Guest blog: Security threats to smart cars

Jalal Bouhdada

Jalal Bouhdada from Applied Risk explains why physical and cyber security vulnerabilities threaten the future of the increasingly smart car

The pace of innovation within the automotive industry has been breath taking. Many of these innovations have the potential to be revolutionary: smarter cars promise to be more efficient in terms of both fuel economy and at reducing congestion and accidents.

But in the competitive rush to bring more connected cars to market, it is important that manufacturers don't skip the basics of cyber security and compromise the safety of their vehicles.

From the point of view of a security practitioner, an automobile is just another complex system that is becoming ever more connected for the purposes of efficiency and customer convenience. The problem this inevitably creates is more connectivity, which means more attack vectors to protect against, and more opportunities for hackers.

There are two areas of concern that should be addressed by the automotive industry. The first is the risk of physical safety: if vehicle control systems can receive remote connections, there’s always the chance that they are open to being compromised, which means an immediate and unacceptable danger to drivers, passengers and other road users.

The second area is personal data privacy. Cars have become increasingly valuable generators of personal data, as, for example, manufacturers collect data about vehicle use to improve future designs.

The challenge facing car manufacturers is that many of the systems were not designed with security in mind, because they were never intended to be connected to external communications. Yet in today’s vehicles we find GSMA, Bluetooth, wifi and other wireless technology – not to mention USB ports – are ubiquitous and can provide gateways to critical control systems.

If manufacturers are to carry on innovating at the pace of recent years, it’s imperative that the gap between capability and security doesn’t grow any bigger. It’s a huge task, the full breadth of which may not yet be fully understood. If manufacturers don’t find the security holes they’re leaving behind on the road to innovation, someone else certainly will.

Jalal Bouhdada is founder and principal ICS security consultant at Applied Risk

www.applied-risk.com

 

Recommend to Colleagues: 

Add new comment

Plain text

  • Allowed HTML tags: <a> <em> <p> <h1> <h2> <h3> <code> <ul> <ol> <li> <dl> <dt> <dd> <strong>
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Follow Us:

Twitter icon
Facebook icon
RSS icon