Modern vehicles come strapped with a variety of computerized and connected components. These features can make vehicles more appealing to drivers. However, they are also risky, because they can serve as hidden doorways for cyber criminals. Currently, there simply are not enough security features in modern vehicles to keep them invulnerable. Furthermore, as vehicles become more autonomous, the threats grow.
What are the Current Threats?
A few common techniques cyber criminals use to compromise modern vehicles include:
Hacking mobile apps: Car manufacturers and app makers are transforming mobile phone apps into remote controls. While this feature provides convenience, it also inadvertently gives hackers potential entryways into drivers’ personal data.
Malware: Cyber criminals can access unsecured Bluetooth devices and MP3 players. From there, they can use malware to hijack a vehicle. For example, a hacker could mask a virus as a music track, which lets them slip into the system as soon as the driver presses “play.”
Server break-ins: If a hacker manages to successfully penetrate a server, they could access all connected mobile apps, sales data, and controls. With this access, they can manipulate secondary vehicles connected to the server. Additionally, they may be able to access a car’s on-board diagnostic port, which they could then use to access its management system.
Over-the-air software (OTA) updates: Hackers can tap into weaknesses in these updates to access vehicle systems, allowing them to take control of vehicles from anywhere in the world.
What are the Future Threats?
Cyber security threats don’t end with today’s connected vehicles. There is growing evidence that future autonomous vehicles, which will come equipped with a broad range of artificial intelligence (AI) features, will pose additional dangers to drivers and pedestrians.
“The increased uptake of AI technologies has further amplified this issue with the addition of complex and opaque ML [machine learning] algorithms, dedicated AI modules, and third-party pre-trained models that now become part of the supply chain,” states a recent report on the cyber security challenges in autonomous vehicles from the EU Agency for Cybersecurity (ENISA) and Joint Research Centre (JRC).
Software-defined vehicles, whose components are enabled primarily through software, pose one of the biggest cyber security challenges in the near future. These vehicles come equipped with a number of software components that require regular over-the-air (OTA) updates throughout a vehicle’s lifetime. These software components often come from a number of different suppliers, and they must be reviewed for vulnerabilities.
As such, manufacturers will need to take on complex security strategies to ensure vehicles with these components are trustworthy.
Such strategies can include:
- Developing systems that require each OTA communication be formatted specifically within an applicable communications protocol, whether or not the source has been confirmed.
- Establishing a protocol in which a system shuts off specific subsystems if a vehicle does not establish an OTA connection over a certain period of time, which could protect it against a potential attack.
- Analyzing software for threats through composition analysis, penetration testing, and periodic risk assessments. (This depends on “defense-in-depth strategies,” such as secure updates, identity access management, secure boots, and isolation-through-virtualization methods.)
- Securing microchips in a vehicle’s electronic control units. Some methods include secure storage, tamper detection, and hardware acceleration for crypto-algorithms.
Cyber security will continue to represent a growing challenge for the automotive sector. As it does, vehicle makers will be wise to ensure their vehicles come equipped with the best security features possible. They also need to prepare for a future in which cyber security will be considered fundamental from the beginning to the end of a vehicle’s life cycle.
Focusing on Security and Safety
Prepare your organization to better comprehend the security aspects of the automotive industry. An online five-course program, Automotive Cyber Security: Protecting the Vehicular Network aims to foster the discussion on automotive cyber security solutions and requirements for both intelligent vehicles and the infrastructure of intelligent transportation systems.
Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.
Interested in the course for yourself? Visit the IEEE Learning Network.
Smith, Jada. 25 June 2021. Protecting the Software-Defined Vehicle. CPO Magazine.
Stevens, Gary. (6 June 2021). Securing Computerized Vehicles from Potential Cybersecurity Threats. Trip Wire.
Hope, Alicia. (8 March 2021). EU Agency for Cybersecurity Says Autonomous Vehicles Highly Vulnerable to Various Cybersecurity Challenges. CPO Magazine.