banner

Thales Blog

Driving Connected Car Security Forward

September 20, 2016

driving-connected-car-security-forwardLike the Internet, the Internet of Things (IoT) is going to be a part of our everyday life, with an increasing number of devices establishing connections – from smart light bulbs to connected cars and everything in between. However, as businesses and individuals alike begin to enjoy the conveniences associated with increased connectivity, these clear benefits lead to clear vulnerabilities.

Increased Connectivity = Increased Risks

As we’ve seen many times, attackers can often hack into connected products with shocking ease. Just take a look at recent breaches at VTech and Hello Barbie, not to mention the now infamous hacking of a Jeep’s multimedia system through a Wi-Fi connection. In the latter example, the hackers took control of the steering wheel, engine, transmission, and braking systems with minimal effort. What’s more, they were able to control everything remotely over the Sprint cellular network.

Click To Tweet:  Driving #ConnectedCar #Security Forward bit.ly/2d058Bh

It’s now become clear: today’s automobile has more in common with the Apple iPhone than it does with a ’67 Ford Mustang. And although the advanced technology found in modern vehicles enhances the driving experience, this increased vehicle complexity also introduces a myriad of new security vulnerabilities and privacy challenges.

A recent Vormetric survey found that when it comes to the IoT, Americans most fear the hacking of their cars. The survey also revealed that 24% of respondents already own a connected car. Although still considered an emerging area, it’s clear that Americans are eagerly adopting IoT technologies. For a deeper dive into the results, I recommend checking out my colleague, Tina Stewart’s recent blog post, “Developing a New World Order for the IoT Connected Universe.”

Industry Efforts

Individual automotive companies are moving quickly to address cybersecurity. For example, GM now has a team of about 80 individuals reporting to a chief product cybersecurity officer, a role that didn’t exist just two years ago. And Volkswagen recently co-founded a new cybersecurity company called CyMotive, which aims to build “advanced security solutions for next generation connected cars.”

GM and VW are certainly not alone in making such advances. In an effort to enhance cybersecurity awareness across the global automotive industry, automakers established the Automotive Information Sharing and Analysis Center (Auto-ISAC) in 2015, whose members now account for 98% of the light-duty vehicles on US roadways. The center aims to facilitate the exchange of important threat information and countermeasures in real time, adding another layer of cybersecurity protections to what individual automakers are already doing. As a relatively new initiative, much is still unknown about exactly how the Auto-ISAC will benefit the connected auto industry. However, one thing is for certain – there is a growing awareness of the need for a collaborative community and security standards.

Along these lines, the Federal Trade Commission (FTC) issued an alert in late August warning car rental customers to safeguard their personal data when using vehicles that include network connectivity. This announcement demonstrates that not every hack of a connected car will lead to it being driven off the road. The more pressing danger – at least at this point in time – is the theft of sensitive personal data. To counteract this, the FTC recommends not connecting mobile devices to the car’s entertainment system for charging, checking your permissions, and deleting your data from the car’s system before returning it. While I personally believe we need to go much further as an industry, the FTC is on the right track.

Thales Leads the Way

Protecting connected vehicle data is increasingly becoming a concern for individuals and organizations. Providing a real-world example of this need for data security, Thales recently entered into a new technical partnership with Williams, the leading Formula One team. Through the partnership, Thales now assists Williams in protecting its confidential telemetry data – of high-value in the competitive world of Formula One – as it is transmitted from the pit lane back to Williams’ headquarters for detailed analysis.

To learn more about how Thales is helping to secure connected vehicles today, download our connected vehicle solution brief.