Challenges of Securing Connected Cars

DAN SAHAR

VP of Products

[Transcript]

The automotive industry is undergoing rapid transformation and becoming a smart mobility ecosystem. The foundation of this ecosystem is connectivity, which is basically the enabler for any type of value-added services that you can build on top of the connected car. Smart mobility unlocks a host of opportunities for both the OEMs as well as value-added service creators. The same times, it brings with it a range of cybersecurity risk that never existed before.

If you look back as near as 5 to 10 years ago, at a typical vehicle, you could say it was air-gapped. Basically, it had protection from the outside world. There was no way a hacker could penetrate it unless they were physically near that vehicle. However, that all changes the second you introduce connectivity to that car. So if you were to ask an automotive security officer whether they had cybersecurity issue, with these unconnected cars, they would probably tell you, “We didn’t have any issue or security risk was very low.” Unfortunately, that all changes the second you introduce connectivity to these vehicles. Connectivity pretty much opens the doors for hackers to remotely penetrate a car and potentially create damage that can span multiple vehicles at the same time. Now let’s look at how the connect car ecosystem looks like.

So what we have here is a vehicle that has internet connectivity, either through an embedded SIM card or through an aftermarket dongle that provides mobile connectivity for this vehicle. Through this data connection, the car actually connects to the automotive cloud, where a typical OEM or a fleet operator would host a range of applications such as telematics, mobile application servers, LiDAR, maps, an ever-growing list. The last part of the infrastructure is the mobile phone, which consumers can use to unlock the doors, turn on the engines, and perform a variety of actions such as driving the car remotely from the driveway. Now that we understand the infrastructure, let’s look at how a hacker would try to penetrate all this connected vehicle service.

The most obvious attack vector is what we call Near Field attack, wherein a hacker can physically compromise the car either through OBD II, through Bluetooth, or Wi-Fi. Near Field attack, in most cases, are confined to the impact that they can create as they’re isolated to a single vehicle. The more serious attack vectors are actually what we call remote attacks that are generated from the public internet, from locations that are nowhere close to the vehicle. Hackers can remotely compromise a service either by attacking the automotive cloud, and through it, being able to attack multiple connected vehicles at the same time. The third attack vector would be to go through the mobile app and then use it to pivot into the automotive cloud, and from there, into the connected vehicles and basically compromise the entire vehicle fleet.

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details

Leading the Charge: Securing Charging Station Infrastructures

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue

There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…

More Details