What is automotive cybersecurity?
In the past years, the future of connected vehicles has been discussed elaborately. With more OEMs pushing autonomous vehicles onto the market, it is no surprise that 93% of all cars in the EU are projected to be connected by 2035. And it is expected that almost all vehicles on the road will be connected by 2035. Software and apps control everything in the car, from our location and trip details to brakes systems. This makes the driver’s job more accessible, but the car is more vulnerable to outside attacks.
As our Head of Cybersecurity, Sergey explained: “Cybersecurity is one of the top challenges for any digital business. It is not a nice-to-have, but a must-have solution in the modern and competitive digital world.” As it is already a must-have, you need to have a clear understanding of what automotive cybersecurity is.
It is a necessary protection of all electronics, communications systems, data, software, and algorithms against outside threats. It helps to protect the car and the driver from attacks and potential manipulation.
Why is automotive cybersecurity so important?
When we talk about car safety, we always think about its exterior. Is it strong enough, and will it protect the driver and other passengers? When searching for the safest car on the internet, you will see a list of the best cars to protect you and other people in the car from crashes. The conclusion is made based on the crash tests and the number of advanced safety features such as automatic emergency braking, forward collision warning, and lane-keep assistant.
Even though external car safety is extremely important, invisible attacks are becoming more frequent and there is cybersecurity to be added to the check list. Vehicle cybersecurity means implementing proven defences to:
- Keep anyone from stealing your data from the car (like access to GPS location info, contacts, access to the microphone inside car and video-cameras),
- Stop hackers from being able to control or manipulate your car (for example, disabling the burglar alarm, tricking the collision avoidance system)
- Ensure nobody can damage your car (for example, resetting your electrical charging function or oil change counter so you don’t get your oil changed on time).
There are many ways to approach the topic of cybersecurity and its importance, but we will look at it from 2 perspectives – to protect the car and to protect the driver and other passengers.
To protect the car
Imagine installing the best alarm system in your car. That should protect it from theft. But the thief never touched your car. What if a thief can unlock your car using only his/her computer? Thieves can find a back door in the manufacturer’s code and be able to drive your car away as if it was theirs. With the technology being more sophisticated, a new form of stealing cars has appeared – remote attacks via wireless interfaces (Bluetooth, NFC, Radio, etc.) which allows to expose vulnerabilities in authentication and authorization flows used for opening the doors and starting the engine.
This is just one of many examples that we need to approach car safety from a different perspective – a cybersecurity perspective to keep our cars safe.
To protect the driver and passengers
An even worse scenario than having your car stolen is to endanger the safety of the passengers. Hackers can activate or deactivate different features like your Autopilot, ADAS, or change info on your speed display. They can change the end location of your navigation, driving you to an unknown neighborhood. Taking over your car while you are still driving is possible by taking control of your steering wheel, brakes, engine, or autopilot functions.
The hackers can also access the infotainment system in your car. This can result in stealing your location, accessing the built-in microphones and cameras for recording the conversations inside your car. Heads up display shows very important information for the drivers and if the hackers can get into the system, they can manipulate what information is displayed. They can also access your WiFi connection and seat entertainment systems which can all result in data stealing.
How does our team support automotive companies to protect their cars?
NavInfo Europe’s Cybersecurity team performs penetration testing on cars and vehicles, in a safe and controlled environment. The information collected will be provided to the OEM, Tier1 and Tier2 suppliers as insights that they can utilize when ensuring the security of the vehicle.
Our team of experts has a rich background in autonomous driving, telecommunications, networks, and AI, and provides customers with award-winning cybersecurity solutions for the vehicle’s entire lifecycle.
Our team is certified with OSCP, CEH, GPEN, CISSP, OSCE, CRTE, OSWP and Cloud security. Additionally, we follow the most stringent standards, including ISO/IEC 27001, Automotive SPICE® Level 3 assessment, and TISAX (Trusted Information Security Assessment Exchange).
To learn more about cybersecurity, sign up for our newsletter and always be up to date with the latest developments.