It seems that there is nothing to do with the frequent harassment calls. I don’t know how many people have been sold to their mobile phone numbers. There are similar experiences, perhaps more than one week (a pseudonym). Recently, some media published an article saying that some hackers sell car owners' information on the Internet. Only the inquiry information of name, mobile phone, city and intentional car is asking for one dollar. According to the media, the scale of information leakage of Citroen owners is over 100,000. Previously, there was a white hat (a hacker who did not maliciously exploit security vulnerabilities) submitted to the Internet security vulnerability reporting platform, Wuyun.com, a file named "Dongfeng Citroen's weak password on the backstage could cause hundreds of dealer accounts and a large amount of personal data to be leaked nationwide." Vulnerability. The vulnerability status displayed on this platform is that the vulnerability has been notified to the vendor but the vendor ignores the vulnerability. Hand-push Type With Electric Wire Hand-Push Type With Electric Wire,Tile Cleaning Machine,Electric Road Sweeper,Commercial Floor Cleaning Machine Haotian Cleaning Equipment Technology Co.,Ltd. , https://www.flooringscrubberdryer.com
When the reporter asked Dongfeng Citroen for the disclosure of user information, the relevant internal person of the company responded that the customer data of Dongfeng Citroen was stored in a professional database, and multiple firewalls were set up to monitor and record the database, and to fully address the user information. Confidential work. Some insiders pointed out that the disclosure of Citroen owners' information does not rule out that the Dongfeng Citroen dealer's website or the cooperative car vertical website has been hacked to steal user information. In addition, internal employees of individual 4S stores or car vertical websites may also have data to sell.
The lack of investment in information security by car companies has increasingly become its weakness. Since 2011, "White Hat" has submitted a total of 58 vulnerabilities on the website of the car enterprise on the Internet security vulnerability reporting platform, and nearly half of the vulnerabilities may cause information leakage of website users, involving millions of owners. information security. A number of automakers' websites, including BMW, Audi, Volkswagen, Mercedes-Benz, and Cadillac, were found to be involved in user information disclosure vulnerabilities, and most of the vulnerability status was ignored by vendors or vendors.
Insufficient investment in network security At present, the automobile industry lacks a mature network security management system. The security quality of network operators needs to be improved. Many car companies' websites are outsourced to third-party companies for development, and no information security companies are evaluated for evaluation. May leave information security risks.
“In the era of big data, the problem of leaking user privacy has become increasingly prominent. Like many companies in the traditional manufacturing industry, car companies need to convert Internet thinking and strengthen Internet security control. However, it is not easy to keep up with the pace of Internet development. For example, from the perspective of talents, with the rapid development of the Internet, talents such as system security engineers, system architecture engineers, and data analysis engineers are in short supply. Such professionals are often concentrated in Internet companies, and their salaries are higher, while car companies are relatively lacking. Class talents." Industry insider engaged in the Internet industry, Xi Xihai said in an interview with the reporter of China Business News.
Another professional engaged in cybersecurity also said in an interview with the "First Financial Daily" reporter that the investment in the network security management system is very large, involving talents, software, hardware, services and management. Internet companies are also one step. Steps are constantly improving. At present, different industries have different proportions of investment in network security. It is expected that the automotive industry will invest less in network security. In order to save costs, some car companies often put databases and servers on the public network, which is easily attacked by hackers.
"Once the system is found to have loopholes, it will take active or passive measures in time, set authority management for the server in the certification and authorization system, and sign confidentiality agreements with dealers, car vertical websites, etc. These measures will prevent users to a certain extent. Data leakage. However, many car companies have failed to establish an effective network security management system. In addition to the large investment factor, they are often not aware of network security. After all, the integration with the Internet is not long. "The above network security person said.
Auto Network Security Readiness Wu Yun network partner Judi said in an interview that although cyber security is currently costly and does not directly generate economic benefits, in the future Internet era, security may be a selling point, and some traditional car companies may not have Notice this. "There are a lot of blackouts on the cloud that can cause vehicles to be controlled, which will lead to driving safety problems," Judy said.
The hacker is invincible, and it is not only the trouble of the owner's information being leaked that the car company is troubled. As more and more car companies join the wave of car networking, information security risks will follow. As early as 2013, the National Highway Traffic Safety Administration has recognized the need to place incompatible systems in cars and has established specialized agencies to be responsible for vehicle network security issues. Now that the car is getting closer to the network, it will be able to communicate with the surrounding environment in the future. If the vehicle is attacked by hacker software, the vehicle may experience a serious traffic accident.
The Massachusetts Senator Ed Markey office issued a report this year stating that many automakers are not prepared to address the potential information security issues of cars. Markey's office sent a letter to 19 major automakers including BMW, GM, Honda, such as the new technology currently used in cars, how to manage personal driving information and what measures to prevent hackers. The home responded by sending a letter. Unfortunately, these companies deploying wireless technology in their vehicles are even unable to understand the concepts in the problem. The report pointed out that two of the companies surveyed said they could diagnose or respond to hacking, and one company said it could detect hackers in a timely manner, and the rest of the company said these wireless technologies are used to ensure security. Will not be used by hackers to invade." In fact, like the infotainment system and navigation system on the car, it is likely to be attacked by malware or hackers through networking technology.
On February 2, 2015, the German Automobile Association ADAC said in a report that most of the BMW brand models, including the Rolls-Royce Phantom, the MINI hatchback and the BMW i3 electric car, have design flaws, about 2.2 million. There is a security hole in the ConnectedDrive digital service system that hackers can use to remotely open the door. However, BMW said it has upgraded the digital system to solve the problem of information security.