A car is not just a car anymore. Sensors and internet connectivity are breathing new life into automotive technology, turning our otherwise mundane day-to-day ride into sophisticated data centers on wheels. At no point in time, then, has automotive information security been more important—essential not only for the protection of data connected to the car, but also for the safety and well-being of individuals and cargo while the vehicle is in transit.
With the number of sensors and devices that provide both automation and internet connectivity onboard modern cars increasing substantially over the last decade, the total installed base of internet-connectable devices in the car has likewise kept pace. Last year, the total value worldwide of all internet-connectable devices installed for the automotive and transportation market was worth close to $1 billion, as shown in the chart below.
The market is expected to more than double in the next five years, reaching over $2 billion, according to the latest findings from the Omdia report, IoT Cybersecurity for Automotive Report – 2020
Security is essential
In today’s connected car, automotive IoT cybersecurity can no longer take a backseat to convenience, especially as hackers can deftly exploit the lack of security and other vulnerabilities in the car’s various connected mechanisms, such as the infotainment system. The potential consequences of a hack are extremely serious, with malicious actors able to go as far as gaining control of the entire car by remote means.
Because of this, protection of the automobile is needed from the chip all the way to the cloud—that is to say, from the semiconductors at the foundational level responsible for the car’s connectivity, extending up to the storage of critical vehicle data in cloud servers housed in giant data-center farms.
Furnishing security also entails the utilization of safe methodologies, which will be essential to guarantee secure over-the-air update capabilities and protect the car from installing updates from illegitimate sources. Finally, to ensure unity and consistency in compliance, standardization is imperative so that security can be locked in throughout all stages of a vehicle’s lifestyle.
Vehicle compromise vectors in the connected car
Hackers routinely seek ways to circumvent the wide range of connected components in the modern vehicle as they try to inflict harm.
For the connected car, there are three notable points of vulnerability—the so-called vehicle compromise vectors—primary components frequently targeted for potential unauthorized access.
The first point is the infotainment mechanism, often housed within the connected car’s dashboard system and used to control GPS navigation and telephony capabilities along with the car’s audio systems and temperature controls. In 2015, security engineers used a vulnerability in the infotainment system of a Jeep Cherokee car to effectively torment the driver, such as blasting music at maximum volume while disabling the vehicle’s radio controls. Since then, similar vulnerabilities have been discovered in a wide range of makes and models.
The second point is through telemetric devices, or components that capture a variety of data from various vehicular systems and transmit that information to receiving equipment or entities for processing and analysis. A telemetric device dongle could be used by unscrupulous individuals to gain unauthorized access to this data, paving the way for data in the connected car to be harvested.
A third point is the charging station for electric vehicles—unmanned and offering multiple points of entry for determined hackers to focus their attention on breaking into the charging station’s payment systems, hardware, and the charging ports. Home charging stations also possess vulnerabilities, allowing fraudulent accounts to be created without alerting the registered user.
The consequences of a successful breach can be hazardous or even deadly, while also raising serious questions on assigning liability.
IoT cybersecurity providers
The supply chain for the connected vehicle involves many players that produce an expansive range of components for the connected car. Aside from the car manufacturer, the players include semiconductor vendors such as Texas Instruments and NXP; embedded telematics makers such as Harman Kardon; cellular mobile vendors such as u-blox and Sierra Wireless; telecom operators such as Verizon and AT&T; telematics service providers such as SiriusXM; IoT platform providers such as WirelessCar; and service providers such as QNX.
At the center of this vast ecosystem is the automotive IoT cybersecurity provider, which supplies the solutions needed to protect the connected vehicle from cyberattacks, or from being digitally compromised. The prominent players in this group include multinational maker NXP Semiconductors; Samsung subsidiary Harman; Israeli-based Argus Cyber Security and Upstream Security; and six US makers, including GuardKnox in Illinois, Microchip Technology in Arizona, Karamba Security in Michigan, and Silicon Valley’s Synopsys Inc., Trillium Secure, and Mocana.
While still in its infancy, the automotive IoT cybersecurity market represents a prime opportunity for security vendors to gain traction and help influence its development.
The IoT Cybersecurity for Automotive Report – 2020 is offered under Omdia’s Enterprise research pillar. Omdia subscribers also have full access to our Security Technology research category and its research categories of Access Control & Fire, Critical Communications, Cybersecurity & Digital ID, and Video Surveillance.