Connected vehicles are easy prey for cyber criminals

Interfaces in connected vehicles are a potential entry point for attacks and therefore a risk that needs to be secured.

Johannesburg, 13 Mar 2020

One of the first, and best-known, attacks on a connected vehicle took place in 2015. Security specialists hacked a Jeep Cherokee while driving, through a vulnerability in the infotainment system, and paralysed it. From a distance, the experts succeeded in taking over various control functions such as acceleration, braking and steering.

This is just one example, according to René Bader, manager for Critical Business Applications and Big Data at NTT Security. Bader says the reality is that there are more and more potential gateways for cyber criminals. And all interfaces in a vehicle connected to systems in the outside world – for example, through GSM, 3G, LTE or 5G networks – can also be hacked.

Sadly, connected vehicles are driving innovation, but not without challenges. With trucks, for example, to be fully connected in the coming years, this is becoming increasingly challenging for manufacturers. The advantages of a connected truck are, of course, highly desirable because the route, load and vehicle status can be continuously monitored to make any logistics business more efficient.

Thanks to connected ecosystems, shortly, cars could exchange information on weather and road conditions, traffic density, or free parking spaces increasing safety and user comfort. And trucks will also be able to travel the roads completely autonomously.

Good vs bad

However, these advances depend on rolling data centres, which provide numerous points of attack for hackers and must be protected accordingly. If security risks are constantly monitored and remediated quickly, it’ll be easier to bring weak points under control.

For Bader, once a vulnerability has been discovered, OTA (over-the-air) solutions can help to deploy software updates and patches on a broad basis. However, manufacturers must consider that only approved updates are installed and cannot be manipulated during transmission before they are pushed onto the electronic control units.

"Another issue is securing the cloud connection. For these new services, the secure connection to the Internet, bidirectional data and information sharing between the vehicle and communication partners (like backend systems, third-party service providers, or other road users), as well as access to highly scalable data storage, processing and analysis functions are crucial."

Can SOCs keep connected cars safe?

Bader says to lower the potential risk in such an ecosystem, a security operation centre (SOC) is needed, acting as a central location in which all security-critical incidents are identified and processed in a co-ordinated manner.

Safety-relevant data from the vehicle environment – such as information from sensors and components, as well as the connected backend systems of the vehicle manufacturers – is collected centrally and enriched with data via threat intelligence.

Potential cyber attacks are detected directly in the vehicle and related events are transmitted to the SOC anonymously, which then structures the collected data from a large number of connected systems. Machine learning and predefined scenarios help identify anomalies and make concrete recommendations for action.

Traditionally, car and truck manufacturers have focused heavily on functional safety when driving. IT security has so far played a subordinate role, although vehicles are now essentially rolling computers.

"The motor industry must tackle the issue of cyber security much more strongly to protect vehicles in the future. Trucks are already technologically more advanced, and cars should follow suit as quickly as possible. At this point, vehicle manufacturers should invest in the proven procedures and technological approaches of the IT industry."

One way to stay ahead is by having a professional team of security specialists who evaluate different sources for new weak points and identify methods and tools of potential attackers.

Share