IBM X-Force Red Launches Connected Car Security Services
【Summary】IBM Security today announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT). The new services will be delivered via a team of IBM X-Force Red researchers.
IBM Security (NYSE: IBM) today announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT). The new services will be delivered via a team of IBM X-Force Red researchers focused on testing backend processes, apps, and physical hardware used to control access and management of smart systems.
The new IoT services will be delivered alongside the Watson IoT Platform to provide security services by design to organizations developing IoT solutions for all industries. With 58% of organizations testing their IoT applications only during the production phase 1, the potential for introducing vulnerabilities into existing systems remains unacceptably high. The Watson IoT Platform provides configuration and management of IoT environments, and the IBM X-Force Red services bring an added layer of security and penetration testing.
"Over the past year, we've seen security testing further emerge as a key component in clients' security programs," said Charles Henderson, Global Head of IBM X-Force Red. "Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients' best defense."
Connected Car Security a High Priority
The production of new cars equipped with internet connectivity is forecast to reach to 61 million in 2020. With the current and future challenges in mind, IBM X-Force Red created an automotive practice dedicated to helping clients secure their vehicle's hardware, networks, applications, and human interactions.
IBM X-Force Red has worked with more than a dozen automakers and third-party automotive OEM suppliers to build expertise and programmatic penetration testing and consulting services. The formation of the automotive practice aims to help to shape and share industry best practices and standardize security protocols.
IBM has a facility in Germany that is specifically dedicated to working with automotive companies to help design connected cars, Charles Henderson, global head of IBM X-Force Red said. "At IBM, we have so many people that work with car vendors, so when we have a question for a specific car brand, we can deal with the people that designed the car," he told eWEEK. "If we find a vulnerability, we can help to get it fixed much more quickly than you could if you were outside of IBM."
The new automotive practice is also applying some of the findings from research disclosed by IBM X-Force Red early this year that notified consumers and the automotive industry of security vulnerabilities inherent in connected cars.
The research looked at the insecure transfer of ownership between owners of some connected cars, which may create an opportunity for a malicious takeover of the functions of the vehicle, such as locking and unlocking of doors, remote start, light and horn control, and the ability to geo-locate the current owner through a mobile app. IBM X-Force Red also disclosed that these security loopholes were identified across four major auto manufacturers.
Today's modern vehicles can be equipped with over one-hundred individual modules, each with their own security controls and vulnerabilities. As these components are combined and connected to mobile applications and external servers, the total amount of potential vulnerabilities for the vehicle climbs above the sum vulnerabilities of its parts. With this in mind, IBM X-Force Red performs discrete security testing of the components and solution-based security testing for the complete system of the vehicle.
Watson IoT Platform and IBM X-Force Red
Gartner, an American research company, forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31% from 2016, and will reach 20.4 billion by 2020. High demand and shortened production cycles often leads to rushed or non-existent security testing for these new products and services, including those found in automobiles.
IBM X-Force Red has changed the delivery of security testing due to the perceived gaps in security of emerging technologies, such as IoT and connected cars. Programmatic and on-demand security testing through the entire lifecycle of the products is emerging as the best way to find vulnerabilities in a proactive fashion.
"It's not just about the technology, it is also about the global reach, investment, and collaborative approach which make IBM a trusted IoT partner for enterprise IoT solutions," said James Murphy, Offering Manager, IBM Watson IoT Platform. "With IoT technologies permeating the farthest corners of industry, IBM is bringing our Watson IoT Platform and X-Force Red security talent together to address present and future concerns."
The Watson IoT Platform approach is security by design, with security controls built-in, delivered as a cloud-based service with industry-recognized ISO27001 compliance. The Watson IoT Platform also has advanced security IoT service capabilities that extend Watson IoT Platform with Threat Intelligence for IoT. These features help customers visualize critical risks in the IoT landscape and create policy-driven automations to help prioritize operational responses for IoT incidents.
In February 2017, IBM X-Force launched The Red Portal, a cloud-based collaboration platform for clients and security professionals that presents an end-to-end view of security testing programs. Clients can view real-time testing project milestones, vulnerabilities, reports of findings, and the overall status of their managed testing program. The Red Portal centralizes and streamlines all communications with X-Force Red and provides a way to begin remediation immediately on the most critical items.
IBM's Newest Password Cracker
At this week's Black Hat Conference in Las Vegas, X-Force Red will unveil the newest weapon, a password cracker called Cracken. Cracken is a dedicated password-cracking cluster used by X-Force Red during penetration tests and security assessments. To demonstrate the importance of password length and complexity, X-Force Red will allow attendees of the conference test their own passwords against Cracken to see how vulnerable they actually are.
Originally hailing from New Jersey, Eric is a automotive & technology reporter covering the high-tech industry here in Silicon Valley. He has over 15 years of automotive experience and a bachelors degree in computer science. These skills, combined with technical writing and news reporting, allows him to fully understand and identify new and innovative technologies in the auto industry and beyond. He has worked at Uber on self-driving cars and as a technical writer, helping people to understand and work with technology.
Myle Technologies Launches its Ride-Hailing Service New York City to Compete with Uber & Lyft
Tesla is Planning to Use Cobalt-Free Batteries for its Electric Vehicles Built in China
Industry Analysis: It’s Now or Never for U.S. Automakers General Motors & Ford to Catch Up to Tesla
BMW i Ventures Invests in AutoFi, a San Francisco-based Vehicle Financing Startup
President Trump Sign Executive Order to Study Threats to the U.S. Global Positioning System
Volvo Cars & China’s Geely in Talks to Merge, Creating a Single Global Auto Group
Nikola Motor Co Unveils its ‘Badger’ Hydrogen-Electric Fuel Cell Pickup With Up to 600 Miles of Range
Autonomous Delivery Startup Nuro Granted Permission From U.S. Regulators to Deploy its Tiny Electric Vehicles
- Uber is Testing a New Feature in California Allowing Some Drivers to Set Their Own Fares
- Here’s What You Need to Know about the Porsche Taycan’s Battery, Suspension & More
- Kia Motors Reveals its $25 Billion Electrification Strategy for 2020-2025
- Luxury Electric Automaker Lucid Motors Opens Up Reservations for its Air Sedan
- BMW i3 Urban Suite Concept is a Miniature Luxury Car
- Ferrari Patent Application Hints at Possible EV
- BMW i Ventures Invests in AutoFi, a San Francisco-based Vehicle Financing Startup
- NVIDIA Announces DRIVE AXG Orin, One of the Most Advanced Platforms for Autonomous Vehicles
- Electric Vehicle Startup Rivian Secures $1.3 Billion in New Funding from T. Rowe Price & Others
- Cadillac Expands Super Cruise to More Models, Adds More Features