Connected car study examines protection from cybercriminals

Fragmented approach to vehicle connectivity paves the way for cybercriminals to target connected cars through multiple vectors.

A study has been launched by cyber security company Kaspersky Lab in association with Spanish digital media company IAB to examine the vulnerability of connected cars to cyber attacks.

The research was conceived to bring a higher profile to IT security in vehicle connectivity development as connected cars become a reality and the development of in-car apps, infotainment, safety and security systems accelerates to meet growing demand. Kaspersky Lab’s Principal Security Researcher, Vincente Diaz has been charged with developing a proof of concept relating to the implications on safety of connecting cars to the internet.

Vehicle connectivity covers a wide variety of functions from infotainment and social media applications through telematics and monitoring systems to plan maintenance to more safety critical functions such as navigation, adaptive driver assist systems (ADAS), autonomous control and automatic emergency assistance systems such as the pan-European eCall network and the ERA-GLONASS system in the customs union of Russia, Kazakhstan and Belarus.

The deployment of such information technology in vehicle design offers massive advantages to drivers but they also bring security risks, particular as the pace of development is rapid and largely fragmented. Standard platform development is still in flux and the debate is still in full swing as to how such systems should be unified. Vehicle manufacturers are working to create their own platforms and entering partnerships to establish them as standards whilst also meeting the needs of externally enforced regulations such as those being thrust upon them through international V2x connectivity projects as well as eCall and ERA-GLONASS. A non-exhaustive overview of connectivity drivers is listed below:

* Automatic emergency assistance systems (eCall / ERA-GLONASS)
* Telematics
* Infotainment, internet, premium service delivery
* Intelligent Transport Systems for road tolling and traffic management
* Vehicle to Infrastruction/Vehicle connectivity (V2x)
* Autonomous vehicle development (including telematics and V2x)
* Active vehicle safety systems (including V2x)

According to Kaspersky Lab, the security and safety implications of communications and internet services in vehicles can’t be ignored and so the study will examine the different factors that could provoke cyber attacks and could result in accidents or fraud related crime. Such threats are well known to users of IT and smartphone systems and are now just as much a threat in connected vehicles. According to Vincente Diaz, an example is the theft of password credentials which could result in the vehicle location being identified and its security compromised.

Through a study of the ConnectedDrive system from BMW, Kaspersky Lab identified four key attack vectors that could potentially be exploited including the use of compromised credentials resulting in unauthorised access to user information, access to remote services using mobile application, unencrypted Bluetooth driver updates and SIM card based communications.

The full report is available from the IAB website (in Spanish only) here: “Connected vehicle security study”

Jonathan Newell

Studied Engineering at Loughborough University and now involved in broadcast and technical journalism. Jonathan is based in London and Almaty.

Latest posts by Jonathan Newell (see all)

Tags:
, , , , ,

Categories:
Industry Reports

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code

WordPress Anti-Spam by WP-SpamShield