A “connected car” refers to the presence of devices in an automobile that utilize in-car connectivity, whether through short-range communications or over the Internet, to provide location, diagnostic, or other information as well as to interface with other cars, homes, offices or infrastructure. Connectivity features that were once only available on luxury automotive brands are now available across model ranges, including in basic cars. These features include Bluetooth connectivity for pairing mobile phones, GPS navigation, 4G WiFi hotspots, collision avoidance systems, remote diagnostics and more. In fact, with these capabilities, cars are rapidly becoming data networks on wheels.
The manufacture of new connected cars equipped with data connectivity was forecast by Gartner to reach 12.4 million during 2016, increasing to 61 million in 2020 – nearly 70% of all cars produced globally. Such external connectivity is also reflected in automotive control systems, with even basic vehicles now using multiple electronic control units containing millions of lines of code, controlling all aspects of the car from engine management, to the brakes, steering and entertainment systems. But as growth of electronically controlled, connected cars, zoomed up, security was left as an afterthought.
Connected Car Cyber Security Overview
In July 2015, Wired magazine broke the story that hackers had taken control and killed the accelerator of a Jeep in motion on the freeway. Even if the average driver isn't necessarily concerned that the same thing will happen to them, connected automobiles could disrupt our everyday lives in other ways. And, with an estimated 61 million connected cars expected on the road by 2020, these disruptions could be coming sooner than one may think.
The cyber security risks for connected cars are of major concern. A breach that allows external access to a car’s network cannot only compromise the privacy of a driver’s data, but there is much more at stake; the cyber security threat in connected cars is a matter of life and death and threatens the automotive industry’s road map towards autonomous vehicles.
Within current car architecture, where connections between systems follow more practical considerations rather than security ones, an attacker can potentially gain access to all aspects of the car including its vital systems. Hackers have the ability to attack systems to steal personal data, compromise infotainment/navigation GPS units, and neutralize vehicle alarm systems. What is worse, they can threaten drivers’ physical safety with the potential to hijack the systems directly related to the car’s safe operation. Not only does this kind of attack risk the lives of drivers and pedestrians, a successful attack would likely have dramatic consequences for the automotive industry.
Connected Car Cyber Security Risk Scenarios
As discussed, while automakers are eager to put short-range and Internet connectivity to good use – tracking down stolen vehicles, preprogramming trip routes, and making driverless cars a full-scale reality — the security risks of such connectivity are significant. Following is a list of future risk scenarios driven by expanded deployment of automotive connectivity.
Theft of personal data: Vehicles with Internet connectivity are already sending massive amounts of data to manufacturers, and while they have yet to do much with the information, it's only a matter of time before they start monetizing it. Additionally, if personal data is connected with one’s car, this will present a real incentive for hackers to threat it as an easy, high-value target, especially with the industry lacking experience in protecting sensitive data.
Computer malware: Cars have become computers on wheels, making them susceptible to the same issues we face on a daily basis with our personal computers. When a PC or smartphone crashes due to malware or a non-malicious glitch, at least one’s physical safety is not in danger. If a large-scale botnet could disable brakes, steering, or other critical functions, it would be a different story. When driverless cars start to appear, the systems that control and coordinate them, perhaps running in the cloud, will also be prone to intrusion and failure.
Losing control of your car: Numerous connected car applications are on the way, which could mean that if someone else gets a hold of one’s phone or Apple Watch, they also gain access to their car. While having your devices connected can make one’s life easier, it also has the potential to open up a Pandora's box allowing thieves another way in.
Interface Masters Technologies has for over 20 years been providing off-the-shelf innovative network security solutions with customization services to OEMs, Fortune 100 and startup companies. Our headquarters are located in San Jose, California in the heart of Silicon Valley where we are proud to design and manufacture all of our products. Based on MIPS, ARM, PowerPC and x86 processors, Interface Masters appliance models enable OEMs to significantly reduce time-to-market with reliable, pre-tested and pre-integrated networking solutions that can meet the most challenging security requirements.