The fight against automotive cyber crime
Gartner predicts that there will be 150 million passenger vehicles connected to the internet by 2020. As well as providing personalised services designed for our comfort, convenience and entertainment, these vehicles will be super intelligent on their environment; capable of detecting and avoiding potential hazards, traffic jams and dramatically improving road safety and efficiency. However it also means that 150 million cars will be susceptible to hacking, potentially leading to data theft and manipulation of driving systems.
This year, several leading automotive manufacturers have fallen victim to hacks of this nature. In the summer, two security experts hacked into a Jeep Cherokee via its internet-connected entertainment system. As a result, they were able to cut the vehicle’s transmission, bringing it to a grinding halt on a busy American highway, all from their comfort of their sofa. A month later, researchers at the Usenix security conference demonstrated how they could access critical functions of a Corvette through a wirelessly connected device commonly used for tracking by insurers and trucking fleets.
Though connected vehicles are a long way from mass adoption, these incidents are an important lesson for the automotive industry. They highlight that there needs to be a solid foundation of security and trust to fully take advantage of innovations in connected and self-driving vehicles. A large part of this relies on the entire ecosystem coming together; manufacturers, technology suppliers, regulators etc.; to make sure that the physical and digital safety of drivers is prioritised, so vehicles will be robust enough to stand up to hacking attempts.
This process starts with minimising vulnerabilities at the entry point. Technology embedded in the car therefore needs to be encrypted. At the same time, messages received by the car from other vehicles or infrastructure like smart traffic lights and road signs need to be properly authenticated via its digital signature.
Any device that is connected to the internet is vulnerable to hacking so there is always a risk of a security breach. Vehicles need to be able to minimise the potential damage if their systems become compromised. One way of doing this is by segmenting in-car systems, so the radio can’t talk to the brakes, which can’t talk to the transmission, and so on. This can minimise the systems that a hacker can control via one entry point.
Different systems and networks within the car have different vulnerabilities and attack points. They therefore require different levels of security. In some cases, software security may be sufficient but other cases will require much stronger tamper proof security solutions. Similarly other solutions like intrusion detection systems and authentication of messages and secure firmware OTA updates can provide a comprehensive protection system.
The benefits of connected, self-driving vehicles are far too extensive to pass up. Not only can the technology reduce the economic burden of congestion, set to cost Europe and the $4.4tn between 2013 and 2030, it will also help to eliminate human error which currently causes 90% of road traffic accidents. At this innovation precipice, the automotive industry must learn from the mistakes of others that have undergone internet convergence, taking a position of ‘security by default’ and ‘best line of defence’. Security needs to be embedded in design and vehicles must be able to minimise damage if their systems are compromised. With technology for connected cars still in the early stages, we need to drive this approach as an ecosystem to ensure safety, security and privacy for drivers.