Connected vehicles are easy prey for cybercriminals

by René Bader

21 January 2020

An aerial view of a highway and clouds at night

Interfaces in connected vehicles are a potential entry point for attacks and therefore a risk that needs to be secured. The problem is that trucks and passenger cars are moving at snail's pace in terms of IT security.

One of the first, and best-known, attacks on a connected vehicle took place in 2015. Security specialists hacked a Jeep Cherokee while driving through a vulnerability in the infotainment system and paralyzed it. From a distance, the experts succeeded in taking over various control functions such as acceleration, braking and steering. 

This is just one example. The reality is that there are more and more potential gateways for cybercriminals. All interfaces in a vehicle connected to systems in the outside world – for example through GSM, 3G, LTE or 5G networks – can also be hacked. 

Connected vehicles are driving innovation, but not without challenges

With trucks, for example, to be fully connected in the coming years, this is becoming increasingly challenging for manufacturers. The advantages of a connected truck are of course highly desirable. The route, load and vehicle status can be continuously monitored in order to make any logistics business more efficient. In the future, trucks will also be able to travel the roads completely autonomously. Developments in the passenger car sector are similar. Thanks to connected ecosystems, in the near future, cars could exchange information on weather and road conditions, traffic density, or free parking spaces increasing safety and user comfort.  


The downside? These advances depend on rolling data centers which provide numerous points of attack for hackers and must be protected accordingly. If security risks are constantly monitored and remediated quickly, it’ll be easier to bring weak points under control. 

What’s more, once a vulnerability has been discovered, OTA (Over-the-Air) solutions can help to deploy software updates and patches on a broad basis. However, manufacturers must consider that only approved updates are installed and cannot be manipulated during transmission before they are pushed onto the electronic control units. Another issue is securing the cloud connection. For these new services, the secure connection to the internet, bi-directional data and information sharing between the vehicle and communication partners (like backend systems, third party service providers, or other road users), as well as access to highly scalable data storage, processing and analysis functions are crucial.

Can SOCs keep connected cars safe?

To lower the potential risk in such an ecosystem, a Security Operation Centre (SOC) is needed, acting as a central location in which all security-critical incidents are identified and processed in a coordinated manner. Safety-relevant data from the vehicle environment – such as information from sensors and components, as well as the connected backend systems of the vehicle manufacturers – is collected centrally and enriched with data via threat intelligence. Potential cyberattacks are detected directly in the vehicle and related events are transmitted to the SOC anonymously, which then structures the collected data from the large number of connected systems. Machine learning and predefined scenarios help identify anomalies and make concrete recommendations for action. 

Traditionally, car and truck manufacturers have focused heavily on functional safety when driving. IT security has so far played a subordinate role, although vehicles are now essentially rolling computers. The industry must tackle the issue of cybersecurity much more strongly to protect vehicles in the future. Trucks are already technologically more advanced, and cars should follow suit as quickly as possible. At this point, vehicle manufacturers should invest in the proven procedures and technological approaches of the IT industry. A professional team of security specialists who evaluate different sources for new weak points and identify methods and tools of potential attackers will be helpful.
 
Rene Bader

René Bader

Manager for Critical Business Applications and Big Data