Smart cars are the transport industry future.Smart cars are equipped with many innovative features to reduce traffic congestion and prevent fatal accidents. While these features have helped to enhancevehicle safety and security, increased connectivity and internet-enabled services have put connected cars on the risk of getting attacked by cybercriminals.
In the year 2015, Chrysler had to recall 1.4 million vehicles after a pair of hackers demonstrated that their digital systems could be remotely hijacked over the internet. The hackers used CAN bus to send commands to the engine, helping them to take control of the adaptive cruise control, electronic brakes, and steering. The incident made carmakers more aware of the new security threats. Here are a few risks that the carmakers need to be mindful of:
Vulnerabilities Outside the Vehicle:
The vehicle-to-everything (V2X) technology that comprises of vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I) and vehicle-to-pedestrians (V2P) communications depend on public key infrastructure (PKI) defined in the IEEE 1609.2 protocol, which is based on dedicated short-range communications (DSRC) technology. The on-board unit (OBU) in vehicles as well as roadside units (RSU) also relies on PKI. The DSRC technology offers the security architecture that authorizes data exchange and safeguards data privacy.
The Chrysler hacking saga was mainly based on CAN bus vulnerabilities. CAN bus provides message authentication code (MAC) that employs encryption and complex key authentication process. However, The MAC-based approach increases compute load on the CAN bus, making the communications in the connected car inefficient. NXP Semiconductor has found a solution to eliminate the communication inefficiencies of the CAN bus. The company has introduced CAN transceiver for easier logging and reporting of a security incident on the bus.
A high-end connected car comprises of more than 100 million lines of code, increasing the complexity of the software to a large extent. Carmakers also face a considerable amount of difficulties to provide software patch and updates. Many software solution providers like secure bootloaders are offering solutions that allow car companies to facilitate the authentication of updates via the air interface and the corresponding real-time diagnostics.