Skip to content ↓ | Skip to navigation ↓

As certain as the changing of the seasons, the drive toward autonomous cars is gaining pace. Changes in the car industry clearly demonstrate that the way we use our vehicles is evolving. In an increasingly connected world, our cars are becoming an important part of our lifestyle. But a question mark keeps hanging over the process. Are we, and the data we use, truly secure?

Not All Drivers Are Convinced

Car users are very accepting of modern technology generally. We are warming to the idea of electric cars and consider it almost a duty to buy green cars that cut down on fossil fuel emissions. When it comes to connectivity, however, drivers are less sure.

In the same way our personal computers and online devices are at risk from external influences and threats, so it is that we are understandably worried about similar attacks on our vehicles. Especially that, as proven by Charlie Miller and Chris Valasek in their hacking experiment, such attacks can happen even while cars are in use.

It is already clear that locking mechanisms on modern cars are vulnerable. Well-equipped and informed hackers can access and steal even the very latest prestige luxury in moments.

Is the next stage to start attacking cars on the roads?

Connected Cars on the Road

To function properly, autonomous and connected cars must communicate with other vehicles (V2V) and ultimately, for example, roadside beacons that transmit information and guidance (V2I). This makes cars vulnerable; the one aspect of connected cars that might attract future users of Internet-of-Things powered cars is the prospect of enhanced safety. These vehicles will use IoT to help avoid accidents and control a wide array of on-board safety technologies.

Today’s cars, even before autonomy really becomes mainstream, are effectively mobile computer systems with ECUs and many lines of code. Even now, and despite public reservations, business and industry are using connected cars to offer logistical, consumer, and business services, but so far, car manufacturers are behind the eight ball when it comes to protecting our personal data.

Security Protocols

It has been clear for quite some time that hackers could attack the network protocol that connects everything in the car. If they can do that, then all the on-board technology from airbags to parking sensors to safety systems are at risk.

The major problem is that controller area networks that connect various ECUs within the system of a car are usually connected to external networks such as 3G or 4G mobile networks. This is where an external danger may wirelessly sneak in.

Today, various secure in-vehicle protocols for controller area networks are being developed in accordance with current CAN specifications. However, all of these subsystems involve a certain level of risk. For instance, ICS-CERT warned against denial-of-service attacks in the CAN Bus protocol and suggested limiting access to ODB-II input ports on connected cars as a recommended safety measure.

To prevent the increasing threat of DoS attacks, ID Anonymization for CAN (IA-CAN) protocol is ensuring security via filtering messages and sender authorization. It helps to block the unwanted message modifications and replay attacks.

Except for various spin-off protocols like CANOpen and DeviceNet, communication in connected vehicles can be provided by Local Interconnect Network. This alternative can be implemented with lower costs, but its bandwidth is generally considered low. FlexRay is another relatively newer protocol used for high-speed synchronized data communications. With higher data rates and a stronger real-time guarantee, it is a promising but also a more expensive solution.

There is also a clear need to develop built-in cyber-security solutions via the cloud that will act like a series of defensive positions, one backing up the other.

The Risks to Infotainment

Vital to the question of security in connected cars is the vehicle’s infotainment system. This is where we connect ourselves to the outside world for business and for pleasure. It is imperative to develop defensive software that can holistically protect the car’s network, overseeing communications and thus being in a position to protect against any network intrusion.

The plain fact is that because the development of a new car model takes several years, it is conceivable that the technology contained therein is not the latest thing and is thus more at risk. With our smartphones, tablets, and home computers, we can routinely update security software as a matter of course. The question has to be asked: Will we be able to do the same with our in-car infotainment and safety systems?

Although truly connected cars are not yet with us, it has already been demonstrated that cars can get hacked by outside sources. Brakes can be made to fail, and LiDAR and Radar systems can be switched off with possibly potential accident dangers and risk of theft.

It is known that, already, car makers themselves can harvest information like call and location data remotely from their products, and this is likely to be a fact completely unknown to the hapless consumer.

Should We Be Worried?

We as car buyers are already being asked to relinquish control of our vehicles whilst maintaining the usual drivers’ alertness. No matter how successful trials and tests may be, there remains a great deal for motor manufacturers to do to convince the public to let go of the wheel.

Once they have established the motorist’s rapport with the vehicle, they will still be required to show that our safety and our personal data can be truly protected. Drivers will not buy into anything less.


Author bio: Giles Kirkland is an experienced car expert who constantly researches on the latest studies, cutting-edge findings, and perspectives for the future of the automotive technologies. Keen on expanding his own knowledge as well as increasing other drivers’ awareness, he writes about security and safety in driving.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.