The emerging Cyber Security landscape of Connected Cars
Within the next four years, over 70% of all cars sold worldwide will possess internet connectivity. The connected car revolution shows no sign of stopping as self-driving cars look to progress from a novelty to an everyday norm.
This technology brings with it many benefits: real time hazard detection, automated parking, bluetooth and internet connectivity, and even automotive app stores. Increased connectivity is at the source of many security analysts’ concerns.
In any computer system, it is a matter of when, not if, a vulnerability is found and exploited. With this in mind, it is important to remember that data security is not the only cause for concern, as high-tech infotainment systems are increasingly becoming a distraction for drivers on busy highways.
Connectivity as an attack vector
One of the earliest exploits of wireless convenience was remote key fob spoofing. This attack allowed car thieves to remotely unlock cars using cheap and readily available equipment. While many cars today implement cryptographic protections, a worrying number still use the vulnerable manual system.
Modern cars are packed with sensors of all kinds, from Lidar to microphones. Internal systems are constantly collecting our usage habits, saving our routes and learning our driving patterns to optimize fuel usage.
It is little surprise then that on average, connected cars produce over 25 gigabytes of data every hour. A compromised system has the potential to give hackers access to a wealth of personal data, location information and even conversations through inbuilt microphones.
The danger posed by app stores
For the moment, many of the vulnerabilities in connected cars are discovered by researchers and made known to manufacturers for the purpose of patching. However, automotive app ecosystems are developing across platforms: both Android and iOS now offer infotainment systems and vehicle-centric apps.
As these ecosystems expand, so too will the nature and extent of the personal data they collect. With this comes increased incentives for bad actors, further placing our data security at risk. While the security standards of major app stores are improving, malware regularly slips through the net. This means that the security of connected cars must be treated even more carefully than our home computers.
In the best case scenario, a malicious app may have access to non-critical systems and will not cost lives. This can still have serious consequences, apps may intentionally drain the battery for example, leaving a driver stranded.
Regular software updates and proper precautions when downloading apps are key to maintaining road safety because as part of the internet of things (IoT), connected cars are vulnerable to attacks similar to those we’ve seen target home IoT devices.
Automotive cyber security and driver safety
By now, we are all aware of the impact traditional computer viruses can have. Ransomware cost the US economy over $7.5 billion in 2019 alone; however, it rarely cost human lives. In contrast, an infected connected car has the potential to be manipulated with deadly consequences.
Many modern cars now come with safety and self-driving systems, and while their capabilities vary, the consequences of their abuse remain equally serious. The manipulation of safety or self-driving systems as limited as automated parallel parking have been shown to be vulnerable, with researchers remotely controlling the steering and breaking of certain models. Security remains a principal hindrance to the widespread adoption of self-driving technology.
At the forefront of self-driving car development, Tesla’s cars have become a prime target for hackers. The car’s autopilot has previously been tricked into changing lanes and swerving into oncoming traffic.
Maintaining the security of connected cars – newly developed self-driving models especially – is a problem as challenging as the technology’s original development. Responsibility falls to each stage of the supply chain to maintain stringent security standards, from manufacturers and app stores to the drivers themselves.
Today’s driver must remain diligent, vetting apps before installing them and updating their systems regularly to remain ahead of the curve.