Cybersecurity at its best is a multi-layered solution. It must be, now that everything is connected, and cyber-attacks target not only endpoint devices (cars), but backend servers and whole network environments. In the continuous rivalry between endpoint security and network security in IT systems, it’s clear no one solution is bulletproof against sophisticated cyber-attacks, leaving organizations with one prime conclusion – a truly comprehensive cybersecurity solution must be comprised of both endpoint and network security.
The automotive industry is no different, when cyber-attacks prove time and time again that in-vehicle protection is important, but can only be partially effective; recent hacks from the past few months alone show OEMs and car-sharing services must integrate the necessary network security to achieve powerful protection against the ‘rising star’ in latest cyber-attacks – remote car hacks and data breaches. Why wouldn’t endpoint security solutions be able to stop these remote car attacks on their own, and how can automotive cloud cybersecurity help prevent them? It’s all in here –
While in-vehicle security is vital, it still requires an additional defense layer to protect the connected car from remote cyber-attacks that target backend servers.
Here’s why –
1. No protection against remote controlling the vehicle.
Not all threats are operated near the vehicle; some attacks are disguised as protocol-legitimate commands, leaving in-vehicle anti-virus systems completely unsuspicious. By controlling the vehicle’s backend servers, hackers can easily send commands that can only be detected as malicious in the right context, by correlation with other user behaviors. Since this kind of analysis does not exist in in-vehicle systems, the connected car’s backend servers continue to pose a prime target for hackers. Examples of this kind of attacks are numerous: from the 2015 attack that turned off a Jeep Cherokee’s engine while still driving, to the hijacking of a Corvette’s breaks via a popular car app, or the recent massive BMW hack, allowing hackers to remotely control a vehicle, by sending arbitrary diagnostics messages to the engine control unit (ECU) and the CAN bus.
2. No fleet-wide visibility to protect against multiple car hacks.
Protecting the vehicle alone does not allow complete visibility of connected fleets in case of pattern attacks on multiple vehicles. For example, when multiple cars receive a simple command to unlock their doors at the same time or one after the other, endpoint security will not be able to detect that this might be a recurring car theft attack. Such was the case when a hacker managed to remotely disable more than 100 cars in Texas by hacking into a vehicle-immobilization system and pulling up a database of all 1,100 customers whose cars were equipped with the device.
3. No protection against attacks on third-party car services.
Securing the connected vehicle alone does not protect against attacks on third-party services. By using third-party services such as mobile apps to hack into backend servers such as the telematics control unit or the car’s infotainment system, hackers can easily track a vehicle’s location or steal a user’s personal info. Such infamous attacks include last month’s hacking into the Viper mobile app, giving the attackers access to the vehicle’s telematics server. This adds up to many more incidents, including the breach into Nissan Canada Finance, allowing hackers access to the company’s database with personal customer information like names, addresses, and vehicle identification numbers of 1.13 million customers. Another high-profile attack on third-party services happened this last February, when hackers broke into a Tesla-owned Amazon cloud account, using it to “mine” cryptocurrency.
Integrating automotive cloud cybersecurity to protect the connected car’s entire ecosystem
While an endpoint-only solution protects the vehicle alone, network security offers holistic monitoring of security events across all the connected sources, covering communications between the vehicles, the infrastructure, and the third party services connected to the automotive cloud network.
This centralized vehicle-network security approach to protect the connected car’s entire ecosystem offers vital components such as context and behavioral analysis, both lacking in single-vehicle protection. Based on correlating multiple security events, network security provides full visibility of all users, devices, and data, and turns that data into actionable intelligence to alert on real-time events and prevent future attacks. Designed to look for unusual traffic patterns and anomalies, network security can pick up on suspicious activity by integrating greater visibility over an entire range of vehicles.
When AI and ML came in
Integrating network security creates even greater value when using Artificial Intelligence to identify anomalies over massive quantities of data, and leveraging Machine Learning to distinguish normal user behavior from malicious activity. This ‘Holy Trinity’ of forensics, events correlation, and behavioral analysis, creates a centralized security approach that protects the entire ecosystem of the connected car.