Editorial N°10 – New technologies, connected vehicles and 50 billion connected vulnerabilities

        The fifth edition of the Internet of Things Exhibition (SIDO) that took place in Lyon on 10 and 11 April marked this month of April. With debates, professional meetings and the launch of connected solutions, SIDO is the leading European trade fair for professionals in the field of connected objects, artificial intelligence and robotics. On this occasion, digital.security participated in the engagement and awareness on connected objects by giving a conference on the 50 billion connected vulnerabilities that connected objects represent. The growing Internet of Things was particularly singled out.

Due to their democratization, most of these connected devices reflect design flaws that are often underestimated by individuals and manufacturers. Supposed to make our lives easier, the advent of connected objects brings with it a new era of surveillance and information leakage. This conference therefore focused on recalling the role of all in cybersecurity and raising awareness about the use of the Internet of Things in general.

As real targets of cyberattacks, it is worth recalling that connected objects, however varied they may be, catalyse multiple angles of attack on them. In April, connected cars were the target of “cyberattacks”, most of which are research works. This research led to various conclusions such as the fact that it was possible to mislead Tesla’s Autopilot. In addition, during their conference, CERT digital.security speakers discussed the different vulnerabilities that affect connected vehicles and in particular those of Tesla. Researchers at Tencent’s Keen Security Lab have shown that it is possible to mislead a Tesla in Autopilot mode and drive it in the opposite direction with the simple placement of stickers on the road. Still in terms of connected vehicles, digital.security recalled that it was possible to take control of a remotely connected car.

It is in this capacity that researchers Chris Valasek and Charlie Miller succeeded in taking control of a Jeep Cherokee in 2015. The latter have succeeded in hacking into the Uconnect system that equips some models. All these different experiences testify to the multiplicity of angles of attack against connected cars. At the scale of connected objects, however, they represent a tiny fraction of the attackers’ targets.

Awareness raising on connected objects is therefore not only a matter for experienced people, it is mainly aimed at the uninformed. Cybersecurity fairs are therefore often places of reminder, where awareness prevails for users, who are still unaware of the risks represented by the current use of the Internet of Things.