Challenges in securing connected vehicles

We have already mentioned the challenge of connected vehicles, and how they can be attacked remotely or physically.

There is an immense need to isolate remote connectivity with the internal communication in-vehicle. Usually, remote connectivity is limited to certain specific components in vehicles, eg the infotainment system should not have access to the in-vehicle networks such as the CAN and FlexRay.

The AUTOSAR recommends that automotive cyber security architectural design must consider the issues of how to isolate, deploy and manage these connectivity interfaces in a secure way.

What are the other challenges?

Over-the-air updates

Over-the-air refers to the technological way of delivering software and firmware updates to devices via wifi, mobile broadband and built-in functions in the device operating system (Infopulse 2019).

The intelligent transportation system demands connectivity of vehicles and communication from vehicle-to-vehicle/infrastructure. Hence, connected and autonomous vehicles are the future.

In general, vehicular connectivity is very similar to that of computers – they have a very complex software architecture and a variety of applications to enable some of the new enhanced features. As time goes by, this software needs to be updated with new bug fixes or security patches to prevent discovered vulnerabilities.

In the automotive industry software updates are crucial as vulnerabilities could be very dangerous for the safety and security of passengers. The challenge is that every vehicle cannot be brought back to the garage each time there is a patch available. Many companies/researchers are working to find ways for secure over-the-air updates.

Low computational power

The computation power of vehicles is low due to environmental conditions, such as humidity, vibration and temperature. The embedded computers (ie ECUs) are designed for specific functionalities. Therefore, the computation power by design is less, which can be an advantage for the attackers as they can leverage the power of better computers. Also, as technology becomes more advanced and the vehicles become dated, this makes it even easier for attackers to hack a vehicle.

Difficult to monitor

It is not feasible to monitor the vehicle if it is not connected. Whenever there is a problem with your car, you need to go to the garage for possible diagnostics, which can be very inconvenient.

What if the vehicle is connected all the time and all the updates and diagnostics are done remotely? 

Cost

Software testing is considered one of the most expensive phases in software development. To make a vehicle secure, it is important to perform exhaustive testing. Companies would need to employ more people and change their entire development process in order to incorporate security from the very beginning.

No safety without security

Just one infected car on the road represents a potential hazard for all the surrounding vehicles, and each new security vulnerability exposes new safety issues. It is important to secure all the functionalities of a single car to protect the rest. 

Data privacy

With the advances in autonomous vehicle technology, more and more personal information (such as ID, position, biometric information) will be recorded in the vehicle and uploaded to the cloud. It is a challenging task to protect the integrity and confidentiality throughout the data transmission to prevent it from being intercepted or accessed by an unauthorised entity.

In the final course for this module, we expand on some of the above challenges and explore other issues, like artificial intelligence in connected and autonomous vehicles.


References

Infopulse (2019) How to Design Secure OTA Firmware and Software Updates for Modern Vehicles. [online] available from https://www.infopulse.com/blog/how-to-design-secure-ota-firmware-and-software-updates-for-modern-vehicles/ [17 December 2019]

Further reading

You may wish to read the following source: McAfee Labs Threats Reports.

Share this article:

This article is from the free online course:

Automotive Cyber Security: An Introduction

Coventry University