Modern cars are well on their way to revolutionizing the automotive industry. Intel’s 2017 whitepaper reports that “the newest cars on the road are equipped with active safety features that help protect drivers and passengers, heads-up displays that makes it easy to read instruments, and in-vehicle infotainment that makes the trip more enjoyable.” But with an IoT-enabled automobile comes greater security risks. And by 2020, analysts estimate that there will be more than 250 million connected cars on the roads.
How susceptible is the modern car?
Communications breaches are a major risk for all devices, and the modern car is no exception. Communications devices present in modern cars present gateways through which intrusions and manipulations—both sophisticated and mundane—can find a foothold.
In 2015, two hackers were able to control a Jeep Cherokee's UConnect system, an Internet-connected feature that controls all systems being used in the car—from navigation to making calls. This incident prompted Chrysler to recall 1.4 million vehicles. In 2016, a security researcher demonstrated how he could compromise a vehicle’s lidar sensor using a device he assembled for only $43. Lidar sensors are the spinning sensors on which self-driving cars rely.
Today's cars have up to 100 ECUs (electronic control units) and more than 100 million lines of code. An ECU is any embedded system that controls one or more of the electrical system or subsystems in a vehicle. If hackers manage to gain access to an ECU that is responsible for autonomous driving, they can take control of the vehicle’s drivetrain. And since carmakers source ECUs and ECU components from various suppliers, auto manufacturers need to worry about supply chain assurance.
The firmware on ECUs that handle infotainment, navigation, safety, anti-collision, and autonomous driving must be regularly updated using over-the-air (OTA) updates over cellular or WiFi networks that may be compromised if not properly secured. Hyper-connectivity has made it easier for intruders to launch attacks on connected cars. In fact, 62 percent of consumers worry about how easy it is to hack connected cars. While 30 percent of them put the blame on mobile software and app developers, 44 percent place the responsibility and accountability of securing connected cars on the car maker.
How can car manufacturers ensure security?
Automotive IT systems should stay ahead of intruders by migrating off of older automotive communications standards and upgrading the hardware and software-based security technologies on ECUs and in-car gateways. To ensure the secure exchange of information from vehicle to the cloud, automotive manufacturers should employ stringent device controls, authentication and encryption technologies that stop hackers installing malware by compromising the firmware update process. Securing massive numbers of connected devices requires a proactive approach.
Device security must begin at the conceptualization and production stages. The integrity and trustworthiness of the devices themselves should be the primary priority. If communication devices are not designed with security in mind, system intruders can always find a way to overcome secondary defenses.
Automotive companies and their electronic component and software developers should take joint responsibility in ensuring the security of automotive communications. They should invest in high-grade security solutions and a tested security platform. Mocana’s military grade security platform helps equip critical automotive systems with cutting-edge capabilities including certificate management, authentication, encryption, device-to-cloud communications, secure transport, trusted boot, and trusted firmware upgrades.
Read our automotive cybersecurity industry brief to learn more about how Mocana can help secure connected cars and automotive systems.