When was the last time you rerouted based on real-time traffic updates from navigation apps like Google Maps? Well, nowadays with the over-crowded traffic scene, we are almost mentally wired to do so. However, if you feel that’s not a connected car experience enough, you might be slightly further from the reality. Provided the fact we are not confusing connected cars with autonomous vehicles, let’s drive right into the highway of smart automobile experiences and investigate the needs and measures for ensuring their cyber security.
A ‘Connected car’ is equipped with Internet access that may be shared inside the vehicle through a local wireless network. However, a car becomes ‘connected’ when it starts to consume data or access services from the cloud or starts to sync diagnostic data with the cloud. A connected car driver has continuous access to not only on-road information such as route and traffic congestion, but also to multimedia content. The current crop of connected smartphone apps available in India such as Mercedes Me, BMW ConnectedDrive, Honda Connect, Toyota Connect, Ford SYNC, and Nissan Connect is continually adding features, and allows car owners to be perpetually linked with their vehicles. Fortified with features such as on-road assistance, vehicle diagnostics, geo-tracking, remote locking and temperature control, connected car owners certainly get a lot more out of their driving experience. As the average human’s daily schedule is being eased by robotic automation and artificial intelligence, the connected car is exponentially evolving every day from being a luxury to a necessity.
However, if appropriate security measures for this ‘soon-to-be-ubiquitous’ necessity are not mandated soon enough, the future of connected cars could be bleak. Would you believe that in some of the vehicles which debuted the connected features, it was possible for a hacker to disable the breaks and control the steering. Imagine this happening on a long-ride with your beloved or family. Is this really possible? Can hackable connected cars be owned with trust?
There are three types of external communication networks in a connected car – Internet, WiFi and Dedicated Short-range Communication (DSRC). Hence to be specific, the boon of connectivity gives birth to this bane of connected car hacking. In 2018 itself, there have been 10 such hacks in the year’s first 10 weeks. Back in 2015, white-hat hacker duo Charlie Miller and Chris Valasek had demonstrated how evidently insecure today’s state-of-the-art connected cars are. Utilizing a loophole in a Jeep Cherokee’s entertainment software, they had taken over dashboard functions, steering, brakes, and transmission of the vehicle while it was driving down the highway at 70mph.
Even in 2018, as the automobile industry is cruising towards autonomous driving, unfortunately connected cars are still prone to multiple cyber security flaws that lay out a red-carpet for hackers. These hackers sitting in distant corners of the globe are not just researchers, but also vary between cyber-criminals, competitors and hacktivists. Tapping into various security lapses and network flaws such as the Controller Area Network (CAN) Bus vulnerability, hackers target the Electronic Control Unit (ECU). For example, by intercepting the messages between the ECU and any of the subsystems from a digitally or physically compromised On-board Diagnostics (OBD) port and injecting corrupt bits into multiple such communications (arbitrary CAN injections), it is possible to trick the ECU to perceive a subsystem as defective and take it out of the car network’s Intrusion Detection System (IDS).
Malware and digital exploits are getting complex by the day. However, with an average connected car’s go-to-market period being 5 years or more, both the physical and network security measures implemented at the time of design, are often outdated to by the time they are in production.
There are primarily two sets of unique challenges that are maiming the auto industry’s Original Equipment Manufacturers (OEM) from filling these cyber security gaps with a definite set of security practices and countermeasures.
Every industry has its own set of drawbacks or challenges. Innovation or disruption stems from perceiving these challenges as opportunities and overcoming them with comprehensive ingenuity. To secure connected cars, there should be a multi-pronged approach.
From a network access perspective there should be:
From a process perspective there should be:
From a practice perspective there should be:
As the hackers keep the chase on and the OEMs innovate to secure their products, within the coming decade itself the connected cars industry will undergo a sea-change in terms of security protocols and practices. Starting with the recent OEM-Supplier alliances and end-user forums, the future certainly doesn’t seem DIS-connected.