Skip to main content

Technologies to protect connected cars ‘not being utilised’

A three-year study by IOActive’s Cybersecurity Division has found half of vehicle vulnerabilities could allow cyber attackers to take control of a vehicle - and 71 per cent are ‘easy to exploit’. The research, detailed in a whitepaper, Commonalities in Vehicle Vulnerabilities, is based on real-world security assessments. Technologies which could be exploited include cellular radio, Bluetooth, wi-fi, companion apps, vehicle to vehicle (V2V) radio, onboard diagnostic equipment, infotainment media and Zigbe
August 10, 2016 Read time: 3 mins
A three-year study by IOActive’s Cybersecurity Division has found half of vehicle vulnerabilities could allow cyber attackers to take control of a vehicle - and 71 per cent are ‘easy to exploit’.

The research, detailed in a whitepaper, Commonalities in Vehicle Vulnerabilities, is based on real-world security assessments. Technologies which could be exploited include cellular radio, Bluetooth, wi-fi, companion apps, vehicle to vehicle (V2V) radio, onboard diagnostic equipment, infotainment media and Zigbee radio.

The white paper provides a metadata analysis of the many private vehicle security assessments IOActive has conducted since 2013 and includes an analysis of the impact, likelihood, overall risk and remediation of vulnerabilities IOActive consultants have discovered over the course of thousands of testing hours.

According to report author Corey Thuen, senior security consultant at IOActive, there are some idiosyncrasies between sub-categories of automotive and further between automotive and IoT or ICS/SCADA but, in general, these embedded computers are all using the same technologies under the hood. They all suffer from many of the same problems and challenges.

He continues, “The connected car is forcing automotive companies to become much more than automotive companies. They must now be database managers, cloud providers, enterprise network operators, etc., etc. Taking the car into the future means having to learn all of the lessons that Microsoft, Google, or Apple have learned over the past 15 years. The plus side, however, is that along the way these companies documented the bumps and bruises and now there are really great roadmaps and resources for implementing security.”

Jon Geater, chief technology officer, 596 Thales e-Security, said: “To help defend against certain cyber-attacks, and protect the integrity of the supply chain, connected components require clear authentication processes. While vehicle OEMs and their suppliers have recognised that cryptographically-based digital signatures provide the strongest form of authentication, this also necessitates the management and protection of certificates and the underlying keys. The rapid increase in connected components has created the need for broad-scale secure key management, supported by a public key infrastructure.

“Adding even further complexity, vehicle-to-vehicle and vehicle-to-infrastructure communications, although first introduced in 2017 production vehicles, will soon become the norm, requiring manufacturers to identify and implement the necessary technologies to protect drivers, passengers and the wider community from cyber-attackers.”

Thuen concludes, “The technologies needed to protect the connected car against cyber attack are already in existence, they just aren’t being utilised.”

For more information on companies in this article

Related Content

  • Nacto urges NHTSA not to let automakers 'off the hook' on VRU safety
    July 24, 2023
    Senior transport leaders want changes to proposed federal rules on vehicle safety ratings
  • 5G or not 5G?
    April 16, 2019
    Just a few years ago, there was only one solution in terms of communications protocols for delivering vehicle connectivity. Now, road operators and vehicle manufacturers face choices – including a moral choice, perhaps. Jason Barnes looks at the current state of play There is a debate raging in the ITS world over future communications protocols. Asfinag, Austria’s national strategic road operator, has announced it will from 2020 be using ITS-G5 to support cooperative ITS (C-ITS) applications (‘First thin
  • Top 5 trends in vision technology
    June 24, 2021
    Artificial intelligence and deep learning algorithms are among the major trends having an impact on road traffic enforcement, according to leading companies in the vision sector
  • Inrix aids authorities in dealing with data
    August 18, 2015
    New traffic data products and services have been launched to aid transport and urban planners and business with detailed intelligence on journey patterns, reports Jon Masters. Manual travel surveys ought soon to become a thing of the past for transport planners and the business community. The technology now exists for getting sophisticated levels of traffic and trip data from connected vehicles. Cars and commercial fleets carrying a GPS device, or a mobile phone or smartphone are the sources of the informat