotive Cyber Security & Anti-theft
The Attack Target
The ‘attack target’ is the term used for the main component or area of a vehicle system being attacked. This is the component or area that is compromised by the attacker to cause the ultimate damage on the vehicle ecosystem. Analyzing the attack target is beneficial during the risk management process, as it allows security specialists to identify vulnerabilities and develop countermeasures to mitigate the risk.
The highest risk targets are split between areas within the vehicle, such as infotainment systems and external targets such as backend servers and the smartphone app. Targets via cellular connectivity are particularly popular as they enable remote attacks and can escalate to include entire fleetwide attacks overall.
01
Can you stop relay attacks, or just slow them down?
02
How can I apply the lessons from penetration testing to UNECE R155/R156 cyber security compliance?
03
How would a vehicle type perform in an ISO 21434 compliance audit?
Key Industry Questions
04
Are manufacturers ready for the crime rate spike that will come with a recession?
05
What are the most effective countermeasures against contemporary cyber security attacks?
The risk of attack is a constantly moving target.
The ease of relay attacks has become a significant problem for automotive OEMs. Over the last decade the number of vehicles susceptible to relay attacks has increased significantly, while the cost of relay attack tools has dropped as they have become more widely available online.
As the industry moves towards increased levels of vehicle autonomy – safety critical sensors and networks vital for automated functionality are becoming the next frontier, with even higher implications for ensuring the safety of passengers and those around them.
As our longest running team, the hands-on, practical approach to vehicle security by SBD Automotive's cyber security and anti-theft experts has ensured that many threats stayed theoretical for over 25 years.
Pragmatic Answers
Research Reports
SBD Automotive's cyber security and anti-theft experts have published hundreds of off-the-shelf reports to give OEMs, suppliers, start-ups and governments fast access to the data and analysis they need to identify, mitigate and defend vehicles from criminals, hackers, and state-sponsored activity.
Whether it's analyzing the latest digital key systems, tracking cyber mandates and legislation, benchmarking security controls and cyber adoption timing, or monitoring the latest attack vulnerabilities, SBD Automotive's report catalog will help keep you one step ahead of the threats.
Custom Consulting Projects
The risk of attack is a constantly moving target and implementing the wrong strategy or falling behind competitors will leave you vulnerable. It's therefore critical to ensure that you always have the latest, most comprehensive, and expert support at hand.
Our security teams offers cyber threat assessments, penetration testing of nearly all vehicle modules, back-end systems and apps, as well as conduct anti-theft testing to reduce stolen vehicles and improve insurance ratings.
We provide technical, strategic, research and testing support to teams across the automotive industry, giving our team unrivaled collective experience, a unique perspective, and an ability to see beyond data.
-170.jpg)
bottom of page