天天射天天干天天透综合网,国产精品VA在线观看无码,夜夜嗨老熟女av一区,亚洲乱亚洲中文字幕,国产精品资源在线免费观看,91亚洲精品视频在线,欧美 在线 免费 不卡,193在线免费观看黄页网,欧美成人精品色午夜免费观看

對(duì)于安全專家而言，網(wǎng)聯(lián)系統(tǒng)就像是一種取之不盡的饋贈(zèng)，但隨著一些具備網(wǎng)聯(lián)功能的汽車數(shù)量不斷增加，相關(guān)汽車網(wǎng)絡(luò)安全隱患的數(shù)量隨之急劇爆發(fā)。此外，一些老款車型的安全漏洞也隨之暴露，這也需要進(jìn)行持續(xù)不斷的升級(jí)。

事實(shí)上，這些一級(jí)供應(yīng)商和汽車廠商對(duì)黑客的擔(dān)憂絕非空穴來(lái)風(fēng)。另外，一些利用汽車進(jìn)行的恐怖襲擊也進(jìn)一步升級(jí)了相關(guān)問(wèn)題的嚴(yán)肅性。盡管目前從現(xiàn)實(shí)世界來(lái)看，針對(duì)網(wǎng)聯(lián)車輛的成功攻擊案例暫時(shí)并不多，但很多觀察者均認(rèn)為這種情況可能很快會(huì)發(fā)生改變。

“我認(rèn)為，黑客并不會(huì)給我們逐步適應(yīng)的時(shí)間。”美國(guó)國(guó)土安全局的網(wǎng)絡(luò)安全項(xiàng)目經(jīng)理Dan Massey表示，“最好的情況是，我們可能會(huì)最初發(fā)現(xiàn)1到2個(gè)攻擊個(gè)例，然后留給我們一點(diǎn)準(zhǔn)備的時(shí)間。但黑客可能并不會(huì)這么想，可能未來(lái)某一天，突然就有成千上萬(wàn)的網(wǎng)絡(luò)攻擊直接擺在我們面前了。”

在WCX 2017 - SAE 2017年全球汽車年會(huì)的“汽車網(wǎng)絡(luò)安全與物聯(lián)網(wǎng)”專家座談會(huì)上，Massey及其他專家組成員介紹了多起足夠喚起大家警覺(jué)的汽車網(wǎng)絡(luò)安全事件。美國(guó)交通運(yùn)輸部沃爾普(Volpe) 國(guó)家交通運(yùn)輸中心的Kevin Harnett指出，美國(guó)邊境巡邏隊(duì)及其他相關(guān)機(jī)構(gòu)購(gòu)買的一些車輛已經(jīng)具備了網(wǎng)聯(lián)功能，這會(huì)增加這些公務(wù)車輛被非法跟蹤的幾率。

Stinger Ghaffarian Technologies公司Graham Watson介紹了供應(yīng)鏈上各級(jí)供應(yīng)商的設(shè)備遭受網(wǎng)絡(luò)襲擊的可能性，并稱如果這些惡意軟件沒(méi)有被檢測(cè)出來(lái)，就會(huì)給車輛帶來(lái)巨大的安全隱患。此外，大型車隊(duì)可能特別容易受到攻擊，部分原因可能在于這些車輛的服役壽命更長(zhǎng)。

“卡車的使用壽命通常為20年，你現(xiàn)在還可以在路上看到一些可能已經(jīng)過(guò)時(shí)的‘老古董’。”李爾公司的Andre Weimerskirch表示，“這些車并不會(huì)對(duì)不同網(wǎng)絡(luò)進(jìn)行分級(jí)隔離，而且還在采用統(tǒng)一的標(biāo)準(zhǔn)化CAN通信。黑客就曾成功侵入車輛的遠(yuǎn)程信息處理系統(tǒng)并獲得了控制汽車網(wǎng)絡(luò)的權(quán)限，這也就是說(shuō)，黑客完全可以讓卡車加速或剎車。”

目前，大量針對(duì)汽車網(wǎng)絡(luò)安全的預(yù)防性工作正在進(jìn)行之中。2015年，汽車行業(yè)專門成立了汽車信息共享和分析中心（Auto ISAC），推進(jìn)汽車網(wǎng)絡(luò)安全方面的相關(guān)工作。中心CEO Faye Francy表示，中心已經(jīng)建立了一套全面的“最佳做法”標(biāo)準(zhǔn)，將為供應(yīng)商的研發(fā)設(shè)計(jì)提供指導(dǎo)。小組成員還指出，SAE、IEEE和NHTSA等組織也在努力推動(dòng)汽車行業(yè)在網(wǎng)聯(lián)汽車安全方面取得進(jìn)展。目前，供應(yīng)鏈上下各個(gè)環(huán)節(jié)的公司均在為了這項(xiàng)事業(yè)而共同努力。

“半導(dǎo)體產(chǎn)業(yè)已經(jīng)開(kāi)始直面挑戰(zhàn)，”采埃孚天合（ZF-TRW）公司的Brian Murray表示，“一些公司已經(jīng)開(kāi)始為芯片配備安全硬件模塊了。”

目前，安全測(cè)試系統(tǒng)領(lǐng)域仍需進(jìn)行更多工作。專家組成員均認(rèn)為，行業(yè)應(yīng)當(dāng)進(jìn)行滲透測(cè)試。具體來(lái)說(shuō)，滲透測(cè)試通常由第三方人員，而非設(shè)計(jì)該系統(tǒng)的研發(fā)人員負(fù)責(zé)開(kāi)展。雖然有人建議可以起草一套標(biāo)準(zhǔn)化的滲透測(cè)試流程，確保各家公司都在最大范圍內(nèi)解決更多潛在安全漏洞，但并非所有人都持同樣的觀點(diǎn)。

密歇根大學(xué)的Russ Bielawski表示，“這種滲透測(cè)試必須非常具備創(chuàng)造力。”他還指出，空中升級(jí)是保證車輛網(wǎng)絡(luò)安全的一個(gè)重要因素。當(dāng)新的威脅出現(xiàn)時(shí)，馬路上跑的汽車也同樣需要針對(duì)這些新威脅進(jìn)行系統(tǒng)更新。然而，由于這些更新可以改變汽車的固件，因此可能成為黑客攻擊的目標(biāo)，我們必須再三確保此類升級(jí)的安全性。此外，針對(duì)汽車系統(tǒng)深處的攻擊尤為難以解決。

“想象一下，假設(shè)一家四級(jí)供應(yīng)商在自己的模塊中加入了一段惡意代碼，而廠商很有可能在不知情的情況下直接對(duì)其給予了授權(quán)放行，那汽車公司又該怎樣面對(duì)這部分‘已經(jīng)過(guò)認(rèn)證’的威脅代碼呢？”李爾公司的Weimerskirch沉思道，“大多數(shù)公司可能什么也做不了。”

For security experts, connectivity is the gift that keeps on giving. The number of threats will increase rapidly as more vehicles are connected, and vulnerabilities on older vehicles will be in constant need of updating.

Tier 1s and OEMs have many reasons to worry about hackers, and the use of vehicles in terror attacks makes them a concern for security agencies at many levels. While successful real world attacks are still quite rare, many observers fear that things could change quickly.

“I don’t think we’ll have a gradual change,” said Dan Massey, Cybersecurity Program Manager at the U.S. Dept. Of Homeland Security. “I’d love to see a slow progression starting with one or two one-off attacks. I fear we won’t have the opportunity – that it will go from seeing nothing but a few cyber-attack demonstrations to tens or hundreds of thousands of vehicles to be concerned about.”

Massey and other panelists at the SAE WCX 2017’s “Vehicle Cybersecurity and the IoT” session cited a number of instances where connectivity has the potential for considerable problems. Kevin Harnett of the Dept. of Transportation’s Volpe Center noted that new vehicles acquired by the FBI, U.S. Border Patrol and other agencies have factory-installed connectivity, raising the dangerous possibility that their movements and locations can be tracked.

Graham Watson of Stinger Ghaffarian Technologies expressed concern that equipment from various levels of the supply chain could be compromised, creating vulnerabilities in vehicles if malware is not detected. Large fleet vehicles may be particularly vulnerable to attacks, partially because of their long lifetimes.

“Trucks are often 20 years old; the architectures you see on the road now are quite outdated,” said Andre Weimerskirch of Lear Corp. “They do not have separation between networks, and they use standardized CAN messages. Once there’s a successful hack into the telematic system, hackers have access to the vehicle network, they can speed up the truck or control the brakes.”

There’s a lot of work aimed at preventing attacks. In 2015, the industry formed the Automotive Information Sharing and Analysis Center (Auto ISAC) to focus on cybersecurity. Executive Director Faye Francy described an extensive Best Practices project that was created to provide guidelines for suppliers. Panelists also noted that SAE, IEEE and NHTSA are also working diligently to help the industry ramp up its security efforts. Efforts span the entire supply chain.

“The semiconductor industry has risen to the challenge,” said Brian Murray of ZF-TRW. “They put hardware security modules on chips.”

Testing systems for security is an area that still requires more work. Panelists agreed that penetration tests should be performed, often by outsiders rather than staffers who helped create the system under test. While some suggested standardizing penetration testing to ensure that companies address a wide number of potential vulnerabilities, that was not a consensus opinion.

Penetration testing has to be a very creative process,” said Russ Bielawski of the University of Michigan. He also noted that over the air updating will be an important factor. As new threats emerge, vehicles already on the highway will need to be updated. However, these updates must be extremely secure, since they alter the firmware that controls the vehicle. That will make updates an attractive target for hackers, panelists agreed. Attacks that are deep within the vehicle may be particularly difficult to address.

“If a Tier 4 inserts compromised code in a module and the OEM authorizes it, how will companies deal with compromised code that’s been certified?” Lear's Weimerskirch mused. “Most companies aren’t able to do anything about that.”

Author: Terry Costlow
Source: SAE Automotive Engineering Magazine