The automotive sector is undergoing significant evolution with almost every car manufacturer looking to make the driving experience of its customers similar to the ones we see in sci-fi movies. Although we are still not sure when the first level 5 self-driving car will be on the roads, connected cars are already an everyday reality – many just don’t realise it.
In a fairly short time, our cars have gone from being inanimate bits of metal to four-wheeled infotainment systems, parking assistants, and virtual mechanics. While unknown to many, these are connected cars. They provide crucial digital services and collect data along with it. And this demand for connected vehicles only looks to grow with Gartner predicting that there will be more than 740,000 autonomous-ready vehicles in the global market by 2023.
Yet, in-line with the growth of connected cars is the rise in probability of data breaches and cyber-attacks on everything related to the cars. While there are currently very few known serious cyber-attacks targeting vehicles in the UK, there are several privacy and security vulnerabilities that automotive manufacturers and customers must be aware of when engaging with the new age cars.
Facing down security vulnerabilities
While the number of cyber-attacks on vehicles in the UK may be few and far between, globally the numbers are growing. This is because, as with any connected device, security flaws do exist, and they can be taken advantage of. These flaws are compromising both the physical security of the car and the valuable data these vehicles produce and transmit to manufacturers and service providers.
One famous example of this was back in 2015 when two hackers (and security researchers), Charlie Miller and Chris Valasek hijacked a moving jeep with a Wired journalist in the seat and drove it off the road. Fiat Chrysler recalled 1.4m vehicles in response. Although less dramatic than being driven off the road, Mercedes-Benz users found their connected car app was pulling information from accounts not their own due to a coding flaw.
“Haulage vehicles too are becoming increasingly connected and the opportunities here are perhaps even greater than those in the consumer space.”
For instance, lorries using V2X technology (vehicle-to-everything) will be able to speak to depots about their exact whereabouts, traffic conditions and state of their cargo – all invaluable information for those in the trade. What this also means is that hackers could compromise vehicles with precious cargo, rerouting them into the wrong hands.
As V2X communication becomes more widespread, cars will share data with traffic management and parking control systems, hazard warning systems and emergency services, plus infotainment services. And with vehicles constantly sending and receiving information in order for these services to operate effectively, the hugely increased number of access points and transmissions puts data at greater risk than ever.
Safeguarding personal data
“These services demand the use of sensitive personal data, from payment information to confidential insurance details, meaning a ‘chip to cloud’ approach to security must be adopted.”
This in turn, involves safeguarding data at every point of its journey between the car and network, while every connected component onboard the vehicle must form part of a ‘community of trust’.
The most effective way to do this is by using a global private mobile network to underpin the ecosystem. This allows much more secure and reliable control over data capture and management capabilities, so that manufacturers, dealers and service centres can offer better, more tailored services to their customers, while giving the organisation more control over the performance of the network.
“Combined with the use of embedded SIM (eSIM) technology this also makes critical software updates easier to roll out, which in itself has security benefits that shouldn’t be underestimated.”
While over the air (OTA) updates can be carried out without needlessly disrupting the driver or requiring a trip to the dealership, car owners should also be given full control over the data stored locally on their vehicles. Digital identity solutions can be stored on the SIM, ensuring that only trusted communities have access to data. Moreover, these trusted communities do not have access to all the data – they can only access the data set that is necessary for them.
As the automotive industry continues to look at ways to innovate, data will play a key role in this. It is important that the data stays safe and is processed in a secure manner. With the rise in the threat of security breaches, car manufacturers must take the right precautions to assert control over their vehicles and safeguard the data in their possession. End-to-end secure connectivity and trustworthy platforms are need of the hour.
Discover more about how privacy and security can be ensured in the age of connected cars.