Infosec expert viewpoint: Connected car security
A recent Irdeto Global Connected Car Survey found that of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack. The desire to consider cybersecurity when purchasing a car was most prevalent with younger generations aged 25-34, with 62% stating they would conduct this research.
Here’s what infosec experts think about the security of connected cars, what manufacturers should do about it, and how consumers should protect themselves.
John Grimm, Senior Director of IoT Security Strategy at Thales eSecurity
As adoption of connected cars and development of autonomous, self-driving vehicles soars, there is a tremendous business opportunity, but only by designing in the right data security features can automakers be trusted to deliver a safe and secure new means of driving for consumers. Above all, data protection strategies must include equipping original equipment manufacturers and their suppliers with the right technology to enable trust in connected vehicle security.
Connected component authentication is a solid starting point. Preventing unsecured components from interacting with vehicle systems and introducing malware or providing a pathway for an advanced attack can be mitigated by ensuring that all components are authenticated and legitimised. The use of HSMs, for example, along with supporting security software, enable manufacturers to give each connected component a unique identification to construct the foundation for an effective root of trust.
Protecting data-in-transit is also key. Encrypting telemetry and other data transmitted to and from the vehicle to support vehicle maintenance tracking or a vehicle-to-vehicle/infrastructure ecosystem, provides protection against data theft and other threats to the privacy of that information. Digital certificates and the associated key pairs that are used for authentication can also be used to negotiate symmetric session keys to encrypt data-in-transit to protect it between two communicating entities.
To ensure the integrity of software and firmware updates, and defend against the risks associated with malicious code tampering, the code must be signed using a best practice-based methodology. Increasingly, organisations are applying more rigor to protecting private signing keys, including use of hardware security modules (HSMs), as signing key protection is often a weak point in a code signing and software release process.
Joe Pindar, Director of Product Strategy at Gemalto
Security is one of the biggest challenges all connected environments face, but this is particularly evident in connected cars where personal safety is at risk should something go wrong. It’s vital the automotive industry incorporates a security by design approach – protection must be implemented from the initial design stages right through to the physical prototyping.
Furthermore, like any connected device, authentication, encryption and key management strategy should be deep-rooted into the end user-facing process. Leaving an encryption key unprotected is like leaving the keys to your house under the doormat, so manufacturers must ensure this can’t be done. This also needs to be reinforced when looking wider, in particular in terms of car sharing and car rentals. Two-factor authentication will add that extra layer of security to passengers and prevent intruders from taking possession of the vehicle.
For end users, the first thing they can do to protect themselves is demand that manufacturers put in place the security requirements that’s been mentioned. If their customers stand up and demand something, you can be certain that manufacturers will listen or they could face losing revenue as people walk away from them.
It’s also important that people educate themselves on how to protect themselves, how to keep personal information safe and how to use things like two-factor authentication. Security can only go so far, it’s vital that end users embrace it.
Assaf Harel, CTO at Karamba Security
Car manufacturers want to deploy a security in depth solution, but they have to choose between fundamentally different security strategies.
One quick and easy path that some have already started to deploy is a hardware gateway. The goal of the gateway is to separate the externally connected controllers (such as the infotainment and telematics systems) which are prone to attacks from the rest of the controllers of the car. With that gateway the goal is to isolate the attack and even if hackers succeed to compromise the executive externally connected controllers, the gateway will block commands to manipulate the car’s safety systems, such as the brakes and steering wheel. The drawbacks are that it requires a hardware architecture change to the car’s network – an attack to the infotainment alone can still cause a recall.
The second alternative security strategy is network intrusion detection. It’s a software program that resides on one of the car’s controllers. It listens to the car’s traffic between all controllers, creates a profile of normal behavior and detects anomalies in the traffic behavior. The advantages of this approach are that it’s derived from data center cybersecurity approaches, and it is a software solution that offers a one-point installation in the vehicle. The big drawback however, is it is based on heuristic algorithms that are prone to false positives. False positives may interfere legitimate commands, hence compromise customer safety. In addition, it requires continuous and frequent malware signature updating. The industry is not organized to provide such frequent updates, even with over-the-air updates in place.
The third alternative, and arguably the most effective and pragmatic, is hardening externally connected controllers (infotainment, telematics, V2X) according to factory settings. This prevents any unknown instructions, which can only represent malware from executing while allowing any legitimate safety commands to operate as designed. Thus, this solution enables prevention with zero false positives. Additional advantages are it is a software solution that requires no updates and prevents future attacks, which would deviate from factory settings. It’s also easy to install, because there are only four externally connected controllers that need to be installed.
Sameer Dixit, Senior Director Security Consulting at Spirent Security Labs
Vehicle security will become an even bigger concern for automakers and consumers. In today’s vehicles, there are hundreds of integration points with third-party products and services, and with public infrastructure—and each point represents a potential attack vector. Automakers must begin to design and build security into the vehicle from the ground up—rather than adding it at the end.
This means starting with an architecture review of all designed components in order to understand their cybersecurity implications. Automakers can then move forward with secure coding best practices; they would confirm code through a source code review; and finally they would create real-world threat models, using vulnerability assessments and penetration testing to identify and minimize risk.
Consumers also play a role in securing their vehicles. Bluetooth connects smartphone apps with information and entertainment systems in the car, and Bluetooth is easily hacked. Like a home or corporate network, drivers should question every new app before downloading it on their mobile device or to their vehicle. They need to be aware of—and change from factory presets—encryption keys for the car’s Wi-Fi settings. They should open links only from trusted parties and never share authentication and authorization information. No one in a connected world can completely avoid threats—but they can be prepared to minimize the risk.
Daniel Thunberg, Global Head of Connected Transport at Irdeto
The increased connectivity and complexity in modern vehicles is resulting in new risks and threats to personal safety, security and privacy. As the attack surface increases, it is important to mitigate against these threats by leveraging best practices from other industries as well as utilizing a defense in depth architectural approach to the overall security of the vehicle.
Ultimately, the responsibility of security falls to the auto manufacturers and suppliers, and consumers are beginning to become more aware of the security risks associated with connectivity in today’s automobiles. A recent survey conducted by Irdeto found that 53% of consumers across the globe are likely to research the car’s ability to protect itself from a cyberattack. This clearly indicates that cybersecurity will be a key factor for many consumers when they are purchasing their next vehicle, which should be a call to action for manufacturers to make security of their connected cars a priority.
As a result, it is important for automakers to implement a multi-layered, defense in depth strategy so their brand is not perceived by consumers as one that does not take security seriously. By implementing security at the beginning of the design process, tech-savvy automakers who take a proactive approach to security will not only stay one step ahead of hackers, but will show consumers that they are committed to their safety by employing a proper security approach.