Skip to main content

Study reveals major concerns over the security of connected cars

New research has revealed that half of British drivers (49 per cent) are concerned about the safety of the connected car, with automotive manufacturers also admitting there could be a security lag of up to three years before systems catch up with cyber threats. The report, commissioned by Veracode and carried out by the International Data Corporation (IDC), revealed half of drivers are concerned about the security of driver-aid applications, such as adaptive cruise control, self-parking, and collision av
March 2, 2016 Read time: 4 mins
New research has revealed that half of British drivers (49 per cent) are concerned about the safety of the connected car, with automotive manufacturers also admitting there could be a security lag of up to three years before systems catch up with cyber threats.

The report, commissioned by Veracode and carried out by the International Data Corporation (IDC), revealed half of drivers are concerned about the security of driver-aid applications, such as adaptive cruise control, self-parking, and collision avoidance systems, reflecting an equal level of concern with the safety of the entire vehicle.

As the ability for drivers to download applications to navigate, park, communicate, conserve fuel, self-park or other driver enhancements will revolutionise the automotive sector, IDC projects the total market for automotive-related internet of things in 2016 is worth $140.3 billion.

Yet exposing a car to the internet makes it vulnerable to cyber attacks which could render the car unstable or dangerous, such as the 2015 demonstration where a Jeep Cherokee was totally taken over by security researches while driving at more than 70 mph on a US freeway. The security implications impact vehicle manufacturers, component manufacturers as well as independent software vendors (ISVs), all of whom are racing to keep up with driver demand.

As applications continue to drive greater functionality across connected devices, concerns over safety and cyber security become paramount for manufacturers. The research highlights several cyber security approaches being taken by manufacturers to reduce risk across a number of application-driven connected car systems, including performance, dashboard and smartphone connectivity, as well as driver aids.

Combining driver sentiment with in-depth interviews from organisations such as 1674 Fiat-1958 Chrysler, Seat, 570 Scania, 7207 Delphi and German industry body ADAC, the paper sheds light on key questions, such as: What are the cyber security implications of the connected car? Who is responsible for ensuring the applications are secure? Where does product liability lie? What are the issues and approaches for personal data and privacy?

Key findings include: Driver downloaded applications pose a security challenge - all manufacturers interviewed reported concerns around the security of critical systems being exposed to applications they did not develop, creating situations where the safety of the vehicle would leave the control of the manufacturer; Manufacturers should be liable for safety of the connected car - 87 per cent of drivers polled believe all aspects of safety, including resiliency of applications to cyber attacks, rests with manufacturers, regardless of whether an in-car application was developed by a software company or the car manufacturers themselves;  Manufacturers do not feel they need to worry about driver data privacy. However, 46 percent of drivers are concerned about this issue, particularly as applications continue to integrate. For example, as navigation system evolve to find, reserve and pay for parking automatically, the potential for leaking credit card information and other personal data arises.

According to Chris Wysopal, CTO, Veracode, “Exposing a car to the internet makes it vulnerable to cyber attack due to poorly written software, which could render the car unstable or dangerous. Building a secure application development programme is a significant challenge for manufacturers, which is compounded by the need to do so under the microscope of government-regulated safety standards and liability concerns.”

Duncan Brown, research director, European Security Practice, IDC said that manufacturers cannot afford to be complacent when it comes to application and overall system security within vehicles. “The positive implication from our research is that the market for downloadable applications is large, spanning the entire market of drivers of all ages and genders. Manufacturers should increase their focus on how to secure applications that enhance car functionality, such as the many driving aids currently being developed.”

“Cybercrime is increasing at an alarming rate.  It is essential that public safety is uppermost in the minds of innovators and that risk is reduced to the minimum level possible,” former Defence Secretary Dr Liam Fox MP added.

Related Content

  • January 30, 2015
    Security loopholes found in BMW’s connected drive
    On 30 January, security loopholes in BMW vehicles equipped with connected drive technologies were revealed. Believed to affect 2.2 million BMW vehicles worldwide, these flaws in the software allow thieves to unlock doors and track car data through a mobile phone without leaving a trace. The Federation Internationale de l'Automobile (FIA) has long advocated for secure, open networks for vehicle connectivity. Vehicle manufacturers have argued that only closed networks can be truly secure. In fact, the loop
  • January 20, 2017
    Automotive software developers call on hackers to find its flaws
    A consortium of US researchers has announced the development of a universal, free, and open-source framework to protect wireless software updates in vehicles. The team issued a challenge to security experts everywhere to try to find vulnerabilities before it is adopted by the automotive industry. The new solution, called Uptane, evolves the widely used TUF (The Update Framework), developed by NYU Tandon School of Engineering Assistant Professor of Computer Science and Engineering Justin Cappos to secure
  • July 28, 2015
    Nokia’s Here Maps sold to BMW, Daimler and Volkswagen
    After months of negotiation, Nokia sells the HERE Maps division to the German consortium, BMW, Daimler and Volkswagen for US$2.71 billion, according to the BMW blog. The3 news has yet to be confirmed by Here or the other auto makers. The deal would see HERE Maps turn into an open platform, which all car manufacturers can use for navigation and mapping inside vehicles. The three German car makers plan to offer the platform to Fiat Chrysler, Renault, Peugeot, Ford, Toyota and General Motors, allowing them
  • February 3, 2012
    Cooperative infrastructure an aid to environmental aims
    Speculate to accumulate Andras Kovacs looks at how the historical focus of cooperative infrastructure on safety can be oriented to aid emerging environmental aims