Research throws up vulnerability in alarms

RESEARCHERS have been able to exploit vulnerabilities in a number of car alarm systems enabling them to unlock doors and start the engine.

Dr Budi Arief, from the School of Computing at the University of Kent is an expert on cyber security with a focus on cybercrime, security of computer-based systems, the Internet of Things, and ransomware and was interviewed by Business Motoring.

He said: “As technology progresses and devices are becoming more interconnected through the concept of Internet of Things (IoT), there is a growing risk that any additional feature may introduce security vulnerabilities to the overall system.
“This is a case aptly demonstrated by a recent report of security vulnerabilities in three specialist car alarm systems that would have allowed attackers to steal or hijack affected vehicles.

“It is not surprising that third-party car alarm systems that allow their users to control the alarm – or even the car – remotely may contain security vulnerabilities. These third-party systems have likely gone through a less rigorous process of security evaluation compared to those systems developed directly by the official car manufacturer.”

“Nevertheless, there is no guarantee that the latter would be 100% secure, as it is pretty much impossible to prove the absence of flaws.
“What is ironic here is that whoever bought these vulnerable car alarm systems did so out of a desire to improve the security of their vehicle. But inadvertently, they introduced security vulnerabilities that would allow attackers to take control of their vehicle.
“In a sense, it would have been better if these car owners did not bother to add a third-party system that may or may not have been approved by the car manufacturer.
“All of these demonstrate the need to carry out a more thorough test on any computer systems (especially those that allow remote connections), instead of rushing them to customers in order to capture a niche market before any competitors did so.
“This is not a unique incident, there are many similar cases of IoT devices such as cameras, home security kits, and even smart locks that have been shown to be vulnerable to attacks. Unfortunately, the IoT market is akin to a gold rush for new features rather than security, and this is a challenge that needs to be addressed urgently.”