Safeguarding Against the Vulnerabilities of Connected Cars
Typically, when referring to use of Internet of Things (IoT) devices, a majority of us only think about many small sensor-equipped devices that tend to be used in homes, hospitals, business as well as in other industrial settings. However there still remains much larger and much more complex IoT devices: connected vehicles.
As connected cars get closer to their primary goal of being fully autonomous vehicles, they are assuming more and more of the characteristics and technologies that are generally associated with IoT devices: sensors that read the environment and upload data for analysis, receiving information about considerations such as the distance between vehicles, proper speed, weather conditions, and even how and when to make a turn. Information is constantly being created and relayed back and forth. These telematics systems, all enhanced through internet connectivity, are designed to improve the driving experience and bring drivers new and modern possibilities. Many of the jobs that used to be the responsibility of the driver are now taken care of via connected applications and advanced driver assistance systems (ADAS) that gather information from built-in sensors that notify the controlling server of exactly what’s happening at any given time.
There is a mostly positive outlook regarding a future where driverless cars are the norm. However, similar to other IoT systems, connected vehicles are also susceptible to hacking, data corruption, remote hijacking and more. Data security is essential to safe driverless vehicles. And while all hacking and data corruption is bad, the potential outcome of a hacking assault on a moving vehicle poses much higher risk than that of general data collection or theft. Think of the potential immediate life-threatening damages posed by the hacking of a connected vehicle moving at 30kph. The consequences are grave and obvious.
It may seem like hacking into a car would be much a more complex operation than hacking other IoT devices such as a lighting system or thermostat. However, the approaches to attacking vehicles is very similar to that of hacking connected household devices. Both upload and download data using a local or cellular network, and so both are similarly vulnerable; if hackers are able to access a household device, they can in theory access a moving vehicle as well.
Truthfully, hacking a vehicle might even be easier than hacking a home thermostat. To hack a device in the home, a hacker needs to gain access to the cellular or home network connected to the device. Generally, they attempt to gain this access by accessing user credentials, perhaps by posing as a service technician on the phone, or by an email phishing scam. This network is the only real access point for hackers to gain access to home devices.
Connected cars, unlike home IoT devices, have many more access points that be vulnerable to attack. A hacker could potentially manipulate a vehicle via it’s infotainment systems or digital cockpit, a USB connection, Bluetooth connection and of course its cellular network, either built into the vehicle or via its cell phone connection. Attacks could even come through the vehicles tire pressure monitoring system, sending an ADAS signal that tells the driver they have a flat tire, directing them to pull over on the side of the road in a remote location, opening them to risk of danger from thieves. Information security is now a crucial element making the difference between safe and unsafe travel.
Vehicle insurance companies are also taking these connected considerations into account. Usage-Based Insurance (UBI) is a telematics insurance product that can be installed in a vehicle at the drivers’ discretion. UBI usually functions by downloading a mobile app or having a device plugged into the vehicle’s system. The app or device tracks the behavior of the driver and feeds this detailed information back to the insurance company. Depending on the company, insurance premiums may be decided upon based on a number of driving characteristics such as rate of accelerations, turning speed, etc. UBI benefits both insurers and drivers by reducing risk for insurers and reducing premiums for drivers.
Safeguarding these vehicle IoT systems is already big business for companies who specialize in preventing connected car hacking. Developers are creating defenses against vulnerable infotainment or telematics units by detecting operating system anomalies, preventing malware installation and developing programs that stop attacks from spreading from one vehicle system to another.