As drivers become acclimatised to the additional features in connected cars, they must come to terms with the notion that the data stored within their vehicle is also accessible remotely. Where cars were once seen as private spaces, the act of opening them up to opportunities afforded by the internet brings with it a multitude of security risks that need to be addressed.
Exercise caution when introducing connected systems into vehicles
Dr Walter Buga, Chief Executive at Arynga, recognises the need for caution when introducing connected systems into vehicles. In a presentation in part 3 of Automotive World’s GENIVI-sponsored “The Internet of cars” webinar series, Buga discussed the dangers associated with bringing online platforms into the car, and suggested a few ideas that could help the automotive industry to safely navigate the online environment.
“You have external connections which include OBD ports that can be used to hack the car, along with a number of other parts,” Buga explained. “Once a hacker compromises one device, he can take complete control of the car. This is very scary, because some of these things are not yet designed to be secure.
“The complexity is high because you have multiple connections,” he continued. “These include car to car, car to OEM, car to enterprise and car to infrastructure.”
Asked whether the automotive industry has the resources to deal with security threats on its own, Buga added that while some OEMs are on the right track, others will need to seek help from experts in other fields.
“The automotive industry needs to start by looking at the requirements in production, which starts with silicon,” said Buga. “You have to have security in the silicon. Some vendors may not implement that, even though nobody except for them can implement it. This should be a requirement.
“Security companies understand this. There are a number of companies that understand the space and they have to work with the OEMs, starting from the requirements and design architecture through to implementation.”
However, Buga also stressed the need for regular updates and system management to ensure that car companies installing connectivity in their vehicles can always be one step ahead of malicious hackers. “It has to be updated and constantly managed, because hackers look to compromise a system. OEMs should be able to respond to their threats.”
OEMs are hiring external security experts…
Patrick Kelly, Senior Solutions Architect at Detroit-based Mentor Embedded, said there is a wide and growing availability of security-related career opportunities at OEMs in North America.
“I’m seeing a couple of trends in the North American automotive industry,” he said. “One is that every company is looking for security experts. You can go straight to the OEMs here and you’ll find that they are very focused on security. A lot of the experts are newly transferred in from other areas of expertise, so many people in the industry are learning about security. There are a lot of open positions, and if you’re a security expert you can walk right in.
“The other trend I’ve seen is automotive manufacturers opening design centres in technology hotspots like Silicon Valley in California, to draw additional expertise specifically in the area of security. So they are expanding where they’re casting their nets, and certainly there are more open positions in this field than there are people to fill them.”
…but the industry already has security talent
Meanwhile, Andreas Lindenthal, Technical Director at Wind River, felt that the automotive industry is capable of handling in-car security, with existing OEMs either relying on internal talent or branching out to partners with security expertise.
“The security threat needs to be resolved inside the automotive industry,” he stated. “The same approach we have seen in the past when tackling safety can be taken with security. All the ingredients are already available, with some OEMs working on solutions already. Others know how to handle this through their partners, and are working with them in order to develop specialised security solutions.”