Key Areas of Focus in Automotive Cyber Security
An overview of current critical factors in automotive cyber security
Global OEMs, in accordance with international regulations, are currently working to identify critical vulnerabilities to cyber security and follow technical standards to minimise security gaps arising from the same. Also, known as “cyber-attack vectors”, these vulnerabilities stem from devices and applications that hackers are most likely to target to break into networks or databases. Most prominent among cyber-attack vectors are backend servers, which accounted for 43% of all reported cyber incidents in 2023, followed by infotainment systems (15%), and APIs (13%).
Cyber-attack on various components of autonomous vehicles in %
Listed below are the most critical cyber-attack vectors and their vulnerabilities critical to effective cyber security:
Backend Servers – These include telematics servers, which send and receive data from the vehicle, and application servers, which also do the same, but with the vehicle’s in-built applications. Most vulnerabilities here stem from access and encryption-related issues with network messaging protocols such as MQTT, which are widely adopted in ICVs and SDVs.
Infotainment Systems – These systems connect to the internet, installed applications, mobile phones, bluetooth devices, and even the vehicle's internal network, thus creating numerous threat points for cybercriminals. According to the U.S. DHS, 90% of incidents involving infotainment systems arise from the embedded software code within these systems.
APIs – Hacking into APIs is relatively easy from a cost and skill perspective, since it requires low technical expertise, uses standard techniques, and can be executed without special hardware. Also, APIs offer the ability to execute large-scale attacks owing to their ubiquity across various in-vehicle systems.
Remote Keyless Entry Systems – Wireless key fob manipulation is a rather common technique and can be executed even by watching publicly available hacking tutorials and devices sold online. The working mechanism between the fob and vehicle can also be manipulated using devices that can intercept and relay, replay, or jam the radio signal.
ECUs – ECUs operate by using interfaces like CAN, K-Line, Ethernet, etc., which can be exploited by various intrusion methods. Common techniques used by attackers include sniffing, which includes intercepting and logging data from a network, and spoofing, i.e., by pretending to be another legitimate node in the network.
Mobile Applications – In-vehicle applications often have common software vulnerabilities, including open-source vulnerabilities, and hard-coded credentials, which are exploited by hackers for identity theft or leak user information on a large scale.
EV Charging Infrastructure – Unprotected internet connectivity, insufficient authentication and absence of network segmentation are major vulnerabilities, common across most EV charging stations globally. Hackers can also tamper physically with EV charging stations or exploit vulnerabilities in the operating software to gain access to internal systems.
Other common areas of vulnerability include blue tooth connectivity, navigation systems such as GPS/GNSS and the CAN Bus (Controller Area Network) itself, which is a message-based protocol enabling ECUs to communicate with each other. Software used in vehicles is another critical factor affecting automotive cyber security in current times, owing to gaps in secure coding and other errors that present point of vulnerability.
Emerging trends and technologies
Remote Attacks – Almost 95% of all cyber incidents witnessed in 2023 involved attacks that were remote i.e without any physical manipulation of the vehicle or its components. Remote attacks rely on network connectivity (e.g., Wi-Fi, Bluetooth, 3/4/5G networks), and can impact several vehicles simultaneously. The majority of these attacks utilised API or software to breach access and are only expected to increase given the rapid rise in connectivity and software-defined architectures.
Regulations and Compliance – Recent regulations such as the UNECE R155/156 and the ISO 21434 etc. have had a massive impact on preventive measures and best practices for automotive cyber security in the sector. These regulations have led to several upgrades and technical standards being put in place as OEMs and suppliers invest heavily in achieving and maintaining compliance with these evolving standards.
Increasing Impact – Cyber-attacks against OEMs and their component suppliers have resulted in production shutdowns as well as disruptions such as costly recalls, brand damage, and loss of data. In June 2023, a U.S.-based Tier-1 supplier for the automotive industry witnessed an attack that led the company’s production to be substantially disrupted for the next 11 days. The company reported that the lost production time impacted net revenues by roughly US$18-20 million.
Collaboration for Cybersecurity – OEMs are increasingly entering into partnerships with cyber-security firms to not only leverage specialised knowledge for enhancing vehicle security but also for achieving regulatory compliance. For example, Ford has teamed up with ADT, a security systems company, to develop Canopy, a vehicle security system that uses AI-powered security cameras, a mobile app for remote monitoring, and AI-enabled acoustic sensors to identify and report credible threats.
New or modified forms of technology are being used to develop fresh security mechanisms in the automotive industry. Emerging technologies that have recently gained traction, include Gen AI tools like large language models (LLMs) that can analyse large swathes of driving data generated from a vehicle’s typical driving patterns, to look for malicious activity and automatically alert the owner or shut the car down. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) that have already been deployed by automakers such as BMW, and Audi, use ML algorithms which are trained offline and then used to detect anomalies by comparing the vehicle’s actual behavior in real-time.
Moreover, concepts such as Hardware Security Modules (HSMs) and Trusted Execution Environment (TEE) are also increasingly being adopted to enhance the physical security of components. These components use cryptography techniques and dedicated memory to secure data transfers to the hardware security firmware. Additionally, Security-by-Design and Secure Software Development Life Cycle (SSDLC) practices are now being prioritised to integrate security into every stage of the development process, from design to deployment.