The connected cars are already in the market and generating significant revenue for car makers and tech companies. Connected cars aren’t all that new: the sensors, telemetry, and even performance data have been part of automotive for years. The average new car in 2015 contained more than 30 microprocessors, and the cyber security of those embedded systems is severely challenged by in-vehicle Internet connectivity.

Connected cars offer drivers a multitude of benefits and smart options, such as enhanced engine controls, automatic crash notifications, and safety alert, along with apps that allow owners to interact with their vehicle from any distance. Whereas, it is increasing cyber threat at its peak. The traditional cyber security strategies and technologies are not enough to defend a connected car that is only capable of handling basic functionalities like central locking and braking. The new safer approach is the big rising challenge to avail connected car facility securely. That must include the protection of the entire network, including not just technology, but the people and processes.

Over the past years, there has been a significant rise in the number of connected cars on the road. As internet integration becomes more common, automobile companies are also looking ahead to make the most of it. According to research by Business Insider, over 380 million connected cars will be on the roads by 2021. The market position of cars today is equivalent to the mobile phone back in 2010. The forecast for the year of 2016, around 78 million cars are going to be shipped, from which 15 million will be connected cars. These numbers are going to rise rapidly and will reach to 69 million connected cars in 2020.

These statistics prove that the world is about to be facing a new threat in coming years that will be costly and life threatening as well. As connected cars, plug into various differently situated networks, they become more vulnerable to hackers. Connected cars imply the rise of vehicle-based new apps, which inherently increase the threat of vehicle hacking.

In consideration to expected growth and current security aspect of connected cars, the situation is worse. Simon Moffatt, director Advanced Customer Engineering at ForgeRock said, “The average security level within these vehicles is equivalent to that of IT systems and computers from the ’80s, with limited encryption, data protection, and identity management.”

How much worse it can get?

Tracking Your Moves

High-tech features and connectivity that are providing luxury ride are also enabling tracking. The system can see each and every movement through GPS active features. It makes easier for an intruder to trace you, or track your routes. Nobody wants to be tracked by others for any purpose; it’s a matter of privacy that can be easily breached by any hacker, as high-tech features and connectivity come as a standard in most of the new vehicles.

Infographics by Arxan on threats associated with the connected cars.

Ransomware

Ransomware has already affected millions of systems around the world; people are finding ways to fight ransomware. Every new technology brings ransom threat if it is incapable of protecting one’s privacy and data. With advanced features in cars, people will be encouraged to install more applications for their entertainment during their ride. A single installation of a malicious application can be life threatening; the attacker can disable a vehicle that can cause serious disruption. Ransom can be asked by hackers to release the victim’s car. A hacker can disable different cargo trucks and for potential revenue loss due to time delay; companies might be pressurized to pay the ransom rather than risk more significant financial losses.

Personal Data Leak

Personal information is the main aspect for which whole cyberspace community is struggling to make it secure and inaccessible to unauthorized people and intruders. The connected car is initiating major security flaw through its connectivity that enables personal devices to connect to the car’s system.

A breach in car system can expose all the personal devices as well. Connectivity to the car’s system is putting personal data at risk that no one can assure to prevent if car system is hacked. Providing access point to connect personal devices to an inappropriate channel like to connected car is similar to allowing hackers to steal your personal data while traveling.

No development is made related to the security aspect:

All the security flaws associated with the connected cars can be easily fixed. But the bad news is that it is either being done slowly or not at all. The main reason behind this is the lack of knowledge and adaptability of the automobile manufacturers; they are new to the software and lack experience in handling hacking and malware.

Infographics by Arxan on threats associated with the connected cars.

Ethical Hacking Training – Resources (InfoSec)

Trusted Driving Experience

Due to lack of necessary management and protection system to defend personal devices and cars system to be infected by the user installed a malicious app, connected cars are creating a big cybersecurity flaw to deliver a trusted and personalized driving experience. A single malicious app installed by the user can disturb or simply disable the crucial system in the car that can cause fatal accidents or data loss without being noticed. This is the primary requirement for any car to provide trusted driving experience without any threat, which is being compromised due to connecting to the internet.

Software Update and maintenance:

Connected cars will be needed regular maintenance, as complex applications and systems are being installed. Any lack of appropriate patch can cause hacking to the car. Moreover, continuous software releases will be the threatening to the developers and the car owner as well. By 2021 these cars will be used by the majority so that any lack ness will affect the system and the owner.

Recent high-profile events, such as July’s remote hack of a Jeep or the uncovering of vulnerabilities in BMW’s Connected Drive system earlier this year, illustrate how easily plug-in devices and user installed applications allow remote exploitation of vehicle security. Among these, the following raise the acutest concerns:

  • Wi-Fi, the internet, and LTE connectivity introduce long-range attack surfaces that leave the vehicle’s network open to remote access and physical attacks.
  • Many devices have poorly secured connection encryption, allowing widely understood exploitation techniques to be used remotely to hack into a vehicle’s network architecture.
  • In conjunction with the growth of official plug-in devices, there will be an increase in ‘black market’ devices that present unregulated functionality (such as the ability to ‘fake’ telematic readings), often with the increased security risks associated with malicious software.

Infographics by Arxan on threats associated with the connected cars.

The connected cars are completely reflecting a new potential cyber security threat until strong security countermeasures are taken in order to protect the car’s system along all the associated personal devices. The world is moving towards internet of thing which will be providing services beyond expectations. Connected cars are one of its initiatives that need an adaptation of more secure management systems for a successful future.