Categories
News

Kevin Kornegay on guiding automobile cybersecurity

Kevin Kornegay, SPLICE PI from Morgan State University, recently spoke with Tom Temin of the Federal News Network about the CAP Center‘s most recent collaboration with the NSA to ensure automobile cybersecurity. Kornegay describes that to find malicious code injected into the firmware of automobiles, he and his team first need to access the hardware and and then extract the firmware. They then use Ghidra to walk through the code and find malicious components. Kornegay and Temin go on to discuss the interplay between cybersecurity and industry motivations.

Kornegay and his team hope to provide cybersecurity best practices to industry through their governmental and nonprofit relationships. By working with the NSA, the CAP Center can provide technical solutions to the automotive industry to further protect car firmware and hardware. By working with Consumer Reports, the team’s findings can be made accessible to consumers who want safe and secure vehicles.

Check out Kevin Kornegay’s full interview with the Federal News Network here. To keep up to date with SPLICE news, subscribe to our blog at the bottom of this page.

Categories
News

Morgan State featured on NSA website

If you’re in the market for a new car, you’ve probably noticed two things recently. The first being that almost all new cars today have electronic components for even the most basic of functionalities. The second being that because cars have these functionalities that require semiconductors (small chips “that manage functions like data storage, graphic rendering, and power consumption in electrical devices”), the recent semiconductor shortage is keeping many new cars on the lots.

If you end up buying that new car (or a relatively new, used car), you will be buying both a transportation and data collection system. “The data collected and recorded is quite broad and includes vehicle speed, passenger count, GPS routes, images from backup cameras, and [personally identifiable information] from connected cell phones. This information stays locally on the vehicle forever and in most cases is uploaded to the [original equipment manufacturer]. Those systems also control critical safety items like brakes. If left unprotected both privacy and lives could be at risk,” says Brian Knighton from the National Security Agency.

That’s where Morgan State comes in. Morgan State University Professor and SPLICE PI, Kevin Kornegay, and his team at the Cybersecurity Assurance and Policy (CAP) Center are working with the NSA’s reverse-engineering tool, Ghidra, to mitigate privacy, cybersecurity, malware, and geolocation vulnerabilities. Their work ensures that the electronic systems are supported and protected throughout the lifetime of the vehicle. Follow the links to learn more about the CAP Center and to read about their partnership with the NSA.

Dr. Kevin Kornegay (front) and Aaron Edmond review Ghidra firmware analysis. (Photo courtesy of Morgan State University)