What measures are needed to ensure the cybersecurity of connected cars?
One of the most crucial challenges the automotive industry is facing as it looks to build the next generation of connected vehicles is now to make sure the software, and hardware, they contain to enable vehicle to vehicle communication is properly secured. This is no easy feat. Did you know, for example, that today, there are more lines of code in the connected car than other highly sophisticated machines, including the U.S. Air Force F-35 Joint Strike Fighter, Boeing 787 Dreamliner, or the U.S. Space Shuttle?
Addressing safety and security concerns around connected cars are paramount given the threat to life we all know can occur if a car veers out of control. That’s why it’s so important that all onboard systems in a connected car are secure while the vehicle is in motion — or sitting idle. But how can cyberattacks in connected cars happen and what can be done to prevent them? Read on to find out.
Cyberattacks in connected cars
Connected cars have a much wider attack surface than their predecessors due to the huge amount of technology involved in their day-to-day operations. Attacks can therefore occur in a variety of ways including:
- Physically i.e. a malicious actor gets into the vehicle and makes changes to the ports and connectors inside, for instance using a USB stick infected with malware to tamper with the software when the car is undergoing a repair.
- Wirelessly i.e. by remotely hacking the cars’ Bluetooth or the mobile network it uses.
- Via sensor fooling. Connected cars often use LiDAR sensor technology, which could potentially be fooled with false information and exploited by an attacker.
To prevent any type of cyberattack that can be undertaken on a connected car, all these points must be maintained with an appropriate level of cybersecurity.
How to ensure the best level of security in connected cars
Securing connected cars relies on four key principles: authentication, access control, detecting and reporting security incidents, and finally legislation.
Authentication is all about who is able to access the vehicle remotely. This can be achieved by giving the software and hardware inside a vehicle a Digital ID, manufacturers can protect the different components within a connected car’s ecosystem by making sure that all data that is transmitted between components is securely authenticated and encrypted. Only the manufacturer knows this data and so it is only them who can apply software or updates to the car remotely.
Access control refers to what an individual is allowed to do once they are physically inside a connected car. By building cybersecure technologies such as tamper-proof cellular connectivity modules into the car when it’s being created, the appropriate security measures to counter any physical, wireless or sensor fooling cyberattacks can be put in place to protect the driver.
While these two measures above will provide a great deal of increased protection, they will never completely deter attackers. For this reason, the connected car ecosystem also needs to be able to monitor and respond to threats as they occur. By employing security operatives to analyse data from every part of the connected car ecosystem – manufacturers of connected car software can continually look for indicators of compromise for their customers. They can then respond with countermeasures such as over-the-air updates to protect against imminent attacks.
Finally, regulations are needed to ensure that users remain safe and secure when using connected cars. In 2020, The UN Economic Commission for Europe adopted the WP29 regulation for vehicle approval. This legislation requires manufacturers to integrate security measures at every point where technology touches a connected car and will need to be applied to every new connected car created in the EU, South Korea, and Japan from 2022 and to all connected cars (even those built prior to 2022) by 2024.
There are already 107 million connected cars on the road and with this number continually rising, it is important that cybersecurity measures are in place in order to protect all road users.
What do you think of connected cars? Let us know in the comments section. And, if you’re interested in this area of technology, why not check out our other posts?