Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

IOActive Expands Automotive Security Testing Practice

IOActive, Inc., a provider of security testing and assessment services, announced today that it has expanded its Vehicle Security Service to help automakers and Original Equipment Manufacturers (OEMs) better protect against cyber threats.

IOActive, Inc., a provider of security testing and assessment services, announced today that it has expanded its Vehicle Security Service to help automakers and Original Equipment Manufacturers (OEMs) better protect against cyber threats.

The Seattle, Wash.-based IOActive said that it has also invested in a garage within its hardware lab, designed specifically for researching vehicle and transportation security.

“Vehicles are no longer purely mechanical entities, but machines controlled by a multitude of computers at any given moment,” said Chris Valasek, director of vehicle security research for IOActive. “Unlike PC-based attacks, malicious intent on a vehicle can result in financial loss, as well as in personal injury.”

The company also announced that well-known security expert and white hat hacker, Charlie Miller, has joined the IOActive Advisory Board.

Last year at the Def Con security conference, Miller and Valasek demonstrated that they could hack modern cars and manipulate steering, acceleration, safety sensors and other components. 

“As we expand our new Vehicle Security Service practice, which harnesses the expertise and years of research borne out of IOActive Labs, I am extremely pleased to have Charlie join the Advisory Board,” said Jennifer Steffens, chief executive officer for IOActive. “Charlie’s knowledge of vehicle security, combined with his years of information security research, is something we will look to leverage from him as our trusted advisor.”

As today’s vehicles increasingly rely on technology and become more digitally connected, securing autos from cyber threats has become critical, fueling investments into companies and an overall push for the automotive industry to take cyber security more seriously.

In August, a group of security researchers launched an initiative called “I am the Cavalry” in an effort to convince automakers to implement security programs aimed at making cars more resilient to cyberattacks. 

Earlier this year, GM appointed Jeffrey Massimilla as its chief product cybersecurity officer. 

GM and OnStar, the subsidiary responsible for vehicle security and safety, and navigation systems, are actively working on addressing ever-evolving data security issues, the company previously told SecurityWeek.

In September, Argus Cyber Security, a Tel Aviv, Israel-based startup focused on automotive cyber security, announced that it raised $4 million in a Series A round of funding.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.