We are steadily moving towards a future where high connectivity is becoming the industry standard. This is why data security in connected cars has become a concern.
This is largely due to the increase in consumer demand, fueled by the convenience that IoT (Internet of Things) connected vehicles can offer.
This consumer demand makes sense when we consider the long-term benefits of driving or owning connected vehicles. Here are just a few of them:
- A connected car enhances the experience of owning or using a vast array of apps and services that pair seamlessly with the smartphone the user owns;
- Passenger and driver safety is increased and hazards are more easily avoided;
- The driver has more control over the vehicle as well as its remote diagnostics;
- Many routine tasks, such as parking, can be automated or partially automated;
- Potential problems with the vehicle can be detected much earlier and money on fuel can be saved when the most efficient route is always chosen.
Consumer fears despite connected car innovation
Although the global connected car market is expected to surpass $219 billion by 2025, with 60% of automobiles will be connected to the internet, the industry is still facing challenges in its quest to become fully mainstream due to its main drawback: consumers’ fear of cyber attacks.
We all know that the increase in connected devices, whether vehicles or other devices, automatically increases the number of entry points and opportunities for criminals.
Considering the often very serious consequences of such attacks, this consumer fear is legitimate and needs to be addressed both by the IoT industry but especially by connected vehicle manufacturers if the industry wants to gain full consumer trust and adoption of their products and keeping their data safe.
Current safety status of connected cars
Indeed, protective measures are being taken to set data security standards in other areas of data exchange.
For example, the General Data Protection Act (GDPR) has made a significant difference to how we experience web browsing and any interaction that involves the processing of personal data.
However, IoT service providers are not currently required to comply with any additional security laws or standards.
While some are calling for specific government legislation, there are already several companies working on solutions to increase the security of connected devices.
It is not yet clear exactly what the impact will be on our personal privacy as we embark on this connected future. What is clear, however, is that if car manufacturers themselves do not step in with some clear technologies to prevent data hacking, mismanagement or data privacy breaches, the connected car industry will continue to struggle to be accepted by the general public.
So what are the automakers themselves doing these days? Crucially, what else needs to be done to reassure users that their data is safe?
What can car manufacturers do to ensure data security in connected cars?
1. investment in hardware security
Typically, the vehicles we are most used to seeing and driving on a daily basis have not been equipped with any kind of hardware security in the car’s own electronics.
This is because the car was never originally designed to have an open system that could be connected to external systems such as IoT devices. Instead, the car system should be a closed system.
Because of this, as soon as you connect the vehicle to something external, there are not enough protections (e.g. a firewall) in place against malicious parties.
This is solved in new cars by installing something called a secure gateway.
For IoT devices, no interaction could happen with the vehicle without first passing through the secure gateway, making the exchange of data between two parties significantly more secure.
2. Investment in software security
With the continued rise in cybersecurity incidents, automakers need to incorporate an approach to data security in connected cars that takes into account not only the obvious exposures in the car’s software, but also the hidden vulnerabilities that can be introduced by open-source software components.
Connected car software code is extremely complex to say the least, with the average car software based around 100 million lines of code.
With so much complexity comes many opportunities for vulnerabilities and an increased risk of malicious attacks from cybercriminals.
Nowadays, it’s not uncommon to hear about malware specifically designed to detect flaws in car software.
Today, several renowned car manufacturers and their software suppliers deploy testing tools that include safety assessments on static and dynamic software.
In connected cars, these tools are used to identify coding errors that can result in software vulnerabilities and opportunities for hackers and criminals to enable or disable certain features remotely.
While these tools are effective in detecting bugs in the code written by the connected car manufacturers’ own in-house team of developers. They are not effective in identifying open source vulnerabilities in third party code.
This leaves many of the key components of today’s apps exposed, due to the fact that they are made by developers working for external IoT providers rather than the carmakers themselves.
3. User awareness and consent
In addition to protecting the car’s hardware and the vehicle’s software, it is important to emphasize the responsibility of connected car manufacturers to alert users to the importance of which devices they allow to be connected and for what purpose.
This is where user consent needs to be obtained and regulations such as the GDPR rigorously enforced.
Third-party IoT providers must clearly define why they want to interact with connected cars and what they plan to do with any data they get from the automobile, but it is the job of manufacturers to assure users of the security of their data.
Eval & Thales technology partnership: bringing trust to connected cars
As we look to our increasingly connected future, we can be sure that the relationship between vehicles and IoT is only likely to increase in complexity.
With a dedicated approach to data privacy and security, any risks of cyber attacks or misuse of data in connected cars can be significantly mitigated.
The IoT industry is growing at an exponential rate now. Traditional car companies need to adopt a safety-first approach.
This approach is necessary to take advantage of the huge strides technology can make in the lives of drivers and road users through connected vehicles.
With more than 20 years of experience in connecting vehicles, Eval and Thales’ customers benefit from their leading position in mobile connectivity standardization, serving more than 450 mobile operators worldwide.
Global automotive connectivity solutions and remote management greatly reduce supply chain complexity for automotive manufacturers while enabling easier end-user experiences over long vehicle lifecycles.
Eval and Thales’ solutions enable the use of end-user subscriptions for infotainment services in mobility and provide the technical capability for infotainment/telematics connectivity.
Leveraging proven and advanced expertise in digital security and IoT, Thales Trusted Key Manager provides connected car manufacturers with support for digital transformation, ensuring the end-to-end security of the automotive ecosystem.
About Eval
EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.
