The Alliance for Telecommunications Industry Solutions (ATIS) released this summer a new report, “Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives,” which covers connected car security threats and recommendations on improving security.
We spoke to Tom Gage, CEO and managing director of Marconi Pacific, who chairs the ATIS connected car cybersecurity ad hoc group, and Jim McEachern, senior technology at ATIS.
Q: What are the key threats to connected vehicles now in terms of likely breaches and the types of breaches we’re already seeing, and how is that going to change as more vehicles join the network?
Tom Gage: There are two types of broad concerns. In terms of malicious hacks, there have been very few instances of that, and mostly that’s been an endeavor to prove the point that vehicles are vulnerable. The other risk is malware coming by way of software downloads to the vehicle.
A hack could be undertaken for financial gain, to basically hold up the vehicle OEM. And then the question is, what is the hack aimed at? Is it aimed at disrupting the air conditioning system? That’s not so good, but not so serious. If they are looking for credit card information, that’s more serious.
The most serious worry is that they affect the control systems of the vehicle.
Jim McEachern: As we have seen with medical devices, sometimes vehicles could be an accidental target. These hackers are scanning all ports for computers, and they get a medical device or vehicle that isn’t secure and then accidentally infect it with something that mucks up the system.
Q: Where are the most vulnerable points of the connected vehicle at this point?
Tom Gage: The WiFi connection or Bluetooth connection, or another similar unmanaged connection.
There are two types of connections, managed and unmanaged. In telecom, the telecom provider is managing the connection to a cell phone or enterprise user. Unmanaged connections are those networks that the public can access, but don’t have any security. Bluetooth is a good example.
So the connection to the cell phone is secure, but is the connection from the cell phone to the automotive or vehicle infotainment system secure? That’s typically not secure.
There are other connections that could potentially deliver a hack or malware through physical connection to the OBDII port. Tire pressure gauges, or automated locking/unlocking systems are examples of physical and wired connections that are at risk. There are also USB connections.
Q: Vehicles include connected components from a variety of suppliers. When you combine that with the OEMs and wireless carriers, there are a lot of stakeholders. What roles can they all play in security?
Tom Gage: The information and telecommunications technology industry has an obligation to be sure that devices and chips and networks are all secure. One of the biggest reasons we released this white paper was to spur additional end-to-end attention to the complexity of this problem.
There are many players with many different roles, network roles, device roles, chip roles, application roles. These are all the roles and components of delivering advanced vehicle technology.
Jim McEachern: We recognize there are a number of players, but that’s why we need an industry-to-industry dialogue. If we don’t have all the stakeholders as part of that dialogue, then things fall outside of it. This can give us a much better way forward.
Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.