Sometimes the excitement around a new technology can blind us. Like a kid dreaming about riding her new bike, we often rush outside without first grabbing our crash helmet.
The buzz around the connected car is a pretty good example. And it’s little surprise we’re so eager to embrace the technology. We know that connecting our car to our smartphone can lead to much greater comfort and convenience.
But are we rushing into things without making sure we’re protected first?
Some analysts think that our eagerness to connect our cars to the internet might be to the detriment of safety and security. After all, we’re not the only ones who are happy with this trend. Hackers are, too. They see enticing opportunities in this space the same way we do.
That’s why it might be worth us pausing and taking a step back. We can still enjoy all the comforts that come from the connected car. But after we’ve first secured the communication channels and client-car interaction methods.
The connected car
The connected car is fast becoming simply “the car”. It’s not a novelty anymore.
We’re connected at home, in the office, and as we walk around our towns and cities. So why not in our cars, too? As creatures of convenience and comfort, we expect to have access to the same instant information on the road that we enjoy at home.
These days you can heat up your car before you pour your morning cup of coffee. You can listen to your favourite podcast on Spotify while you drive to the office.
Such is the demand for technology like this, that Business Insider expects the shipment of connected cars to increase from 33 million in 2017 to more than 77 million by 2025. Between 2020 and 2021 alone, the value of connected car commerce in the US is set to increase by $2.5 billion.
If these figures are impressive, then so too are the numbers within the car itself. The average car today comes with around 100 million lines of code. That’s about four times as much as a modern fighter jet.
And in ten years, the car is expected to have 300 million lines of code. The more lines there are, the more convenience we enjoy. But the danger is that all this data being transferred is unprotected.
To what extent is the car manufacturer actually in control?
Are they ready right now to create secure communication channels and secure client-car connections?
There’s concern among some analysts that the connected car is just one more example of security being sacrificed in favor of convenience.
The hacker’s head start
This status quo could be a big problem for the industry as a whole. Not least because the balance of power is currently swaying in favour of bad actors.
Provided they have the right skills and tools, hackers can attack your car with limited investment and effort. And because the focus in the manufacturing industry has historically been on safety rather than digital security, bad actors have enjoyed a bit of a head start.
A hacker can carry out a dynamic analysis on the app you use to control your car. And if they’re successful, they can re-engineer that app. Then it's possible they could track your car, unlock it, and steal it.
But there are other types of attacks, too.
Earlier this year, it emerged that a Tesla car had been tricked into accelerating by 50 mph after someone added a sticker to a road sign that made 35mph look like 85mph to its built-in camera. And Wired reported that hackers were able to clone millions of Toyota, Hyundai and Kia keys by cracking the cryptography within them.
Car manufacturers are also vulnerable to attacks when their cars are in diagnostic or repair centers. After all, the cars contain a lot of valuable logic and intellectual property that they don’t want in the wrong hands.
Attacks are evolving all the time. Hackers have recently taken to posting adverts on the dark web for real user account details gleaned from connected car apps.
Manufacturers aren’t blind to these threats. They’re just not used to confronting them. But the signs are that awareness is increasing of a need to act, particularly with regulations due to come into force in the coming months.
Let’s secure the connections we’re making
One such regulation is the World Forum for Harmonization of Vehicle Regulations under the United Nations Economic Commission for Europe (UNECE). Its software updates will affect more than 60 countries.
This means that car manufacturers will soon be obliged to include robust protection in their connected car apps.
Some are already blocking bad actors, of course. But regulations like this one will help to make sure there’s a consistency in approach across the industry. It will convince manufacturers to protect the code within their apps and to secure the communication channels between that app and the server.
After all, protection doesn’t only benefit the end user. An attack on a large scale could also badly damage a manufacturer’s reputation.
Particularly at a time when customers will come to expect protection from hackers as part of the service.
It feels like we’re at a bit of a crossroads moment in the evolution of the car. Most of what we can glimpse over the horizon is positive. The car is about to become much more than a vehicle for movement, taking us from one place to the next. It’s about to become an extension of our homes, too.
But because of these changes, the car is going to need protection against a different kind of threat. One that the automotive industry isn’t used to.
We should still be excited about the possibilities that come from rushing outside into this new world.
Let’s just make sure we take our crash helmets with us.
At Licel we work with car manufacturers around the world to keep their apps safe. CryptoModule carries out sensitive crypto operations and stores key material. And Stringer protects car manufacturers’ server-side software during analytics and diagnostics.
Head over to our automotive industry page to find out more about our expertise.