The automotive industry has seen tremendous evolution during the past few decades, especially with connected and autonomous vehicles picking up steam. Driven by technologies like the Internet of Things (IoT), connected cars are already defining the future of mobility while paving the way for mass adoption of fully autonomous vehicles in the times to come. IoT has made vehicles more aware of their surroundings, making them more autonomous, safer and efficient on the roads. With different parts of vehicles connected to the internet, one can have better remote access and control over their vehicle’s functionality through their phones. Ignition, windows, lights, trunk and many other functionalities can be accessed through a smartphone while one is busy elsewhere.
The first connected car appeared way back in 1996, when General Motors partnered with Motorola Automotive, leading to the introduction of OnStar telematics system – a device that would make voice calls to emergency call centres in the event of a mishap. Today, cars are equipped with computer chips, sensors and mobile technology ranging from UWB, NFC enabled chips to Key Fobs that provide enhanced security to the users of connected cars. Moreover, there are numerous other benefits of driving a connected vehicle. The connected vehicles of today can help find a parking spot and anticipate a needed repair. They can even help find entertainment options or desired goods and services. Our cars have become integrated with our increasingly connected lives and will be added to the collection of things we access from our mobile phones.
With convenience comes the challenge
With an increasing number of connected cars on our roads, there is also a challenge that needs to be addressed, i.e. the potential risk to automotive security from cybercriminals. Modern cars connect to external networks, offering safer, more convenient, and enjoyable driving experiences, but this can also leave cars vulnerable to cyberattacks. The growth of connected cars and autonomous cars have often raised concerns among regulators as even a small-scale hack of automated cars could cause collisions and gridlocks.
Hackers also have the ability to gain control of safety-critical aspects of the operation of a vehicle; for instance, by manipulating the cruise control system to exploit the steering and braking systems. Today’s cars are also fitted with in-vehicle infotainment (IVI) systems and navigation systems, easily accessible by a variety of third-party applications, including in-vehicle internet access and WiFi. This offers a greater surface area for breaches.
As digital keys replace conventional physical car keys with wireless key fobs and smartphone apps, car thieves can gain unauthorized access to the vehicle by intercepting contact between a smartphone or wireless key fob and the car, using the owner’s wireless key fob to mimic the digital key to unlock a vehicle if the owner is already near their vehicle. However, technologies like ultra-wideband can provide protection against car theft through relay attacks.
In a recent breach, hackers broke into two popular GPS applications used in many countries, gaining access to personal data, controlling the location of the vehicle in real-time and killing its engines. In another scenario, a security researcher was able to hack into the connected car technology app of a leading global car manufacturer and remotely control climate settings, drain the car’s battery, and spy on data from recent travels.
Also read: Internet-connected cars are first step towards autonomous driving: 5G to be backbone of connectivity
Addressing the challenge
Security concerns are usually prevalent around self-driving cars, but with increasing levels of connectivity in today’s cars, these threats are now real for other vehicles too. Hence, carmakers must design and develop end-to-end solutions focusing on the complete system, also including how the cars interact with their environment and other vehicles. Today, there is tech available for a cybersecurity framework that offers a secure interface to the outside world for machine-to-machine communication, a secure gateway for domain isolation, secure network for messaging both internally and externally, and secure processing on ECUs. Along with secure car access systems, it enables defense-in-depth protection across the vehicle.
Another principle that must be applied to all systems is defense-in-depth or multi-layer-security because security in general is only as strong as the weakest link. To simplify, if one layer of security is breached, the next layer must continue to protect the system. For example: if the infotainment unit is hacked, then the internal firewall will still protect safety-relevant systems like steering controls and brakes from unauthorized access.
As new threats and attacks are uncovered, the only feasible response is to ensure that once deployed into the field, the systems can be quickly and safely modified, ensuring compliance with the new security patches and updates. Features such as multifactor authentication and biometrics are paving a way to protect access and block hackers in search of a loophole.
The increasingly interconnected nature of vehicles today calls for critical safety systems and designers must anticipate every form of attack to prevent access to embedded systems and data. At the same time, the industry at large also must develop standards, specifications and guidelines for vehicle security that enable interoperability.
In fact, it is important that all stakeholders fulfill their roles: government agencies, industry players as well as car owners. Requesting information about the security capabilities of our cars should become routine, in the same way as we learn about safety, driving parameters and convenience features today. Providers must support this goal with the most advanced technology, so we can all be safe and secure while moving towards the future of mobility.
Author: Sanjay Gupta, Vice President & India Country Manager – NXP Semiconductors
Disclaimer: The views and opinions expressed in this article are solely those of the original author. These views and opinions do not represent those of The Indian Express Group or its employees.
