Connectivity versus securityRosario
What is the best way to protect smart vehicles?
Technological advances have implemented services such as autonomous driving and automatic braking in the automotive sector. Even less expensive cars already offer extensive Bluetooth and WiFi connectivity. This makes protecting these smart cars against cyber attacks nearly impossible for human analysts. Instead, we should be thinking more seriously about turning to automated systems, and soon, to ensure that our smart vehicles are as secure as possible.
Connected vehicles present a unique challenge for cybersecurity engineers. This is because the way these vehicles are designed and built, as well as the way they interact with the real world we inhabit, is quite different from the average mainframe.
In most cases, for example, the connectivity offered by smart vehicles is often designed by automotive product designers, or at best UI designers, who have little understanding of how the desired level of connectivity will affect safety. In other words, smart cars are generally willing to connect to any other device within range, be it a smartphone, flash drive, headset or Wifi router, and often do so in a very insecure manner.
The supply chain
Unfortunately for network engineers trying to secure smart vehicles, things are getting worse. Not only are connected cars willing to connect to everything without performing any due diligence, but the sheer number of different manufacturers contributing to a finished vehicle makes the idea of standardizing security nearly impossible.
In the trade, this problem is known as the “supply chain problem” and is a real headache for engineers. In practice, you could spend time researching which automaker has the largest share of the connected car market and try to build systems that would isolate, for example, the Bluetooth connectivity that turns the car on and off. But if they try to fix this, the product manager could easily swap suppliers for Bluetooth antennas and make the whole process obsolete.
What’s worse is that it’s not just the vehicle itself that is at risk if a hack is successful. Today, consumers are likely to have their car connected to their smartphone, smart home or smart toaster. This provides unprecedented opportunities for hackers to achieve what is known as “lateral movement”: using access to a smart heating system, for example, to gain access to a smart car, and then using this access to get into their emails, then their banking.
redborder takes an approach through the process of vulnerability scanning. This can incorporate a wide variety of individual tasks, from broadly reading data collected with Big Data techniques to AI-enhanced analysis of the data to detect intrusions. Its design shares the concern for wrapping a protection system around vulnerabilities developed in smart cars.
Of course, we are still at the beginning of this journey, and the future of cybersecurity for connected vehicles is hard to see, even for those deeply entrenched in the industry. However, it is already clear that data traffic management and analysis and intrusion forecasting is so far a solution to the problem in smart, connected vehicles.