Resources
Stay up to date with the latest PCAutomotive news and events, explore our webinars, and study our expert research.
We highlight the most important and valuable trends in the automotive security industry
2022-05-31
Conected cars
Gianfranco Vinucci
Connected cars: technological excellence and advanced security threats
Modern cars are increasingly reminiscent of high-tech gadgets. They are crammed with computers and multimedia systems, intensively exchanging data with cloud services, other cars and road infrastructure.
On the one hand the car of our century is a computer that controls the technological equipment - the engine and brakes, headlights and turn signals, wipers and air conditioning, and a lot more in the future. On the other hand, while business leaders are competing for new customer experience, brand differentiations and innovations, security and risk professionals fight to protect the complex vehicle infrastructure.
Insecure vehicles can lead to data loss, revenue loss, privacy abuse and can even affect human lives. Cybersecurity services aimed to mitigate the risks, as well as new international regulations, which are coming in power, can minimize connected devices threats and help original equipment manufacturers (OEMs) and automotive suppliers to prevent these vulnerabilities.
What is a connected car?
We can observe a massive technological transformation in the latest 40 years. In fact, back in the 1980s there was an introduction of many core electrical systems to support new safety features such as ABS and airbags. Then starting in the 1990s, we have seen a tremendous increase of electronic control units (ECUs) in cars to further increase the safety of vehicles and add new capabilities, especially in Advanced Driver Assistance Systems (ADAS).
The first connected car in the modern sense appeared in 1996: it was the result of the collaboration between GM and Motorola Automotive, which led to the emergence of the OnStar telematics system. A system that could independently communicate with a rescue operator in the event of an accident. Remember the carjacking scene in Die Hard 4? Here is exactly what it is.
In 2021 most new car models have eSIM support, which allows you to transfer telematic data, interact with cloud servers, create Wi-Fi hotspots, receive traffic information in real time, and send a location for emergency services. Being potentially safer and less harmful for the environment, connected cars have clear benefits and expected exponential growth in the foreseeable future.
Orchestration of the components inside a car
We already mentioned that modern cars are equipped with numerous digital devices. Electronic control units (ECUs) have replaced mechanical and analog modules. Even the simplest cars have at least 30 ECUs, and more expensive models contain up to 150 ECUs interconnected by a maze of various digital buses - Controller Area Network (CAN), FlexRay, Local Interconnect Network (LIN), Media Oriented Systems Transport (MOST), Ethernet.
Author: Angelica Rizaeva, Head of Marketing, PCAutomotive
On the one hand the car of our century is a computer that controls the technological equipment - the engine and brakes, headlights and turn signals, wipers and air conditioning, and a lot more in the future. On the other hand, while business leaders are competing for new customer experience, brand differentiations and innovations, security and risk professionals fight to protect the complex vehicle infrastructure.
Insecure vehicles can lead to data loss, revenue loss, privacy abuse and can even affect human lives. Cybersecurity services aimed to mitigate the risks, as well as new international regulations, which are coming in power, can minimize connected devices threats and help original equipment manufacturers (OEMs) and automotive suppliers to prevent these vulnerabilities.
What is a connected car?
We can observe a massive technological transformation in the latest 40 years. In fact, back in the 1980s there was an introduction of many core electrical systems to support new safety features such as ABS and airbags. Then starting in the 1990s, we have seen a tremendous increase of electronic control units (ECUs) in cars to further increase the safety of vehicles and add new capabilities, especially in Advanced Driver Assistance Systems (ADAS).
The first connected car in the modern sense appeared in 1996: it was the result of the collaboration between GM and Motorola Automotive, which led to the emergence of the OnStar telematics system. A system that could independently communicate with a rescue operator in the event of an accident. Remember the carjacking scene in Die Hard 4? Here is exactly what it is.
In 2021 most new car models have eSIM support, which allows you to transfer telematic data, interact with cloud servers, create Wi-Fi hotspots, receive traffic information in real time, and send a location for emergency services. Being potentially safer and less harmful for the environment, connected cars have clear benefits and expected exponential growth in the foreseeable future.
Orchestration of the components inside a car
We already mentioned that modern cars are equipped with numerous digital devices. Electronic control units (ECUs) have replaced mechanical and analog modules. Even the simplest cars have at least 30 ECUs, and more expensive models contain up to 150 ECUs interconnected by a maze of various digital buses - Controller Area Network (CAN), FlexRay, Local Interconnect Network (LIN), Media Oriented Systems Transport (MOST), Ethernet.
Nowadays, the trend is to produce cars which are connected and autonomous thanks to the availability of new technologies and the digital transformation process which has heavily impacted the automotive ecosystem.
The number and type of connections is increasing under the term V2X (Vehicle-to-everything):
- V2V (vehicle-to-vehicle) – Information sharing between vehicles to prevent collisions, avoid hazards and traffic congestion;
- V2I (vehicle-to-infrastructure) – Communication between vehicle and smart infrastructures to increase traffic efficiency and prevent accidents;
- V2P (vehicle-to-pedestrians) – Safety alerts to pedestrians and other road users;
- V2N (vehicle-to-network) – Any kind of communication used for infotainment purposes or for delivery of services such as Fleet Management, Car Sharing, Insurance telematics, car manufacturers;
- V2G (vehicle-to-grid) – Communication between electric vehicle and the power grid.
It is important to take into consideration that the latest vehicle is connected in real time to multiple services using different channels and protocols. These connections can be used as entry points to launch attacks on both the vehicle and service providers with severe consequences.
What is vehicle hacking and how it applies to the reality?
In 2015, researchers Charlie Miller and Chris Valasek became concerned about cybersecurity and began researching the topic in a Jeep vehicle. As a result, they found a vulnerability in the telematic navigation unit, with the help of which they remotely "climbed" inside the car and decrypted messages that were traveling over the secure network. Miller and Valasek were able to remotely take control of the car: they began to indulge in windows and wipers, and then completely threw the car into a ditch. They could also adjust the speed and turn the steering wheel. As a result of this hack Fiat Chrysler had to recall 1.4 million vehicles to create a security patch. This was the first serious public case - after which the auto industry began to take cybersecurity more seriously.
How else can you get into a car and what can you do with it remotely?
Two researchers demonstrated how a Tesla car - and possibly other cars - can be hijacked remotely without requiring any physical interaction. With a drone carrying a Wi-Fi dongle they were able to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters. They claimed the exploit worked against Tesla S, 3, X and Y models. In the following update Tesla patched the vulnerabilities.
In the next decade, especially after the global rollout of 5G networks, the available technology stack will change significantly. At that stage techniques and tactics of hackers will also become more advanced.
Enhancing safety and security of connected vehicles
“We must point out that the more we improve the customer experience, the more we introduce technical complexities that bring also high-risk technologies. In fact, we can consider a modern vehicle as a network of computers moving on wheels and as any other connected IT is vulnerable and if abused can lead in the worst case to safety consequences.” - says Gianfranco Vinucci, Chief Operation Officer at PCAutomotive.
The most important process and technical requirement for the companies involved in the production supply chain of automotive is to systematically assess risks and vulnerabilities in the early phases of development including the requirements, concept, design and development phase.
Here are the ways for OEMs and suppliers to check if their product meets key requirements of relevant security standards:
- Application Security Assessment. The main goal of the assessment is to get information about vulnerabilities, weaknesses and quality of security mechanisms existing in applications used by OEMs, Tier-x suppliers, and any automotive service provider.
- V2X Security Assessment. The V2X test is conducted to identify design issues and possible implementation defects. But equally important is the modeling, analyzing, testing, and evaluating the security threats to V2X – both to protect the drivers and occupants.
- Embedded and aftermarket systems penetration test. This type of assessment is a deep security research of components in a laboratory environment. The goal is to reveal security flaws, vulnerabilities and the quality of software and hardware security mechanisms and controls.
- Vehicle Penetration Test. Conducted in a cybergarage full vehicle penetration test uses black-box approach which allows to validate whether vulnerabilities discovered by analyzing a specific component can be exploitable.
- Compliance check. The service allows companies to ensure that they adhere to all required laws, such as UNECE WP.29 cybersecurity regulation 155 and the ISO/SAE 21434 standard, which are mandatory now for OEMS and suppliers.
Summing up we would like to add, that the industry is shifting away from mechanical genius and prioritizing electric cars, computing technology, and connected systems. Vehicle connectivity is a natural and predictable step to autonomy and V2X infrastructure. Dozens of partnerships, associations, and acquisitions are fueling the automotive industry, and there are more to come to ensure better, safer transportation.