Where automotive cybersecurity is headed in 2019
There are more connected cars than ever — manufacturers are making more of them than ever, more people are driving them than ever, and that means hackers and bad actors have a bigger target than ever. As connected “devices” — albeit the biggest and most complicated of connected devices — vehicles are as vulnerable as any other internet-connected computer, smartphone, or anything else.
Actually, they might be even more vulnerable; there have been numerous incidents in which hackers took direct control of IoT devices — and a vehicle‘s CAN bus is eminently hackable, according to experts. In addition, connected vehicles use more complex software to provide advanced functionality creating new opportunities for malware to take over.
2018, it could be said, is the year connected car security finally got the attention it deserved. Being attacked by malware that steals user credentials to break into a database of credit cards is not pleasant for victims; but a hacker that compromises a connected vehicle‘s braking or steering system could cause a passenger or driver to lose their lives.
It’s not like such life-threatening hacks haven’t happened before. The consequences of a hack attack on connected commercial vehicles are even more substantial, given the function they serve in complex global supply chains, as highlighted by Frost & Sullivan.
What are some of the trends we can expect in connected vehicle attacks — and security — in 2019?
More zero-day attacks
In 2018, the number of reported hack attacks on connected vehicles shot up six times more than the number just three years earlier. Obviously, a big part of this is that there were a lot more connected cars in 2018 than three years before – but because connected vehicles are a bigger target, they are drawing the attention of more hackers, intent on “branding” the space with their own little twist on mayhem.
Thus, a repository of data on connected vehicles lists dozens of different attacks that hackers undertook — like the hacker who hijacked a Tesla 3’s onboard computer to run his own operating system, or a breach in a connected alarm system that could enable hackers to steal vehicles, or numerous infotainment, telematics, and ECU vulnerabilities that could allow BMW vehicles to be compromised – and many more.
And because security measures cannot advance and deploy quickly enough to handle the growing number of threats, most vulnerabilities are unknown until an attack happens, a.k.a. zero-day attacks. With connected vehicle sales going nowhere but up and more and more sophisticated software installed in new vehicles, expect more — and more sophisticated — connected attacks in 2019.
OEMs more concerned – and more serious about solutions
According to cybersecurity firms, connected vehicle risks have grown significantly in the past few years, enough to prompt the FBI to issue a warning, and the UK last December to issue new cybersecurity standards for self driving vehicles. OEMs — the companies that put their nameplates on the vehicles — have begun to realize that it is they that consumers, and regulators, will be looking towards for security answers. OEMs no longer rely only on their component suppliers to solve their security concerns, they are looking towards experts in the cybersecurity field for assistance.
Security companies working with OEMs are taking a variety of approaches, from monitoring the network to examining ECU for anomalous activity. OEMs who haven’t made this a priority yet will certainly do so in the coming year; they don’t really have a choice.
The FTC, the NHTSA, and likely a passel of other government organizations, are examining connected vehicle systems for cybersecurity and privacy issues. Companies found wanting in either area may find themselves faced with the kind of attention they’d prefer to avoid.
On-board intrusion detection and prevention to avoid zero-day attacks
Networks can be compromised or hijacked; by following up on security vulnerabilities, or tricking users into installing malware, hackers can gain control of a network and all of the devices connected to it.
The same holds true for connected vehicles and their internal network. The old tricks — stealing a vehicle‘s credentials (from a dealer or service department,) via phishing scams or via an app, man in the middle attacks, etc. — will not pass from the earth. As these “traditional” cyber threats continue to grow — with new variations discovered on an almost daily basis.
As mentioned, the problem with zero-day attacks in connected vehicles is that the zero-day might mean the last day for a driver or rider. The only sure way to prevent such scenarios is to prevent an attack from occurring in the first place. To do that, OEMs have begun using intrusion detection and prevention systems built into the vehicle‘s systems.
The systems examine the activity in a vehicle‘s system, and if anything does not match its profile, alerts can be sent out that the system has been compromised. Thus, if the activity in the navigation system does not match the expected pattern, it could be an indication that there is an adversary actor at work that needs to be dealt with.
The security system can sometimes prevent the attack, or it could just alert the driver or the fleet operator that attention is needed, enabling them to analyze the threat, and safely stop the car or take other action to deal with the threat. Expect to see more of these in connected vehicles in 2019.
Security operations centers will feature intrusion detection capabilities
Managing and acting upon the growing number of security alerts can become very complex, especially for large fleets. For that reason, a robust Security Operations Center (SOC) is needed to ensure all alerts are analyzed and handled properly. Such SOCs are already operating, and as more connected vehicles with greater degrees of connectivity and autonomy come off the assembly lines, more of these SOCs will be built.
Detection of behavioral anomalies that indicate potential intrusion require sophisticated algorithms that, because of technical and cost limitation, cannot reside in most of the vehicles on the road today. So to be fully effective, SOCs will need to deploy the advanced anomaly detection technology to analyze the data coming from vehicles over the network and effectively detect anomalies and intrusions.
It’s barely been a century since the invention of the internal combustion engine; the issues that concerned manufacturers, OEMs, and drivers then are light years from the ones that concern them today. And over the next decade, vehicles are likely to change much more than they did in the past century. 2019 in many ways could be seen as a “make or break” year for vehicle cybersecurity — the year that the vehicle industry finds the solutions needed to ensure the coming connected and autonomous vehicle future.