Get in Touch
Get in Touch

Blog

Ensuring privacy and security in the age of connected cars

April 8, 2020

Damien Stephens   

Associate Vice President at Tata Communications

As the world becomes increasingly connected, so too do the opportunities for criminals to hack their way in. Here Damien Stephens looks at how one can mitigate against these threats to ensure a bright future for connected cars.

Ask somebody what the future looks like and chances are they’ll describe a scene straight out of a movie: robot butlers, sci-fi style pod houses and driverless cars ferrying people around a clean, utopian landscape.

R&D investments and tests done by automakers worldwide might suggest that autonomous vehicles are on the verge of becoming an everyday reality. But we’re still some years off from that sci-fi movie scene.  It will be an evolution too: from today’s connected cars to future driverless vehicles. As more and more cars get connected, securing them against cyber-attacks is crucial – the industry must get this right in order for autonomous driving to become a reality.

Keeping hackers at bay

People often forget that the increased connectivity already in connected cars on our roads comes with a heightened risk of nefarious activity. IoT devices are often targeted by hackers because many have security vulnerabilities by design. Connected cars are seen as a high-value target by hackers because in a fairly short time, vehicles have gone from being relatively dumb lumps of metal to four-wheeled boxes of highly sophisticated computers – with sensors, transmitters and connectivity, capturing a wealth of often sensitive and personal data every second.

“Cyber criminals are interested in compromising both the physical security of the car and the volume of valuable data these vehicles produce and transmit to manufacturers and service providers.”

Automakers often rely on third parties to supply the systems that add connected functionality to their vehicles, but vehicle makers must impose their own security standards to ensure there are no hidden vulnerabilities that hackers could exploit. In the most extreme cases, the larger potential attack surface presented by a connected vehicle could in theory allow somebody to unlock and steal it, or even potentially take over the controls of a vehicle in a worst-case scenario. This may sound far-fetched, but this scenario has been demonstrated by security researchers under controlled conditions.

With cars now creating, storing and communicating more data than ever before, manufacturers and service providers must take steps to ensure that breaches and other privacy related incidents are kept to an absolute minimum.

Connecting cars with the wider IoT ecosystem

As V2X (vehicle-to-everything) communication becomes more widespread, cars will share data with the wider IoT ecosystem too, including traffic management and parking control systems, hazard warning mechanisms and emergency services, infotainment services and even your smart home. But with vehicles constantly sending and receiving information in order for these services to operate effectively, the hugely increased number of access points and transmissions puts data at greater risk than ever.

“These services demand the use of sensitive personal data, from payment information to confidential insurance details, meaning a ‘mobile-edge-to-cloud’ approach to security must be adopted.”

This involves safeguarding data at every point of its journey between the car and network, while every connected component onboard the vehicle must form part of a ‘community of trust’.

It starts with equipping the SIM cards which enable connectivity in vehicles with encryption, so that both data in motion and at rest is protected – in other words, safeguarding data both on the network and at the device level. Through ‘communities of trust’, automakers could create multiple secure ‘vaults’ within the car to which only the vault owner – such as a dealership or the vehicle owner – have access. Through this approach, the automaker could gather data through the SIM in its vault to ensure the car is operating safely, the dealership could use the SIM for keeping track of maintenance logs, and the vehicle owner could trust that his or her private information stays private.

 For an additional layer of security in vehicles, more and more car manufacturers are also adopting embedded SIM (eSIM) technology. eSIMs make critical software updates easier to roll out, over the air (OTA), without needlessly disrupting the driver or requiring a trip to the dealership.

Data = power

Like the smartphones of today, connected cars will gradually collect all kinds of user data to provide a smooth and personalised experience, so when it comes time to sell a vehicle or just to hand it back to the rental company, all personal details should be wiped to prevent misuse – just like restoring a phone to its factory settings.

“With the imminent proliferation of low-latency 5G networks acting as a catalyst, connected car services are only going to gain more traction and usage will become more widespread.”

As connected car technology becomes more advanced, the data gathered by each vehicle will potentially hold more power. Insurers will take advantage of more sophisticated sensors to gather information on things like driving competency, vehicle use and even potential alcohol consumption, which can then be used to inform decisions the company makes.

Although discounts on premiums and other similar benefits may help to convince drivers, they are unlikely to feel comfortable using such closely integrated services with embedded monitoring unless they’re totally convinced the technology is secure.

It’s clear that the automotive industry is on the edge of a hugely exciting time but there are also challenges in the road ahead. For connected and then autonomous vehicles to be a common sight on our roads in the future, totally secure connectivity and trustworthy platforms must be developed and embraced by all.

Discover more about how existing cars can be retrofitted to be connected here.