National contacts

Today’s vehicles have in-car technology at their core, some containing as many as over 200 mini computers or electronic control units (ECUs). Cars also feature a plethora of standard technology including cellular capabilities, Wi-Fi, Bluetooth, radio frequency and GPS to name a few. Screens show vehicle information, routes and navigation or music and entertainment. Modern cars are also highly connected to the environment around them and can connect to numerous devices such as mobile phones. The connectivity between cars and the infrastructure around them is only set to deepen. Currently cars connect to charging points but in future vehicles will connect to each other and to transport infrastructure as well, such as traffic lights and pedestrian crossings.
In the last few years autonomous vehicles have started to appear on our roads and companies such as Telsa and Polestar continue to disrupt the traditional automotive landscape. These cars and services include phenomenal amounts of technology or are supported by a vast technical infrastructure such as the Uber app, which utilises both driver and passenger data. These services are processing incredible amounts of data such as personal addresses, journey details and financial information, with data ripe for advertising segmentation (where have you been?) and insurance (how do you drive?).
So what cyber-attacks could we see in the automotive sector?
At the moment we are thankfully only seeing ‘proof of concept’ attacks where vehicles are having functions controlled remotely. Examples of these include breaks being applied remotely, a connected app being used to control heating and climate control functions remotely or the infamous hack where a 4x4 was driven off the road, with the driver still inside! Luckily, these attacks have always been carried out by the good guys, the white hats and ethical hackers. But how long will it be until these attacks are used maliciously, and more worryingly - would we even know? If a police officer turns up at a crash, his first thought is unlikely to be a cyber-attack. However, in the future it might just be possible.
The impact of cyber-attacks on a vehicle is not to be underestimated, not only do they cause damage to both the consumer and the manufacturer, but they have the potential to cause citywide disruption; blocking roads, causing delays and thereby affecting other essential services.
Privacy in vehicles – issues for owners and manufacturers
Society is becoming more aware of instances in which they are sharing their personal data. We see cookie alerts when we browse and understand the dangers of over-sharing personal information on social media. We know that modern vehicles store a variety of information - but who is responsible for the safeguarding of that data?
We have seen news reports citing instances of user data recovered from scrapped car units, and the police commonly recover data from vehicles in a crime scene. What other scenarios might put owners at risk?
Do OEMs want the publicity when the data of a celebrity, CEO or politician ends up online or in the hands of someone without the best of intentions?
While we are not accustomed to asking such questions across this range of situations, perhaps it could be said that at least some responsibility for personal data lies with the end user. However, manufacturers too have a duty of care to make car owners aware of the risks to their data and to ensure that when data appears removed from a vehicle’s systems, or a factory reset is undertaken, that the data is fully overwritten and inaccessible. Vehicle cyber security isn’t just about protecting the vehicle and its functions but also protecting the data stored within that vehicle.
Cyber security considerations should be ingrained throughout the sector. The same principles of cyber protection that are essential to critical infrastructure and corporate cyber security should also be applied to vehicles and their infrastructure. Cyber security should be one of the key foundations of the design of a vehicle, in the same way as we treat car safety. OEM’s should have their vehicles independently tested for cyber security weaknesses, including a Penetration Test against the whole vehicle and its supporting infrastructure, from initial manufacture, through to the servicing levels and dealerships, the vehicle and if electric, any necessary charging stations.
How can vehicle security be improved?
Cyber security in cars is now a critical consideration as the level of technicality within vehicles continues to rise. Vehicles are thoroughly integrated into the world around them and they can no longer be viewed in isolation. The whole threat model from supply to manufacture through to support needs to be assessed for vulnerabilities, with cyber security checks, penetration tests and red team engagements; all before a car leaves the sales court.
In a world where all electronic devices can be hacked and huge amounts of personal data is potentially at risk, it seems vehicles are still the new frontier for cyber security.
Author: Carmine Del Guercio – Cyber Security Team
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.