In today’s world, vehicles are basically ECUs (Electronic Control Unit) on wheels. With Internet of Things catching up in automotive industry, the race is on for connected vehicles and anonymous driving among the OEMs. The cars are fitted with sensors on every mechanical part, which transmit gigabytes of data every hour giving insights to the OEMs on the performance of the car. Over the years, OEMs are constantly innovating and introducing vehicles with latest technologies like Artificial Intelligence, Self-drive capabilities, etc. Now we can seamlessly connect our cars to the smartphones, get real data on the performance of the car, remotely control the car functionalities sitting in our office or even let the car drive without any human intervention. Most vehicle functions such as steering, acceleration, braking, remote start, etc. are controlled by software containing millions of lines of code. These software are vulnerable to hacking by people who have malicious intent.
Gartner predicts that by 2020, more than 250 million vehicles will be connected globally, with the number of installed connectivity units in vehicles worldwide increasing by 67 percent. This brings us to the main question, is your vehicle safe?
Cyber security is one of the most debated topics since the emergence of IoT. With every device connected to the internet being prone to attack by the hackers, connected vehicles get added to the long list of possible targets. Cyber security in the automotive industry was not a priority initially. It gained attention when researchers demonstrated that the system could be hacked and the vehicles could be controlled remotely. OEMs acknowledged the threats, and are working towards providing a safe vehicle to their customers. With millennial being more tech savvy, demand for connected vehicles is on the rise. People’s acceptance of connected vehicles and autonomous driving will largely depend on the OEMs ability to provide a secure cyber ecosystem.
Risks due to Vehicle Software Vulnerability
Below is a list of possible risks due to vehicle software vulnerability.
- Unauthorized physical access to vehicles: Most of the connected vehicle OEMs have done away with the keys, and have replaced it with remote ignition system which can be operated by smartphones. This feature is very vulnerable as the commands are sent wirelessly.
- Theft of personal data: OEMs use personal data to provide customised experience to their customers. With personal data stored in the car (Infotainment)/ transmitted wirelessly, hackers can gain access to personal information such as Owner Name, Address, Phone Number, Email, and financial information such as credit card information.
- Remotely alter vehicle functions: With most of the vehicle functions controlled by software, gaining access to the vehicle’s functionality could prove fatal. Researchers Charlie Miller and Chris Valasek have demonstrated the vulnerability of the software, by remotely hijacking a Jeep and altering the operations of the car.
- Self-drive feature for malicious activities: Today, more vehicles are boasting of self-drive feature. With vehicles consisting of ECUs, software and connectivity with internet, hacking a vehicle and using it for malicious activity should not be written off. People with malicious intent can go to any extent to exploit the vulnerability in the system.
- Extortion using Ransomware: Ransomware has been used to encrypt the files on computers and hackers have extorted money from users to provide the decryption. With one of the largest attacks of ransomware in recent times, pushing ransomware into vehicles could prove fatal. With more vehicles connecting to the internet, hackers could extort money by pushing ransomware into connected vehicles, leaving consumers with no choice but to pay the amount.
What Should OEMs do to ensure Operational Safety of the vehicle?
With above mentioned risks staring in the face of the OEMs, various steps need to be taken to address these risks immediately. With increasing ECUs in the vehicle, cyber security should be the top priority for the OEMs. Below mentioned steps should be considered to address cyber security concerns:
- Design: The vehicles have to be designed with security in forefront. Providing a fix on a flawed design will still leave the vehicle vulnerable to hacking. Integrating security solutions into the product design is very critical.
- Quality: With software being the integral part of the vehicle, OEMs must ensure strict quality guidelines to prevent any security lapse in the code. Also, since parts are procured from various suppliers, OEMs have to ensure that the guidelines are strictly followed by the suppliers across value chain.
- OTA (Over-The-Air): Implementing security features is not a one-time exercise. It is a continuous process. OEMs must ensure that there is a connected system to provide updates Over-The-Air. This helps in providing quick response/updates to the vehicles in case of any security lapse.
- Driver Guidance: Training the drivers on dos and don’ts is very critical for the success of the cyber security. In-car screen guidance, in-person training are few of the steps that OEMs need to take to ensure awareness on the importance of cyber security.
What should consumers do to protect their vehicle?
Though OEMs ensure that adequate steps are taken to provide security for the vehicles, consumers are also equally responsible for the security of their vehicles. Cyber security will be effective only if users are aware of the importance of cyber security, and avoid behaviours that can make the vehicles vulnerable. Below are a few steps that users can take to ensure safety of their vehicles:
- Software Updates: OEMs can provide updates Over-The-Air, but it is the responsibility of the user to install the patches regularly and keep the software up to date.
- Apps: Users should ensure that they do not install unknown apps on their mobile phones, which are connected to their vehicles. Users should also ensure that they do not install unknown apps on their infotainment system. This could potentially open doors for hackers to gain access into the vehicles.
- Wi-Fi: Users should ensure that they do not connect their cars to unknown Wi-Fi networks. With vehicles connected to unsecured Wi-Fi network, hackers can easily gain access to vehicle data.
Given the nature of such a challenging issue, OEMs and suppliers in the entire value chain have to strive hard to provide a secure ecosystem for connected vehicles. They need to ensure the security of the vehicle operation and data privacy. With technology evolving continuously, OEMs need to assess risks on a regular basis and proactively provide security measures to prevent any exploitation of the security gaps. Users are also equally responsible for the security of their vehicles. OEMs effort in cyber security will be effective to a degree as drivers are aware of the criticality of cyber security.