For over a century now, the biggest concern that remains for motorists is the theft of their vehicles. This concern is reaching soaring heights for the emerging automotive and connected cars market. Auto-thefts no longer require a person to pick locks or be physically present to steal a car. The cars that are becoming a part of the connected automotive mobility (CAM) sector can be hacked just like any other IoT device. According to a recent report, post the COVID-19 outbreak, the global connected cars market size is likely to reach USD 166.0 billion by 2025 from previously predicted USD 53.9 billion in 2020. The FBI has warned the CAM manufacturers to be prepared for a wide range of malicious cyberattacks that will result in ransomware infections and critical data breaches. The UN’s new cybersecurity regulations have made it mandatory for car manufacturers to secure connected cars against cyber threats and attacks. The secretary of the UN World Forum’s Working Party on Autonomous and Connected Vehicles, François Guichard says, “If consumers get their car hacked, the manufacturers will be ready to take action and respond.” It has also been predicted by the forum that by 2030 the auto industry will be spending about $9.7 billion on cybersecurity, which is nearly double the present cost.

Theoretically, the attackers can disable key functions such as steering or brakes through radio or telematics systems, and can even access microphones to listen to drivers’ conversations. They can also sneak in through external devices such as phones, key cards, etc., that are linked with the car’s electronic card unit (ECU).

Cybersecurity solutions for connected cars

Upstream is an automotive cybersecurity company headquartered in London with presence in the US, Israel, Germany, and Japan. Upstream’s automotive cybersecurity solutions are based on AI, machine learning and cloud analytics. Their security c4 (centralised connected car cybersecurity) platform establishes a communication between data centres and on-the-road vehicles to detect and interpret threats in real-time. The clients are also provided with a real-time visual dash-boarding experience as well as up-to-the-minute alerts of the threats.

Paris-based Thales Group provides 24/7 future-proof cloud-based car connectivity services. Their cybersecurity solutions entail cellular IoT connectivity modules, M2M grade e-sim cards, and remote subscription management. The automotive grade M2M technology provides cellular IoT connectivity to both the drivers and the passengers. The company’s cellular LTE connectivity solutions allows car manufacturers such as Audi to provide low latency and high speed car connectivity. The e-sims are designed to endure rough weather conditions such as extreme heat, humidity and so on, thus providing flexibility to the users to swap networks and service plans. Their solutions also facilitate V2X (vehicle to everything) connectivity for the entire lifecycle of a car with a provision of making encrypted e-calls in an emergency situation globally. According to an automotive cybersecurity report of the company, the annual auto threat incidents have gone up by 605% since 2016. As per the report, the top three attack vectors are keyless entry systems, backend servers, and mobile apps.

In 2016, a Norwegian security firm, Promon, conducted an experiment by creating a free Wifi hotspot and asked the participating drivers to install their app on their phones. After the installation, the company noted that the app was very quickly infected with malware and gave the hacker the ability to control the participating cars. 89% of the respondents said that they would not know if their device was hacked. The researchers also found that Tesla cars can be easily tracked, located, and stolen by hacking the apps.

Currently serving Germany, India, and the US, Promon delivers its services to its tier-1 clients. Promon’s patented deep protection technology also known as Promon Shield secures the firmware and software applications of the connected cars. The company also encrypts data transmitted to and from the car, both at rest and in motion, and extending security based on the car’s lifecycle. Their shield app is a robust solution in safeguarding the apps that connect cars and their OEMs.

Deloitte, a global management consulting firm, believes that the car manufacturers should follow a ‘secure by design’ model with a multiparty collaboration. Deloitte aims at creating a cyber-minded culture where the car owners and manufacturers are well versed with the malicious cyberattacks. They also want the organizations to make cybersecurity a part of their DNA. The company will train and assist its clients in data discovery and protection, strategizing third party attacks, and assessment frameworks, and benchmarking.

Trend Micro, a connected car cybersecurity player, found that 90% of android apps are vulnerable to malicious cyberattacks. Hackers try to monitor unmonitored network ports and exploit them to the fullest. Their Deep Discovery Inspector provides 360 degree visibility and 24/7 security to its clients and drivers.

What’s next?

The next in line for the future of cybersecurity is extending support throughout the lifecycle of the cars, and follow the saying ‘prevention is better than cure. In a report published by the EU agency for cybersecurity (ENISA) and joint research centre (JRC), the chief scientist at Vdoo, Ilya Khivrich says, “Resilient and safety-critical systems nowadays must be designed with a potential attackers’ perspective in mind. This problem is especially complicated for systems reliant on machine learning (ML) algorithms, which are trained to behave properly under normal circumstances, and may respond in unexpected ways to engineered manipulation or spoofing of data they receive from the sensors.” This is quite a challenging situation for the OEMs across the world and it is time they bridge the gap between the ill-intentions of the attackers and the vulnerable car owners. Although it is a tall ask, there is no way around it.