In the not-so-distant past, the main security concern for car owners was making sure that the car was locked, maybe with an alarm set. If the worst happened (usually involving some nifty work with a wire coat-hangar) it was usually either the stereo/golf clubs / Christmas presents that got stolen or the car was taken for a quick tour of the local waste ground by “local tearaways”. These days, the sophistication level has ramped up considerably, both in terms of tools deployed and the potential prizes on offer.
Connected Car Security Issues
With the concept of the Connected Car has come to the fore recently, the “local tearaway” is now likely to have been usurped by the “international hacker” and the coat-hangar has been replaced by very sophisticated malware and Trojans. While the focus at many automotive exhibitions and conferences in the past was on the increasing sophistication of locks and immobilisers, the focus at the current rash of connected car events is firmly on the immense potential for the functionality, access, and future possibilities. And why not? The possibilities are both exciting and virtually limitless. With traffic congestion not likely to improve in many places any time soon, why would car purchasers not be swayed by the latest in in-vehicle infotainment (IVI) systems helping to pass the time in queues. Or by the ability to unlock their car with their mobile phone or pay car parking fees at the touch of a button from inside the car?
While the average car purchaser would be justified in being excited, the average hacker is probably also rubbing his or her hands in glee. Yet another unsecured system to try to hack… and this one almost definitely has a lot of personal and financial information, quite possibly from multiple people too. While the average hacker is in the game for personal gain and will, therefore, be interested in farming as many addresses, DOBs, credit card numbers, etc. as possible, his more malevolent counterpart can see the possibilities for gaining unauthorised access to or control of various systems within the vehicle. The possible consequences of such actions are, of course, potentially catastrophic.
At Trustonic, we are obviously excited by the possibilities, but we also see the security issues too. As with so many topics that fall under the all-encompassing Internet of Things heading, we are keen that security is at the forefront of minds, rather than being a late afterthought. Trustonic builds a secure operating system, called a Trusted Execution Environment (TEE) that gets embedded into the heart of smart devices, ensuring that applications loaded onto those devices can be trusted and protected.
A unique Root-of-Trust is also given to each device – rather like a digital birthmark – and is used to prove the identity of that device. This level of security needs to be embedded not only into the car and its components but also to the external systems that the car is communicating with; whether it is a roadside sensor requesting payment for a toll or a speed limit sign notifying the vehicle of a new speed limit zone. With unrivaled expertise in device security, we know that only a hardware-based security solution is going to be sure to keep cars, their secrets and their control safe. So, when looking at the nice new shiny car in the showroom, it is as important to think about its digital safety as its physical safety!
To understand more about Trustonic’s solutions to Connected Car security issues, visit our automotive page.