Is the increase in connected cars security creating a ‘perfect storm’ for hackers?
In recent years connected cars have seen a rapid growth in popularity. As the technology has become cheaper and easier to manufacture, an increasing number of connected features have found themselves integrated into the traditional automobile.
However, because these systems are connected, that means they have the potential to be hacked but are these security concerns affecting consumer decisions? How will manufacturers work to assuage these concerns?
The security concerns that can affect connected cars are vast and range in scale, malicious parties could potentially mine data from the user, use the car’s computers to bolster a botnet, and in extreme cases it could even be possible to take control of the car mid-journey.
In 2015 there were roughly 6.5 million connected cars on the road, in 2017 that number almost doubled to 12.5 million. Gartner estimates that number will climb as high as 60 million by 2020, clearly consumers are interested in the technology but do they feel safe with it?
Shaun Kirby, Director of Automotive & Connected Car, Cisco, told CBR: “Absolutely, there is a concern. This is probably not surprising given some of the things we’ve seen on the news from the early days of connected vehicles. Back then there was a focus on the connection of the vehicles and the potential of that and so they kept them connected to see what they can do, then people began to realise that that connectivity can open up a floodgate of potential threats”
“Remotely, you can take control of a steering wheel or the accelerator of a vehicle and speed it up, slow it down, pull it over to the side of the road. Some types of security hacks were done in the vehicle where you can plug into the port and gain access to a lot of critical control systems, or even just data that’s very valuable and sensitive as well.”
These concerns are not just speculation either, there are several high profile precedents for connected car hacks. In 2016 Nissan was forced to disable the proprietary app for its Leaf line of electric cars, due to concerns that hackers would be able to activate the vehicles air conditioning, draining the battery and leaving the drivers stranded.
The app also gave attackers access to journey data, the fear being that this data can be used to establish a pattern of when the owner is at home, data which could be sold to potential home invaders.
Similarly this year, it was discovered that Android phone hacks could potentially be used to unlock millions of cars. The Russian security firm Kaspersky found that nine connected car apps from seven different companies lacked basic software protection. Kaspersky researchers said that these apps could be used to locate cars, unlock them, and several were even capable of starting the ignition.
A 2016 study from Kelley Blue Book found that whilst 42% of consumers support cars becoming more connected, 62% said that they fear cars in the future will be easily hacked. Despite this issue 66% see any technology that comes in the car is an added bonus and one in three operate on the belief that technology features can make or break their decision to purchase.
The demand for both the connected car and the security protection is clear. Knowing this, how then can manufacturers safeguard against these threats and reassure consumers?
Kirby said: “We can apply a number of different approaches that we’ve done in the enterprise, so basic things like authorisation, authentication, and robust identity management. We can know for sure what that vehicle is, even who the driver is and even down to a more granular level of the vehicle, if you’re adding aftermarket parts we can know whether or not they’re genuine of if they’ve been tampered with.”
“We then of course can apply things like the latest firewall technology to really control what kind of traffic goes in and out of the vehicle, we can do some deep packet inspection to understand if their might be something deep down and malicious inside the network traffic that could cause the problems, whereas on the surface everything looks fine.”
Consumers are also unlikely to take the security precautions themselves, the Kelley Blue Book report found that 44% of people believed that it was the manufacturer’s duty to secure the car, 30% believed it was the mobile and software developers, and just 15% believed it was up to them to take it on themselves.
If cars can be secured this way and malicious attacks on the connected cars can be curtailed, then the impetus should be on convincing consumers of the new and increased safety offered to them. The Kelley Blue Book report also found that only 26% of those surveyed were aware of an instance in which a vehicle had been hacked the previous year.
Kirby Said: “As with other technologies that consumers have adopted, the key is providing the value to the consumer. A good intuitive experience that just feels natural.”
“Other things like making maintenance a lot more convenient will improve the robustness of the vehicle, we’ll have a lot less breakdown issues because we can foresee and fix things during the regularly scheduled maintenance rather than making separate trips. You might not even realise you’re not having to take into the shop as much until you look back and think wow this is great.”
Security concerns for connected cars are an important matter and should be treated as such, with an increasing number of cars with connected features joining the roads every year managing them safely and effectively is imperative. Auto manufacturers and security firms need to be aware of the public’s feelings towards connected cars and work towards engendering trust, particularly as new threats and vulnerabilities are being routinely discovered.
Kirby said: “This is a very exciting time to be in the automotive industry and we believe there is a perfect storm brewing out there.”
“As the number of threats continues to escalate, we’re going to have to escalate faster.”