How a Leading Car Company Saved Millions by Updating Firmware with CustomUSB
This time last year, a major American car company was reeling. They knew something ominous about a specific vehicle upgrade that their customers did not: Experts had discovered security vulnerabilities in the firmware of more than one million of their vehicles.
Based on the recall report, radios in the affected vehicles were compromised with software vulnerabilities that could let malicious third parties access some vehicle control systems, such as braking, steering, the engine, and transmission. If hackers exploited these weaknesses, they could gain unauthorized control of these vehicle systems, possibly causing vehicle collisions or worse.
Can you imagine driving along the highway when suddenly, an unseen attacker remotely disables your brakes, sending you careening into a ditch? No, this isn’t the plot of a horror movie or a modern take on Stephen King’s Christine, the classic novel about a car possessed by supernatural forces. This is real life. Luckily, this story has a happy ending, courtesy of CustomUSB.
The flash experts at CustomUSB collaborated with the car company (name withheld per NDA) on ways to quickly and effectively mass deliver a safe, money-saving software patch to all customers with affected vehicles. By securely uploading the firmware update onto our highly dependable USB drives, we provided a simple solution to a serious problem.
Beware of Compromised Cars
Let’s be honest. Cars aren’t the first thing you think about when you hear the words “computer security.” Yet, last summer, an estimated 500,000 vulnerable vehicles roamed our roads!
The FBI and other regulators have warned that motor vehicles are becoming increasingly vulnerable to malware attacks by remote hackers. Because “car hacking” is on the rise, they say that ensuring your software is safe and regularly updated should be a high priority for any company, including car manufacturers.
So, what exactly went wrong with the radios in these vehicles?
First, let’s discuss the optional upgrade that contained the security breach, the user interface. Available as part of the radio in vehicle dashboards, this wireless internet-connected computer feature requires regular system updates, like any software. (USB is the simplest, most cost-effective way to perform those updates – but hold that thought. We’re going to talk about the solution next.)
In this situation, researchers discovered that a wireless malware attack could disable existing management software and access other key controls, rendering the vehicle undrivable, as well as dangerous to passengers and the surrounding area. Thus, they needed to quickly and quietly deliver a solution to affected customers.
A Simple, Secure Solution
The car company created a software fix to protect against the malware attack, which could tamper with the vehicle dashboard or track GPS coordinates via the internet connection. According to release notes, the update included “improved radio security protection to reduce the potential risk of unlawful access to vehicle systems.”
CustomUSB quickly developed a reliable USB device that contained the fix – the car manufacturer distributed the USB drives to their affected customers, urging prompt installation. Alternatives included visiting a dealership and waiting for a technician to install the update; this was more costly for the company and more time-consuming for the customer. Another option was for customers to go to a website and download the patch onto their own USB drives, which required a minimum 4GB of free space, about an hour of free time, and more patience than most people have.
The car company and CustomUSB worked to make the update process as simple as possible, by mailing preloaded flash drives to their customers. The customers could then plug the USB devices into their car’s USB port, about fifteen minutes later the patch was installed, and all was well again.
For the hundreds of thousands of drivers with vulnerable software, the patch distributed on CustomUSB flash drives saved the day by protecting vehicles against potential attack. Equally importantly, it saved the car company money millions of dollars, all while protecting its reputation.
For a simple, secure way to deliver a software fix (or other data) to your customers, contact CustomUSB today to develop a custom solution or to create your very own branded flash drives.