Automotive manufacturers are constantly looking for ways to evolve and improve the driving experience of their vehicles, making them more leisurely for consumers. Remote functions from apps, improved infotainment systems and keyless locking or start/stop systems are just a few of the features that have now been included on a vast number of modern vehicles, not just expensive, luxury models. It is predicted that all vehicles will be ‘connected’ by 2026.

However, as the development of technological engineering in vehicles increases, so does the risk of security breaches from hackers. Despite the improved driving experience, numerous risks for the vehicle’s security are now a threat for the drivers; this article aims to cover the potential risks and the security implemented to prevent such attacks.

What are the risks?

With modern vehicles now having accessibility features such as Bluetooth, Apple Carplay, Android Auto and GPS, risks have heightened in the potential for hackers to gain full control of a vehicle, including heating, music, taking advantage of new RKE (Remote Keyless Entry) systems to gain entry to the vehicle and even the ability to turn off the engine remotely which causes obvious concern for the driver’s safety.

These concerns were first turned into a reality and reported in 2015 when a Jeep Cherokee was remotely controlled by two hackers, Charlie Miller and Chris Valasek, taking control of the vehicle’s wipers, radio and finally the engine, bringing the vehicle to a complete stop. If attacked maliciously, there is large concern for the potential theft of data (visited locations etc), the consumer’s safety when driving and unauthorised entry of the vehicle using RKE.

What can be done to prevent this?

Software Updates

Both the consumer and the vehicle manufacturer can reduce the risk of an attack occurring by ensuring the vehicle’s software is up to date with the latest patches. Manufacturers have developed an OTA (Over The Air) system as a solution to this which allows for the latest software updates to be installed remotely.

OTA software updates are automatically installed when the vehicle is either connected to Wi-Fi, a cellular network or when the vehicle is in use. These OTA updates improve the vehicle’s infotainment systems existing features alongside adding new ones, improvements to maps, vehicle’s firmware and software but also patches to strengthen the vehicle’s cybersecurity, ultimately reducing the risk of breaches from malicious threats.

Compliance Frameworks & Certifications for Manufacturers

ISO and SAE have also both come together and issued a joint set of standards, the ISO/SAE 21434 Framework, for automotive cybersecurity engineering, outlining engineering requirements for cybersecurity risk management regarding their concept, product development, production, operation, maintenance and the safe decommission of electrical and electronic (E/E) systems in road vehicles, including components and interfaces.

In addition to this, a mandatory certification of compliance (CSMS) of the cybersecurity management system has been enacted for all manufacturers of connected vehicles by UNECE under their new cybersecurity regulations.

Conclusion

The automotive industry have accepted the need for better security and with the introduction of the ISO/SAE 21434 Framework and associated certification of compliance should help to improve the security of our connected cars.

Like any technology platform or device, there must be a rigorous vulnerability management program in place so that manufacturers can respond quickly to any vulnerabilities or weaknesses in their software that could be exploited by a hacker.

When an update is available, if it not automatically installed – consumers should install them as soon as possible!