Why Connected Cars Need a New Approach for Security
“The whole thing was going haywire, even the brakes failed. Very scary.” said a driver after an automotive security company hacked his vehicle in a controlled environment.
For consumers, connected cars make driving a more enjoyable and efficient experience, offering benefits such as intelligent vehicle health checks, the ability to watch movies and other media, and even peer-to-peer (P2P) car sharing. There are significant benefits for business too, with manufacturers, parts producers, fuelling stations and tourist attractions able to harness data produced by connected cars and use the resulting insights to offer products and services that better meet driver needs. So, for connected cars to become an integral part of consumers lives, data security must be stepped up.
Hazard awareness: Identifying the risks
While car manufacturers were previously concerned about physical forced entry into vehicles, they must now turn their attention to sophisticated hackers using connected cars as a way to steal user data.
At the least dangerous end of the scale the risks include hackers using ransomware to take control of infotainment systems and demand payment in exchange for users regaining control of their devices.
But as more parts of the car become connected, the dangers grow. Smart locks are fast becoming a feature of many cars, allowing drivers the added convenience of keeping their keys in their pocket when they open up and start the car, and driving the growth of the P2P car sharing economy by giving approved individuals access to a lender’s car without having to meet face to face. However, without the proper protections, drivers could soon discover that hackers are able to cheat the system and steal their vehicles.
The dangers don’t stop at theft. White hat hackers have already demonstrated how they can access a car’s CAN protocol to shut down a vehicle’s security mechanisms, including the airbags and brakes. It makes cyber attacks a potentially lethal weapon and gives manufacturers a powerful incentive to tighten their security measures.
Setting solutions in motion
Without remediation, security issues could hinder the development of connected cars. Research firm IDC believes hacking concerns are already creating a three-year lag in the introduction of artificially intelligent cars that transport passengers with little input from the driver and, as the number of features reliant on data grows, the need for data security will become ever more important.
To speed up the security development process, the industry must turn its attention to blockchain technology and cryptocurrency payments; innovative technologies that offer real inroads to connected vehicle manufacturers by securing vehicle data. The immutable nature of the distributed ledger guarantees the integrity of data when critical alerts and updates need to be sent between the car and the server. Furthermore, Merkle trees and InterPlanetary File Systems (IPFS) can be applied to the blockchain layer, allowing for the secure and efficient delivery of large data packets. By hashing the data using 256-bit strong encryption, it becomes almost impossible to view it without a private key, cutting down the likelihood of data being ‘scraped’ for other purposes, or being used to take control of the vehicle.
A blockchain solution will be especially valuable in the case of payments. Part of the convenience of connected cars will be the ability to securely use the vehicle rather than cards, cash or phones for payment. Journey-related purchases such as fuel, road tolls, parking charges and food can be made from the comfort of the car seat and by making payments using cryptocurrencies, drivers payments are protected from fraud.
Contracts can be stored on the blockchain, and executed immediately, reducing the chance of unauthorized payments. This robust way of transacting will boost transparency across the car supply chain. It is perhaps one of the biggest benefits of securing connected cars, as it will drive commercial growth across the entire automobile industry. Being able to trace where a car has been serviced and which parts have been changed will reduce the use of counterfeit parts and raise maintenance standards.
Incidentally, the decentralized system will also make blockchain a financially viable option for connected cars as no one party has to carry the cost of maintaining the information database, powering servers and remote storage. It is a superior option in terms of disaster recovery, as the use of multiple nodes mean that data cannot become corrupt or erased, reducing the risk of service being interrupted while cars are on the road.
The road ahead
As cars evolve to join the IoT revolution, passenger and pedestrian lives are at stake if things go wrong, making a safe transition vital. To support long term growth, manufacturers must therefore take a security first approach to the introduction of connected cars. They’ll need to design vehicles around blockchain technology to protect users’ valuable data and explore ways in which crytocurrency solutions can be used to secure their payments. Only by tackling these threats can the automobile industry realise the transformative promise of connected cars.