The Next Gen of Cars will be fully digitalized: How manufacturers can start implementing security safety for drivers and passengers

The IoT (Internet of Things) advent in the automotive industry has unlocked new avenues for manufacturers and buyers worldwide. With usage at both commercial and industrial levels, IoT in the automotive industry has become a significant hotspot for multi-purpose applications. From automated transport systems to connected cars, IoT applications have made a prominent dent in the automotive market globally. 

How frequently do vehicle-related issues such as brake failures, steering failures, or flat tires cause highway accidents or traffic? According to (United States Department of Transportation) U.S. DOT research, around 94% of car crashes result from human error. Only 2% of accidents happen due to mechanical failure. It also might surprise you that one in four deaths are attributed to speeding. The conclusions are startling, demonstrating that a quarter of most traffic accidents and driving-related fatalities are entirely preventable. 

TOP BENEFITS OF DIGITALIZED VEHICLES

Less Traffic Congestion

The significant benefit of digitalized vehicles is their ability to communicate and share telemetry information to avoid accidents. 

Enhanced Maintenance

The ability of digitalized cars to communicate with the manufacturer to provide real-time information on usage and wear patterns allow for more predictive and better maintenance. 

Increased Mobility

Remote controls and access such as using an application to pinpoint vehicle location or checking if the doors are locked enable vehicle owners more control. Moreover, infotainment centres that link to navigation systems and get regular updates for features to turn these digitalized vehicles into a platform for content distribution and apps that provide maximum value to the owners.

Now that we've discussed a few significant benefits of digitalized vehicles, let's discuss:

WHY PROTECTING VEHICLES IS DIFFICULT

Attractive Target

Digitalized vehicles have proven to be the most attractive target among cybercriminals since multiple options exist to target them, including sensor spoofing, remotely taking over vehicles, gaining physical access, stealing data, etc. 

Design Limitations

Computer power, overall connectivity and hardware constraints present design limitations for vehicle manufacturers when embedding automotive IoT security. For instance, all vehicles use the CAN bus (Controller Area Network) to enable all the devices inside the vehicle to communicate and work together. In 1983, this CAN system was developed, which means it predates the internet and modern security protocols, like verifying devices to confirm its legitimacy.

Updating And Patching Complexities

Even if manufacturers detect vulnerabilities and can legally create security updates, unreliable networks and delivering OTA (over-the-air) updates since vehicles frequently go online and offline make it highly challenging to deliver the patch updates. 

Automotive Regulations

Multiple regulations exist that restrict areas of information manufacturers can lockdown due to security reasons. For example, OBD (onboard diagnostics) is a port available on the dashboard that provides vehicle information such as engine health. OBD has been required to be in every vehicle. Part of that OBD is a restriction against CAN bus information obfuscating, encrypting, or encoding so that everyone can read the codes. Consequently, these regulations encourage the idea that everyone can do whatever they want with their vehicle, which makes them significantly vulnerable to security targets.

Long Design Times

Vehicles mainly take around three to five years to design, which provides manufacturers with a long time in which technology evolves rapidly. Unfortunately, these long periods make it complicated to account for technological advances that can help enhance security and might create new vulnerabilities to hack. 

WHAT ENTICES CYBERCRIMNALS TO TARGET CONNECTED CARS

A connected vehicle is capable of connecting to nearby devices via the internet. IoT is primarily driving this connected vehicle industry. With automotive IoT technologies like LiDar, V2X, etc., enabled by many sensors, connected cars today produce around 25GB of data hourly, including information about the driver, passengers and the vehicle. Although all data is preprocessed in the car, data exchange between infrastructure and cars happen via the cloud and are vulnerable to attackers.

We have classified three categories of information and valuable goods that entice cybercriminals to attack connected cars.

1. Data generated, collected, stored and shared, including PII and non-PII data.
2. Physical access to the vehicle (goods inside the vehicle and driving services).
3. Processor resources, network, stored energy (network data usage, free internet, battery energy, v2G networks, processor time, access to V2V networks and cloud services, etc.

REAL-WORLD CYBER-ATTACKS THAT ARE CHALLENGING CONNECTED VEHICLE ECOSYSTEM 

• MitM (Man-in-the-Middle) attack occur when hacker intercept network communication between the vehicle and the cloud. This attack can drop, modify, steal data or cause a critical malfunction in the car.
• DoS (Denial of Service) attack happens when the attacker makes the vehicle unavailable for users by defrauding the car's software.
• Latency issues due to cyber-attacks can result in the vehicle constantly switching to local processors, introducing errors in operations. 
• Manipulation of safety systems and incorrect data occurs when the vehicle receives incorrect real-time data.
• Theft of personal information when attackers steal PII such as financial information, location data, entertainment purposes, etc.

WHY VEHICLE SOFTWARE SECURITY IS ESSENTIAL

According to McKinsey estimates, the automotive software and electronics market will hit $469 Billion in 2030. Unfortunately, although innovative software drives the automotive industry forward, it makes the vehicle most vulnerable to cyber-attacks. In 2021 alone, we have witnessed multiple automotive security breaches. For instance, Tesla Model X was hacked by two security researchers in May 2021 using a drone having a Wi-Fi dongle. Furthermore, in Columbus, Ohio, attackers used key fobs to simulate signals and stole 43 cars in 2 months in the same neighbourhood. 

These cases prove that having proper software security measures for the automotive industry should be a top priority. Not paying attention can result in numerous negative consequences for manufacturers. 

Automotive Software's Top Attack Vectors

• Keyless Fob

Keyless fob transmits radio signal received by the car's receiver to unlock the door or initiate other action. Cybercriminals can also transmit signals using relay devices, even if they're far apart.

• Vehicle Sensors

Sensors collect data on the environment around the vehicle, such as road markings, weather, engine rotation, etc. Using signal jamming or sensor spoofing, a cybercriminal can change a car's behaviour.

• Vehicle Manufacturer Servers

Manufacturer servers process communications inside and outside the car. Attackers can infect a server with ransomware, perform a DoS attack, intercepts transmitted data, etc., to disrupt the automotive services.

• Vehicle Mobile Apps

Mobile applications allow drivers car climate control, improved navigation, remote unlocking and other convenient features. However, hackers can compromise mobile apps by bypassing the signature verification process or providing an app with root access and further abusing the vehicle and its synchronized devices. 

DEFENSIVE TECHNOLOGIES FOR MANUFACTURERS TO IMPLEMENT FOR DRIVER AND PASSENGERS' SAFETY

The automotive industry must implement sufficient cybersecurity solutions for both hardware and software of their vehicle. So let's zoom in on the defensive technologies that will help manufacturers for the security safety of drivers and passengers. 

EDR (Extended Detection & Response)

The technique gathers and correlates activity data across the data supply chain's various points – backend servers, vehicles, and networks, enabling a reliable detection and investigation.

Vulnerability Scanner

Vulnerability scanners are automated tools to scan networks, endpoints, applications and servers for security vulnerabilities that hackers can exploit.

Application Security

Application security prevents the code or data within the application from getting hijacked or stolen. Therefore, app security is essential to protect against server's data exfiltration, code vulnerability, etc., at the application level.

Firewall

A firewall controls incoming and outgoing traffic according to the applied rules and monitors egress/ingress traffic from unknown and harmful domains. Moreover, they identify endpoints or apps that request or generate lousy traffic. 

In-Vehicle Telematics

By utilizing vehicular telematics, a manufacturer can enable the car owner to keep an eye on vehicles from remote locations. As a result, vehicle owners will be ensured of the surveillance, security and safety of drivers and passengers all the time. External cameras and sensors can track the vehicle's condition. Along with the telematics system, the real-time alarm system can also inform the owner when someone without authorized access tries to enter the vehicle forcefully.

Furthermore, many automotive sub-system makers and OEMs include cybersecurity risk management in the product lifecycle. There should be security checks at every stage, from design verification to functional test validation. A vehicle's life on the road remains vulnerable to security attacks. Therefore, sub-systems need to be hackproof, and security systems should protect the vehicles regardless of the app downloads or firmware updates throughout its life. Vehicle security also extends to protocols that delete sensitive information before the vehicle's journey to the scrapyard.

CASE CLOSED

In automobile manufacturing, computer software plays an important role and is being integrated into automobile designs at each stage of development. The automotive cybersecurity market is projected to record a 21.7% annual growth rate globally over the next decade. 

Furthermore, digitalized cars will integrate seamlessly into the overall digital infrastructure. However, this integration will bring a source of vulnerability. Therefore, the next-gen car security includes far more than advanced anti-theft devices. It needs manufacturers to determine the entire ecosystem in which the car will function and ensure that users' lives and personal data will be secured. Therefore, automotive organizations embracing cybersecurity have gained a competitive edge to become the global transportation shapers in this decade and beyond!