The Auto industry’s response to car hacking

Khodrocar - Cars nowadays are equipped with automated software. This software enables drivers to enjoy smooth connectivity for functions like cruise control, engine timing, airbags, door locks, and advanced driver assistance systems. However, as technology advances, vehicles increasingly rely on Bluetooth and WiFi technologies for communication. This dependence makes cars vulnerable to various security threats from hackers, including car hacking.

Unauthorized users exploit vulnerabilities found within a vehicle’s software in the act of car hacking. They do this with the sole intention of obtaining unauthorized access to the vehicle’s systems, stealing sensitive information, or posing life-threatening risks.

Despite OEMs (Original Equipment Manufacturers) implementing advanced IT cybersecurity measures intrinsically, the year 2022 saw a 380% rise in automotive API (Application Programming Interface) attacks, which accounted for 12% of all incidents. Additionally, EV charging stations are becoming valuable targets for physical and remote manipulation, exposing users to fraud and ransomware attacks as they charge their vehicles. 

As vehicles become more technologically complex,  as does the range of potential threats. Therefore, comprehensive automotive cybersecurity solutions must address both software integrity and manufacturing/supply chain security.

We have a full report covering the navigation of the IIoT landscape from theory to practice. The report provides a comprehensive overview of the advances in IIoT and its associated benefits, requirements, and use cases, including its role in cybersecurity. Give it a read for a more holistic and thorough look at machine-to-machine communication and security.

The latest automotive security trends:

Automotive security is constantly evolving to keep up with the growing number of cyber threats. The following technologies are some of the major ways in which the automotive industry is revolutionizing to protect vehicles from these threats:

Artificial intelligence and machine learning:

Artificial intelligence and machine learning can analyze data in real-time to detect and prevent potential cybersecurity threats using predictive models. These technologies also enhance the effectiveness of existing security measures, such as firewalls and encryption technologies. By continuously learning and adapting to new threats, AI and ML algorithms can quickly and accurately identify and respond to attacks, reducing the risk of cybersecurity incidents.

Several companies such as Tesla, BMW, GM, Ford, and Volkswagen use a combination of AI/ML to identify and mitigate potential cybersecurity threats, which is frequently updated "over-the-air” allowing real-time threat detection and response. These companies keep periodically testing the ability of hackers to infiltrate their high-tech software and systems.

As of 2023, the GARD project, led by the Defense Advanced Research Projects Agency (DARPA), is developing new techniques and tools to identify and counteract car hacking, and increase the accuracy and robustness of machine learning models. The ultimate goal of the project is to enhance the security and reliability of AI systems, which are crucial in applications such as autonomous vehicles, medical diagnosis, and financial trading.

Intrusion Detection Systems and Intrusion Prevention Systems:

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) monitor network traffic for suspicious activity and offer preventive responses under any potential threat. IDS detects attacks and generates alerts, while IPS detects and actively blocks attacks. 

Both mechanisms can be coupled with firewalls, encryption, and access control mechanisms to create a comprehensive defense system against cyber threats.

IDP and IPS are commercially available and have been adopted by several automakers, including BMW, Audi, and Mercedes-Benz. These technologies detect and prevent intrusions, protect against vulnerabilities in external communication channels like V2X and 3G/LTE, and simultaneously address weak points in connectivity interfaces such as WiFi and Bluetooth. Moreover, machine-learning algorithms are used to detect anomalies, which are trained offline and then compared in real-time to the vehicle’s actual behavior.

Secure Software Development Life Cycle (SSDLC):

The automotive industry is prioritizing the implementation of Secure Software Development Life Cycle (SSDLC) practices to enhance the security of their software systems. SSDLC practices encompass integrating security measures into each stage of the software development process, including design and deployment. 

To ensure safety, regulatory organizations like the National Highway Traffic Safety Administration (NHTSA) are starting to mandate compliance with SSDLC practices.

Blockchain:

The use of blockchain technology in the automotive industry is gaining popularity due to its ability to securely collect and store vehicular data on a decentralized and distributed ledger, providing enhanced protection against car hacking. Blockchain allows vehicles to share information and authorized parties, ensuring both accuracy and security. By using a permissioned network, only specific parties with permission can access data, which improves vehicle cybersecurity and enables secure micropayments, identity management, and data verification. 

Car companies are actively researching and developing blockchain-based solutions for vehicle security and data management. BMW has partnered with VeChain, a blockchain technology provider, to create VerifyCar, a platform that enables used car buyers to check a vehicle’s history and authenticity. Another example is the Mobility Open Blockchain Initiative (MOBI), a consortium of automakers, technology companies, and startups that is working to develop blockchain standards for the automotive industry.

The future of automotive cybersecurity: A multifaceted approach

The path forward for automotive cybersecurity is a multifaceted approach that involves the integration of various technologies and practices, such as:

Artificial intelligence 

Machine learning

Intrusion Detection

Prevention Systems

Secure Software Development Life Cycle practices

Blockchain technology

The automotive industry is constantly evolving and implementing new technologies to address vulnerabilities in its software and manufacturing/supply chain security. Additionally, a multifaceted approach can help detect and prevent potential cybersecurity threats in real-time. Moreover, it can enhance the effectiveness of existing security measures and reduce the risk of cybersecurity incidents.

The implementation of such an approach is crucial in protecting vehicles and passengers from life-threatening risks posed by hackers. This is especially important as the automotive industry continues to evolve and adapt to emerging cyber threats.