{"id":967,"date":"2009-02-15T15:47:50","date_gmt":"2009-02-15T23:47:50","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=967"},"modified":"2009-02-15T15:47:50","modified_gmt":"2009-02-15T23:47:50","slug":"security-review-automobiles","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/15\/security-review-automobiles\/","title":{"rendered":"Security Review: Automobiles"},"content":{"rendered":"<p>In the United States, automobiles are everywhere.\u00a0 Most middle-income families own more than one vehicle, and chances are that everybody knows of at least one person whose vehicle has been broken into or stolen.\u00a0 Cars, trucks, and SUV\u2019s are very expensive and contain many assets that would interest adversaries.\u00a0 As technology improves, the ways vehicles are secured continually gets better, but thieves also get smarter.\u00a0 There will never be a completely secure vehicle.<\/p>\n<p><!--more--><br \/>\n<strong>Assets:<\/strong><\/p>\n<ul>\n<li> The vehicle itself for transportation value.\u00a0 A thief can steal a vehicle to use in daily life.<\/li>\n<li> Selling the vehicle or its parts for money.\u00a0 The picture of a completely stripped car jacked up on cinder blocks comes to mind here.\u00a0 Any part of a vehicle can be sold somewhere for money.<\/li>\n<li> The gasoline in the tank.\u00a0 Depending on the market value of gas, this asset can fluctuate in value as we saw last summer.<\/li>\n<li> The owner\u2019s personal belongings inside the automobile.\u00a0 For example: CD\u2019s, cell phones, iPods, clothing, golf clubs, and spare change are typical things stolen from a vehicle.<\/li>\n<\/ul>\n<p><strong><br \/>\nAdversaries:<\/strong><\/p>\n<ul>\n<li> The common thief looking to steal any of the assets for profit.\u00a0 All of the assets mentioned above can be stolen from the car and sold.\u00a0 This makes breaking into a vehicle a great source of diverse assets for a thief.<\/li>\n<li> An enemy who wants to tamper with the vehicle to inflict harm on owner.\u00a0 This enemy can do many malicious things to a vehicle.\u00a0 They could remove the brakes or tamper with safety features like airbags.<\/li>\n<\/ul>\n<p><strong>Weaknesses:<\/strong><\/p>\n<ul>\n<li> The locks on the car doors.\u00a0 They can be picked.\u00a0 Keys to the locks can be stolen and replicated.<\/li>\n<li> Glass windows.\u00a0 Security is only as strong as the weakest link and the windows are extremely easy to break for an adversary.\u00a0 Any of the owner\u2019s personal belongings can easily be stolen by the thief with a simple break of a window.<\/li>\n<\/ul>\n<p><strong>Defenses:<\/strong><\/p>\n<ul>\n<li> Adding additional methods of authentication to the key like a biometric reader.\u00a0 For example, there are finger print readers and voice recognition software.\u00a0 This makes the adversary\u2019s job harder because they need to get past two or more security features instead of one.<\/li>\n<li> The vulnerability of\u00a0 windows is hard to protect against.\u00a0 A vehicle could use shatterproof glass.\u00a0 This would keep thieves out but would present a new risk for the passengers.\u00a0 If an emergency situation occurred and passengers could not exit out of the doors the windows would no longer be an option for an emergency exit.<\/li>\n<li> A car alarm can be protective against window breaks or lock picks but not completely secure.\u00a0 If a thief is fast enough, she can break a window and steal an asset like a cell phone so fast, that once someone realizes an alarm is going off, she is gone.<\/li>\n<li> Cameras that record any activity outside of a car can be effective in some situations.\u00a0 If a thief\u2019s picture is captured, authorities might be able to track her down and make an arrest.\u00a0 However, sometimes the thief can disappear so effectively that this will achieve nothing.<\/li>\n<li> A more evasive technique might be to have an electric shock or taser administered to anyone who attempts to break into the vehicle.\u00a0 This obviously has flaws though.\u00a0 The thief can plan clever ways to avoid the shock by wearing special gear or standing in special locations as they attempt a burglary. This could also potentially harm innocent people.<\/li>\n<\/ul>\n<p><strong>Conclusion:<\/strong><br \/>\nCars will continually be a source of attack.\u00a0 They have too many assets that thieves desire.\u00a0 The best security is a combination of different security features.\u00a0 This causes more work for the attacker and it might discourage her from committing the crime.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the United States, automobiles are everywhere.\u00a0 Most middle-income families own more than one vehicle, and chances are that everybody knows of at least one person whose vehicle has been broken into or stolen.\u00a0 Cars, trucks, and SUV\u2019s are very &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/15\/security-review-automobiles\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":79,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-967","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=967"}],"version-history":[{"count":4,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/967\/revisions"}],"predecessor-version":[{"id":971,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/967\/revisions\/971"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}