Connected car security has recently become an industry focal point with news of some high profile security breaches. Chrysler has just shipped more than 1.4 million USB thumb drives to Jeep owners to patch a security problem that leaves Jeep models susceptible to hacking, including control over the drive system. This is just the latest in a series of security concerns about the connected car. The more connectivity you offer in the automobile, the more susceptible it will be to outside attacks.
According to the GSMA, every new car will be connected by 2025. In 2015 alone, the GSMA is predicting that 20 percent of all vehicles sold will include embedded software and firmware for connectivity, and more than 50 percent of cars sold will include some kind of connectivity solution, whether via embedded technology, tethered links, or smartphone connections.
The important thing to point out is that the automobile information system is no longer isolated. Connected cars are now part of the Internet of Things, which means they are connected to a broader infrastructure to both share and gather data. It also means that outside intruders can hack into automotive hardware and gain control of vital systems.
The German automobile club, the ADAC, already demonstrated how they could hack into BMW, Rolls Royce, and Mini models through the ConnectedDrive feature, gaining control of electronic door locks and more. Wired magazine ran a profile of a Jeep hack that was able to take over the console and the transmission using mobile technology. These are just examples of the types of threats happening now and what’s to come.
What are OEMs and manufacturers facing as new security threats for connected cars? Here are 9 predictions:
1. Hacking ThreatsThe immediate threat to connected cars is from unscrupulous hackers. The ability to take control of any controlled car at any time using a laptop computer with wireless access is a frightening thought. Conceivably, hackers can hold manufacturers, dealers, and even consumers hostage by threatening to take over specific car models at any moment. The possibilities create new possibilities for “ransomware.” Automobile hacking threats are going to start to rise this year.
2. Hacking Smartphone ControlsIn addition to directly hacking the car itself, hackers are also going to be looking for new ways to hack connected car interfaces through smartphones. Cybercriminals are already embedding mobile Trojans and Worm malware in innocent looking mobile apps, hoping users will download new games and apps and infect their phones in the process. The same strategy poses a threat to smartphones being used to control connected cars. You are going to see more smartphone malware emerging and targeting cars.
3. Bluetooth ThreatBluetooth connectivity is available in most cars and is designed to create a wireless tether between the phone and the vehicle. The same technology can be hacked from short range for remote vehicle access, such as opening locked doors. Manufacturers are going to start looking more closely at Bluetooth as a security risk.
4. GPS Security & Personal Data ProtectionOne of the most popular applications in the connected car is in-dash navigation, which requires GPS capability. GPS is a double-edged sword for security; just as it can tell you where you are, it can alert others about your location as well. Hacking into onboard navigation systems is an ideal way for burglars to determine if you are home or not. GPS systems are going to post a new security threat for automakers over the coming years. And as connected car technology evolves, consumers are going to be seeking an in-car connectivity experience similar to what they have with their smart mobile devices. They are going to want to make online purchases from their cars using credit cards and online banking methods. The connected car will become a new source of credit card fraud and identity theft.
5. New Insurance PracticesConnected car technology also makes it possible to monitor driving habits, such as average speed, stopping at intersections, and average miles driven. These are all data points that are of interest to insurance carriers, and could be used to provide reduced insurance rates based on driving habits.
6. Remote Security MonitoringSince connected car communications is two-way, manufacturers and dealers are going to have to start monitoring cars just as IT managers monitor their computer networks. When there is a fault or a security breach, the car will be programmed to alert the manufacturer and/or dealer, as well as the driver.
7. New Security Updates for Connected CarsRather than shipping USB fobs to upgrade security software, as Chrysler had to do for their recent Jeep hack, carmakers will learn from manufacturers like Tesla and BMW who update software remotely using wireless connections. Every time a new security breach emerges, manufacturers will be prepared with new software patches that can be deployed immediately.
8. Data EncryptionTo secure connected car communications, standards are going to emerge and cross-industry standard encryption and authentication methods will become more integrated within each automakers systems.
9. New Authentication StrategiesIn addition to securing connected car data, manufacturers will start working on new ways to authenticate users as well. OEMs and manufacturers will use biometrics capabilities being built into newer smartphones and other authentication protocols to make sure that illicit users can’t access car communications systems.
These are just a few of the things that we will see sharing connected car security in the months and years ahead. OEMs and carmakers will learn a lot from the work done securing wireless and computer networks, and they will be looking to strategic partners to help them address the most pressing security issues. Eventually, new strategies and standards are going to emerge to keep manufacturers one step ahead of hackers.
What other predictions are you seeing for the rest of 2015?
Topics: Connected Car - Security