4 Connected Vehicle Security MythsBy Special Guest
Mike Troiano, Vice President, IoT Solutions, AT&T January 10, 2018
As new connected vehicles take the road each day, security concerns are increasing simultaneously. This influx of connected vehicles has also brought on an onset of vehicle hacking demonstrations, leading to swirling myths, fears and misconceptions.
So, let’s set the record straight on a few connected car security myths.
Myth 1: Hackers can access connected vehicles from anywhere, anytime.
We’re presented with media stories of hackers that penetrate vehicle security systems from remote locations. But today’s connected cars and trucks aren’t as susceptible to hacks as the attention-grabbing headlines suggest.
Remote hacking of a vehicle is much more difficult than is often portrayed, and to my knowledge has never happened in a real-life scenario. While I can only speak to the large-scale auto manufacturers we work with today, remote hacking of these connected vehicles typically requires significant resources and know-how beyond the capabilities of random hackers, and often some degree of physical access to the vehicle prior to being able to remotely penetrate a vehicle system.
In the case of most recent demonstrations, there were manufactured vulnerabilities, manipulations and extensive preparation with the physical vehicle before any hacking occurred. It’s also critical to note that new vehicle models are designed with more security than ever before. Auto manufacturers and suppliers are consistently updating vehicle architecture to combat increasing threats, and working together to both share information about cybersecurity vulnerabilities and develop best practices for the industry.
Myth 2: There are only a handful of highly vulnerable entry points in a connected vehicle.
It’s important to understand that there are more entry points in the connected vehicle ecosystem than ever before—through the supply chain, through application and service providers, as well as the vehicle itself. Attackers are constantly learning and evolving their processes in ways we can’t always anticipate, thus the cybersecurity threat is present at every step.
One telecom offering providers can offer auto manufacturers and suppliers, and ultimately the end-user from a connectivity standpoint is a layered approach to IoT and connected car security to help secure more of these entry points.
- The Device Layer – Device manufacturers help to protect the hardware (the “thing” that is connected) through extensive measures, including integrating telecom built-in security controls.
- The Connectivity Layer – A strong network with the right private solutions and capabilities helps protect connections in a highly secure manner.
- The Data/Application Layer – Telecom companies can offer capabilities and precautions to help protect the data and apps that are connected to the network.
- The Threat-Analysis Layer – Analytics help inform how hardware is being used, where it is being used and who is using it. At every level, analyzing the traffic coming in and out of that device or application and identifying abnormalities helps prevent, detect and respond to potential threats.
Myth 3: Connected vehicle security responsibility rests solely with telecom companies and auto manufacturers.
Though auto manufacturers and telecom companies play important roles in ensuring the security of their offerings, connected vehicle security requires an ecosystem of end-to-end players to help address threats.
There is no one-size-fits-all, simple solution or approach to highly securing connected cars and trucks across the board. Telecom providers, auto manufacturers, app developers, and software developers alike are hyperaware of this and are collaborating extensively to customize approaches that can help to deliver the most secure solutions possible.
Every player in the ecosystem has a responsibility to prioritize security – including drivers. Software updates and routine upgrades are a critical component of maintaining today’s connected vehicles, particularly to keep vehicles’ security protections up to date.
To learn more about current initiatives in cybersecurity and how telecommunications companies and OEMs can work together, read The Alliance for Telecommunications Industry Solutions’ (ATIS) latest whitepaper.
Myth 4: Connected vehicles pose more risks than benefits.
Perhaps the most misinformed connected vehicle myth, in my opinion, is about the ultimate value it provides to consumers and our society.
According to an AT&T (News - Alert) survey, only 39% of respondents believe that connected cars have the ability to improve your safety while on the road. However, according to the National Highway Traffic Safety Administration, up to 80% of multi-vehicle crashes can be avoided by using vehicle-to-vehicle (V2V) communications technology.
Vehicle-to-infrastructure (V2I) communications – a connected vehicle capability that allows cars to talk to traffic signals and other roadway elements— provides additional benefits to crash prevention, reducing traffic congestion, and lowering carbon emissions. Cellular communications for cars and trucks can play a vital role in enabling and augmenting both V2V and V2I communications.
Beyond the safety benefits, connected cars and trucks offer convenience and security with the ability to gain better insights into maintenance issues. And let’s not forget that they also put entertainment right in consumers’ backseats.
I believe the benefits of connected cars significantly outweigh the risks, when each player in the ecosystem does their part to keep drivers safe and vehicles highly secure. And we’ll continue to collaborate and make that a top priority at AT&T.
Edited by Ken Briodagh