Connected cars are exposed cyber threats. Security vendors are now looking to secure these vehicles in a fast growing sector of the cyber industry- this post is an extract from CyberDB reserach paper regarding this market. To download the complete report, please follow this link
What are connected cars?
Connected vehicles are one of the most notable examples in this wave of innovation. The diversity of connected vehicles is rich, such as consumer car, motorcycle, van, bus and commercial truck. According to the usage, their performance and surrounding services can be significantly optimized. One remarkable advantage is the potential of safety improvement.
Connected vehicles are not mere transport machines. They are a multipurpose platform. More importantly, in recent years, high technology giants such as Google and university research centers have demonstrated considerable resources to the research and development of fully autonomous vehicle. This foreseeable future will be likely to generate more values for the user experience.
Connected vehicles evoke both risks and opportunities. It is evident that the industry is moving towards a new era which connectivity will be a necessity rather than an accessory. Thus, the main issue is to manage the risks and make the best of the opportunities. Given all the avant-garde technological advantages of connected vehicles, it is unwise to deny its adoption. Understanding comprehensively the cybersecurity aspect in connected vehicles helps carmakers assure their customers and achieve optimal security.
Major Cybersecurity Issues in Connected Vehicles
To begin with, neither vehicles nor cybersecurity products are new to consumers. However, combining cybersecurity to connected vehicles is a great challenge to both security software developers and carmakers. A 2015 joint survey published by Ponemon Institute and RogueWave software studied this gap between these two actors regarding connected vehicles. The survey identifies three key obstacles hindering the two parties from collaborating seamlessly. They are:
- The lack of trust of carmakers to expose potential product vulnerabilities to white hat hackers and security researchers.
- The insufficient training for carmakers to approach and address security as software developers.
- The inadequate emphasis on security in product development.
This industry background further suggest significant cybersecurity risk in interoperability and endpoint because automotive manufacturing ecosystem involves a wide range of components from different suppliers. The complexity of the global supply chain of automobile manufacturers and industry compliance is critical. The failure of one component can generate catastrophic domino effects. It is not unimaginable that a competitor adopts cyberattack strategies to succeed in the market. In this context, one crucial perspective is to alert and forbid OEM hardware suppliers and software developers to collaborate with a competitor. However, establishing standardized security protocols to require every stakeholder to respect and comply is a demanding and ambitious endeavor. The following diagram shows several examples of penetration points of a connected vehicle.
It is not unimaginable that a competitor adopts cyberattack strategies to succeed in the market. In this context, one crucial perspective is to alert and forbid OEM hardware suppliers and software developers to collaborate with a competitor. However, establishing standardized security protocols to require every stakeholder to respect and comply is a demanding and ambitious endeavor. The following diagram shows several examples of penetration points of a connected vehicle.
Connected cars penetration points
This illustration implies the consequences in case of the malfunctioning of one or multiple parts in the vehicle. For examples, hacking the antitheft system can lead to property loss; hijacking the brake and engine can cause traffic accidents. Provided that the IoT architecture plays a significant role in connected vehicles, its common vulnerable areas, such as insecure default password, data interception and untrustworthy third party firmware, also apply to connected vehicles. More significantly, the connectivity of a connected vehicle is complex. It can be wireless, Bluetooth, cellular, electronic control units (ECU) or a mix of the four. Each connectivity approach has their own weaknesses. For instance, according to Miller and Valasek (2014), Bluetooth is “one of the biggest and most viable attack surfaces on the modern automobile, due to the complexity of protocol and underlying data.” In addition, connected vehicles is not necessarily an equivalence of new vehicles. Nowadays, additional accessories with connectivity can be added to old vehicles so as to connect them to the entire IoT framework for connected vehicles. This enlarges the population of connected vehicles and thus complicates the security solution research and development.
Major Connected Cars Security Product Vendors
Other players in this market are:
- Infineon Technologies AG
- Tesla Motors