According to ABI research, 60% of new cars shipped globally will feature connected car solutions by 2017. While this offers countless exciting opportunities for infotainment, there are growing concerns that as these vehicles become more software-based, the opportunity for hackers to get into the car’s system increases.
Evolution of the industry
Indeed, security is one of the major connected vehicle challenges yet to be addressed – and solved. “In reality, today’s IVI (in-vehicle infotainment) systems really cannot deliver a secure connected car. How do you actually architect the system? That’s where our expertise is front and centre for the automotive industry,” says Dan Mender, Vice President, Business Development at Green Hills Software (GHS). The company has been involved in the automotive industry for more than 20 years, and is seeing an increased need for software capabilities in automotive applications.
GHS works with OEMs and Tier 1s to help their customers design systems that are secure and cannot be hacked. The company is actively involved with the National Highway Traffic Safety Administration (NHTSA) on its Security Credential Management System, a defined solution put in place to securely verify the credentials of information shared between vehicles and infrastructure.
The challenge for OEMs is simple: it is not a case of ‘if’ the car will get hacked, it’s ‘when’ it will get hacked, and how bad will it be
Mender explains that IVI systems will take advantage of the fact that the car is connected, but they are not designed in a way that they can provide secure communications: “It’s definitely a holistic approach. The challenge for OEMs is simple: it is not a case of ‘if’ the car will get hacked, it’s ‘when’ it will get hacked, and how bad will it be.”
Specific data about vehicle use is becoming increasingly shared by connected cars today. Hardware can be plugged into the vehicle diagnostics which wirelessly communicates specific vehicle data about speed, location and how often the vehicle is used. This is very specific and personal user information, Mender points out, “but that data isn’t protected.” The car as we know it is becoming more of a software-centric platform, and OEMs now have to look at designing a vehicle as “a system of systems,” he says. GHS aims to design systems that have the security architecture needed to ensure there are no “back doors” that allow an outside source to subvert and take over that system, he adds.
It is very easy to gain access to – and hack – this data, Mender observes. “If someone wanted to go and collect vehicle data from various insurance companies that were using those modules, they could collect that data and use it however they liked. It wasn’t designed with any security in mind, and that is a major problem.”
This “major problem” will be exacerbated as the level of automotive connectivity increases, and the car’s ability to connect with more devices grows. Mender envisions the car of the (near) future being able to generate a profile based on the data gathered from a driver’s movements. This will include recommendations based on where the driver usually travels, their hobbies, and a virtual ‘to-do list’.
“That’s personal data. If the car is starting to learn about a driver’s likes, what they like in the vehicle, the music they listen to, which shops they tend to visit, and where they buy their coffee, it will be gathering a lot of information that is going to become very personal. It all sounds very good, but it could be very intrusive if it is not protected properly,” he says.
Keeping the personal, private
This raises the question, should drivers have the ability to ‘opt out’ of providing social data via the connected car? Implementing a secure ‘opt out’ function, and ensuring that information is not being sent at all, are two different things, Mender suggests. “You can tick a box that says ‘I don’t want this information going up to the Cloud,’ but how do we guarantee that the information isn’t actually being sent?” he asks. “Every time I go on Google and search for a flight, the next time I go on Google it offers me flights for that location because it noticed that I did that. The car will be doing the same thing in future, and drivers are going to be under threat,” he continues.
Predictable, solid, separate
GHS works in tandem with OEMs to consolidate critical vehicle functions with comfort features. Within the area of IVI there are companies like Intel working with GHS to focus on the consolidation of advanced driver assistance systems (ADAS) used in autonomous vehicles. OEMs need to be able to ensure that a comfort feature like IVI does not react in an unexpected way to the critical systems that steer, brake and manage the vehicle’s movement through autonomous driving.
Mender believes that the next step for the industry is to take away the threat of any erratic disruptions to autonomous driving as a result of a system hack, and ensure that systems in the connected car are predictable, solid and separate.