If ‘’white-hat’’ researchers can hack cars, so can sophisticated organised crime
While carmakers compete fiercely in the Connected Car arena, malicious cyber-attacks on cars from organised crime can and will move from a possibility to reality. Why is it inevitable?
Simply because we expect a proliferation of Connected Cars over the next ten years and considering that more than once ‘’white hat’’ researchers have demonstrated that modern Connected Cars can be hacked, there are many reasons to worry about. To put it simply, in many cases the existing in-network security needs an upgrade to withstand the new cyber-threats that arise from the introduction of the Cyber-Physical System.
Additionally, the amount of personal data (e.g. preferences, behaviour, location, even credit card details) collected and distributed over the network by Connected Cars will increase significantly over the next decade as the Internet-of-Cars develops (OTA, V2V, V2I, Autonomous).
Finally, as the number of connected-to-the-car devices increases, the vehicle’s attack vector will grow exponentially. And what’s worse, what we call Peripheral car cybersecurity will never be 100% robust. Even the smallest breach in car cybersecurity, whether it’s in-vehicle, peripheral and/or cloud security, is enough to draw the attention of sophisticated criminals who look for opportunities to monetize vulnerabilities.
Automotive Cyber Security is a far more than just ‘’researchers demonstrating what researchers can do”. We need real-world counter-measures to protect against sophisticated organised crime.
Mike Parris, Head of SBD Secure Car
What needs to be done to secure Connected Cars?
What we need is collaborative, proactive, car cybersecurity implemented by a layered-approach to guarantee security and data privacy. This, can included industry-wide standards, mandatory fitment of robust software and/or hardware solutions and certification of peripheral devices among others to protect against network-based threats (LTE), local area-based (Bluetooth, WiFi, etc.) and open software attacks respectively.
However, it is important for consumers to understand that this approach will not eliminate cyber threats, but it can reduce organised crime’s incentives to attack cars as their probability of success and their gain from infiltrating car security will decrease significantly.
A multi-layer approach is always a good practice, starting with a holistic process of security by design which involves addressing potential threats right from the requirement and design phase of products
Asaf Atzmon, VP of Business Development, TowerSec
Where are we now? And where are we going to?
Has the automotive industry done enough to protect Connected Cars against cyber-attacks? What is the status of the Automotive Cyber Security market in terms of penetration, demand-supply of solutions and market competition? How the cost of fitting cybersecurity solutions affects carmakers’ decisions?
In a nutshell, no official regulation or common standards exist yet but the auto industry is working on voluntary privacy principles which will take effect in January.
But many signs show that the market has the potential to grow exponential over the next 5 years. First, demand for penetration testing and product integration by OEMs is increasing, as a response to the car hackings (and their consequences on brand reputation).
In the last six months, the awareness level has risen much higher in the industry. We see a lot more activity in terms of the penetration testing requests we receive and also in terms of evaluation of our product.
Ziv Levi, CEO Arilou Technologies Ltd
Additionally, regulatory action has started to develop in the US and Japan while automotive industry standards are already being discussed.
At the same time, we observe significant investment, partnerships, and M&A in the marketplace which demonstrate that key stakeholders are developing their strategies and placing their bets for the years to come.
To get answers to these questions read our new report: