We’ve all seen the sci-fi films – connected cars flying around cities controlled by onboard robots. These films seem like they’re set in a distant, futuristic world, however, this world may not be as far into the future as you think. In fact, the first ‘flying car’ is already on pre-sale and due to go into production in 2019!
It’s safe to say these flying ‘cars’ will be well connected – even more so than their ancestors from today.
Connected Cars – The Car of the Future
A ‘connected car’ is a car that has a connection to some form of external network meaning they are actually part of the ‘Internet of Things’ family. The Internet of Things consists of any general day-to-day object that connects to the internet. The sole purpose of doing this? To make life easier and more convenient. As is evident from the image here, the number of IoT devices is showing no sign of slowing down, in fact, it will only grow.
A connected car will have some form of embedded SIM, therefore, allowing external communication with the owner and other 3rd parties. Usually via an App.
As car manufacturers provide vehicles with all manner of connected features consequently the attack surface increases massively. They need to be addressed as potential vulnerabilities. These features can include:
- In-house app-based sat-nav systems
- Connectivity to music streaming services and smartphones
- Automated dialling of emergency services in the event of a serious collision
- Autonomous Emergency Braking
Similarly, many owners can install their own connected devices such as black box tracking devices for insurance purposes. Furthermore, many cars now have on-board wi-fi, meaning that they essentially become wi-fi hotspots. This opens up all manner of possibilities in terms of what they can connect to. Or more worryingly, what or who can connect to them!
We saw with WannaCry, that criminals are beginning to transition from ‘threat to data’ to ‘threat to life’ to extort money. We understand that WannaCry wasn’t an NHS specific attack, but the perpetrators don’t care who is hit.
Connected, autonomous cars sound great, but we’re opening ourselves up to real risk IF they aren’t secure from outside influences.
Whilst IoT, including ‘connected cars’ is opening up a world of opportunity for manufacturers, it’s also opening up a world of opportunity for criminals to dream up new ways of extorting money from their victims.
It’s important that car manufacturers are working closely with their counterparts in the IT Security industry. No longer only to protect their networks but now their cars too.
Connected Cars – The Risks
To prevent risk, firstly you need to identify what the risk is. ITB Partner, McAfee is one of the vendors leading the way when it comes to securing the next wave of connected cars. During their research, they have identified several potential risks…
- Vehicle-to-Infrastructure (V2I)
- Vehicle-to-Vehicle Communication (V2V)
- Malware Vs Exploit
- Spam & Advertising
- Third Party Apps
- Key-Fob Hacking
- Personal Data
- CBD-II Hacking
The full description of each can be found here but we have put together a quick overview of the risks below
Vehicle to Infrastructure
Connected cars communicating with road signs and other traffic infrastructure will certainly improve road safety and security. Think Speed Warning Vehicle Activated Signs and Traffic Lights. But what if hackers gain control of these systems remotely? The potential to cause harm doesn’t bear thinking about.
Vehicle to Vehicle Communication
Vehicles infected by Malware, transferring their ‘infection’ to other cars. Sounds far-fetched, right? But if a vehicle can communicate with another to alert it to a potential collision then why can’t it transfer Malware using the same method?
Malware Vs Exploit
If cars are connecting to external devices such as smartphones, they are vulnerable to infection. It is entirely possible in this situation for a connected car’s ECU (Engine Control Unit) or IVI (In-Vehicle Infotainment) system to become infected.
Personal Data Theft
Back in 2015, the average car had 100 sensors on board. By 2020 this will rise to 200. As cars become more connected, they will create more data and this will increase further as they become autonomous. Autonomous cars will create a range of data including financial, personal trip information and entertainment preferences. Hackers can then use this data to launch Social Engineering based attacks.
Spam & Advertising
Unwanted Spam and Advertising are a distraction at the best of times. But whilst driving? We’ve also all heard of malvertising, haven’t we?
Third Party Apps connected to cars are a great convenience, although almost certainly vulnerable. If you can use a Third-Party App to unlock your car, then a hacker can gain access the same way. If they can break into your app, they can break into your car.
Key Fob Hacking
This is a technique that has been around for a long time but will become more prevalent the more hackers become aware of the security flaws associated with ‘connected cars’. Criminals can use a jammer to block the signal from the key to the car to prevent the owner locking it, as a result, leaving the car a prime target to be stolen.
OBD-II (On-Board Diagnostics) Hacking
For the non-petrol heads amongst us, the OBD module is used by garages to diagnose potential issues with the vehicle. Again, this isn’t new, but the more tech-savvy of us can use highly skilled hacking techniques to emulate the OBD port to create fictitious speed and RPM values or even control the car.
These are just some of the risks to the connected car. There are though many more examples we could give.
It’s an exiting time to be around with huge possibilities in terms of where we can take technology. However, we also have a responsibility to ensure that security is at the forefront of our thinking when developing these fantastic applications and IoT devices.
Thankfully, vendors like McAfee are investing heavily in R&D to ensure that we can use the connected devices of the future (including cars!) safely.GO BACK