Nobody had a clue until the last decade that how many years it would take to realize the concept of connected cars. But a sudden number of emerging technologies and their rapid expansion has allowed connected cars to be one of the most talked-about technology in today’s era.
Connected cars offer various benefits to consumers as connectivity offers drivers everything from high definition streaming media, enhanced entertainment systems, to the ability to remotely control features of the vehicle using mobile phone applications, such as the locking/unlocking and ignition mechanisms.
The market for connected cars is forecasted to grow significantly over the next few years as innovations in-car connectivity continue to impact the automotive industry.
Security risks for connected cars:
However, like any other device that connects to the internet, there is a potential risk to automotive security from cybercriminals. Breaches could result in leakage of sensitive personal data, threats to a vehicle’s security and safety mechanism. Other than that, in extreme cases, fully remote control of the car.
As the industry is stepping up its game towards more autonomous vehicles, these risks are only set to increase due to reliance on applications, connectivity, and more complicated and unified electronic components.
Personal Data Breach. The most highlighted threat that arises with the advent of sensors in vehicles is the potential for hackers to steal personally identifiable information (PII) from the vehicle’s systems. Informations such as location data, entertainment preferences, and even financial information can be leaked.
Theft of the Vehicle. With wireless digital keys and mobile applications replacing traditional physical car keys, thieves can gain unauthorized entry to the vehicle. Hackers can intercept communication between a smartphone and the vehicle, using devices that extend the range of the wireless signal and emulate the wireless key to access a vehicle. Enrolment of a key, validation of an ‘unlock’ attempt and, most importantly, revocation, must all be handled securely.
Connection Threats. Cybercriminals can look to exploit loopholes in a vendor’s implementation. As security is sometimes not the first priority for connected cars and their components, this creates an easy target for hackers exploiting vulnerabilities using cellular networks, Wi-Fi, and physical connections.
Mobile app security vulnerabilities. As more mobile apps are appearing for communication with vehicles, the more these become a target for bad actors. Hackers could gain unauthorized access to control the heated steering wheel, seats, fans and aircon remotely. In an electric vehicle, this can drain the battery and leave it with no condition to be moved. Security defects in the Android and iOS mobile operating systems are also a cause of concern.
Supply Chain Vulnerabilities. Automotive manufacturers take assistance from various third-party operators for supply systems, software and hardware components for their vehicles. However, unless auto manufacturers mention stringent cybersecurity requirements for their tier 1 and 2 suppliers, they run the risk of introducing security vulnerabilities via these components. Fraudulent components can also enter the supply chain, disrupting safety by reducing wear ratings, overriding safety limits, etc.
In-Vehicle Infotainment (IVI) vulnerabilities. New additions in-vehicle entertainment systems like high-definition streaming media and others bring benefits to drivers, but these platforms make use of sensitive data that are security-critical to vehicles and end-users. Both Android and Apple offer infotainment systems and vehicle-centric app stores, and there are opportunities for combining applications like payment and social networking with more vehicle-centric needs, such as tolls, parking, and journey planning. Linking these introduces unique possibilities of threats that app-centric malware could attack the automotive platform.
Security updates and patches. As new threats emerge and unique attacks are undertaken, there is no other effective way to secure the platforms other than proper security updates. Many of these updates are delivered through supplied software, components, and systems which rely upon wireless communications networks connected to personal computing devices, with their own inherent security challenges.
With cars being more prone to hacking than other smart devices, manufacturers and Tier 1 vendors should build connected car architectures with long-term security in their minds.