5 minute read
Keep connected vehicles safe from hackers
The sector is becoming increasingly linked, with people, vehicles and infrastructure all talking to each other, so we need to know how to stay safe from criminals
Here’s a thought that's scarier than Jack Nicholson in The Shining: Every form of electronic data communication or storage is vulnerable to attack. An even scarier thought is that vehicle communication is arguably more serious because of the potential to cause accidents. Most of the issues are technical in nature, but there’s also an important social question of who will work on these vehicles and whether they’ll be careful with that data. Equally, for technicians and workshop managers/ owners, you’re being entrusted with the personal data of your customers, so you should have appropriate systems in place to keep everything away from prying eyes.
Why? Because in the same way that most of us now store considerable amounts of personal information on our smartphones, some cars hold a treasure trove of details, such as:
Hi honey, I'm home! Now where do you keep your data?
• Who you know (address books)
• Where you go (GPS data)
• What you spend (banking information)
• Everything you do and who you know (social media)
• Who you work with and their personal details (emails)
Vehicle software updates are another area in which it’s crucial for the work to have a high degree of integrity.
Keep connected vehicles safe from hackers HOW TO...
Everything everywhere all at once
The vehicle of the future will not only be able to connect to the internet, but be an essential part of a range of systems that will allow it to connect to other vehicles (V2V) , its surroundings (V2X), and even the electricity grid (V2G).
Vehicle-to-vehicle (V2V)
V2V communication opens up the possibility of remote control driving and cooperative manoeuvres. Data collected from vehicle cameras can be collated to create maps that include real-time updates about accidents and temporary roadworks. Because of the higher bandwidth of 5G, large, high-resolution map tiles could be uploaded and downloaded as needed. This enables greater coordination and cooperation between vehicles to reduce congestion and improve traffic flow. Pedestrians and cyclists can also be linked in through portable devices.
Integration into the Internet of Things (IoT) also unlocks a host of vehicle-related services. For example, a cloud-based alert could warn drivers within ten seconds if there is a wrong-way driver approaching – a lifesaver in the truest sense of the word.
Vehicle-to-everything (V2X)
V2X enables connected and automated driving in the future, where vehicles can communicate easily with their surroundings, as well as with one another. There is no common standard yet, but it’s possible to create an all-in-one central control unit for V2X data communication.
Cars can then use the Wi-Fi networks available in cities, while they can communicate using cellular networks when outside of the city.
It’s expected that the number of connected vehicles on the roads in Europe, the United States and China alone will exceed 470 million by 2025. Initially, most vehicles will connect directly to the Cloud. But increasing numbers of vehicles will soon be able to communicate directly with one another, as well as static road features such as traffic signals, road construction sites, pedestrian crossings and buildings. They will then be able to alert one another to potential hazards such as the tail end of a traffic jam, accidents or icy conditions.
Vehicles will also be able to take advantage of a traffic light’s ‘green wave,’ because they will know when the next set of lights is going to turn green. The vehicles can then adjust their speed accordingly to ensure the traffic flows more smoothly.
When it comes to alerting a driver to another vehicle that’s about to pull out in front of them from a side street, every millisecond counts. This kind of critical information must be communicated in real time using highly reliable technology that’s always ready for use, even if that means the resulting data transmission costs are greater.
Vehicle-to-grid (V2G)
V2G technology allows electric vehicle batteries to store energy then discharge it back into the electricity network when it’s most needed, perhaps during times of peak demand such as early evening. During this time, a small amount of energy is taken from connected vehicle batteries and then returned during times of lower demand, such as overnight. Some of the energy stored in the battery is effectively sold back to the market to help with fluctuating supply and demand.
This two-way exchange can result in several economic, environmental and operational benefits, but this will only possible if the vehicle is connected.
Safe as houses
Securing the vehicles of the future is a big challenge – at least when something goes wrong with your home computer, ‘crash’ is only a metaphor. A recent survey found that almost all of today’s cars include some form of wireless technology that could be insecure. To make matters worse, most manufacturers may struggle to determine whether or not their vehicles have been hacked.
Physical attacks via onboard diagnostic devices have shown that it’s possible to manipulate systems such as steering even while cars are moving. So for effective cybersecurity, all connected vehicle systems must have these mutually reinforcing qualities:
1. Security
Prevention is better than a cure, and effective risk management begins by preventing system breaches in the first place.
2. Vigilance
Hardware and software can degrade, and the nature and type of attacks can change. No level of security is perfect, so security must be continually monitored to ensure it remains secure and check if it’s been compromised.
3. Resilience
When a breach occurs, there must be a system in place to limit the damage and re-establish normal operations. The system should also neutralise threats and prevent further spread.
Luckily, help is at hand through the Publicly Available Specification (PAS) standardisation.
PAS 1885 helps all parties involved in the vehicle lifecycle and ecosystem understand how to improve and maintain vehicle security and the security of associated transport systems. This specification sets out fundamental principles that describe how to provide and maintain cybersecurity in relation to reducing threat and harm to products, services and systems within increasingly connected and collaborative intelligent transport ecosystems.
The concept of an automotive ecosystem encompasses:
• Vehicles
• Related infrastructure, including roadside and remote systems that provide services to the vehicles, their operators, occupants and cargo
• The human elements, including vehicle owners and/or operators, designers, manufacturers and service providers.
The PAS applies to the security and functional safety aspects of the entire automotive development and use lifecycle, including specification, design, implementation, integration, verification, validation, configuration, production, operation, servicing and decommissioning.
A whole-lifecycle approach is required to tackle all the risks that will arise from a constantly changing threat landscape to protect vehicles and vehicle-related systems once they have been delivered to the market –which is where we come in.
It’s good to talk
An Application Programming Interface (API) is a piece of software that enables applications to talk to each other. They play a key role in security because they are used to control access to devices and software functions.
For example, if you use a scanner with a dongle that connects to the Diagnostic Link Connector (DLC) then you are using an API that allows the software on your computer to talk to the vehicle. Another way to describe an API is that they are the hooks that allow vehicle applications to interact with other apps.
