If you haven’t heard the term connected car, you will soon. Today’s new cars have computing power that rivals many small businesses; 100 million lines of programming code and electronics that capture upwards of 25 Gb of data each hour. All of this is designed to connect the car with the outside world and the driver, enhancing the driving experience and making the operation of a vehicle efficient, comfortable and safe.
In September, consulting firm McKinsey & Company released some findings that showed consumers are concerned about data privacy when it comes to the connected car and the information it gathers. 45 percent of new car buyers in the US are reluctant to use connected car services because of data privacy fears, and 43 percent are afraid that hackers will be able to actually manipulate safety features such as braking. Where are some of these vulnerabilities and security risks coming from? Here are some examples:
- Lack of sufficient bus protection. The signaling and communications bus, CAN bus, lacks the necessary protection to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
- Weak authentication. It’s very possible to re-program the ECUs illicitly.
- Misuse of the protocols. Denial of Service (DoS) attacks via CAN; malicious error messages can be used to trigger the fault-detection-mechanism in CAN.
- Poor protocol implementation. For example… reprogramming the ECU while the vehicle is moving is not allowed, however it is possible to launch commands that disable the CAN communication and set the ECU into programming mode while the vehicle is moving.
- Information leakage and corruption. Hackers can manipulate the diagnostic protocol by sniffing ordinary diagnostic sessions and injecting modified messages.
A recent New York Times article stated McKinsey & Company research that predicted revenue from connected car technology will grow to more than $230 billion by 2020. It all sounds great! The Internet of Things (IoT) is coming fast and all of this connectivity inside and outside of your vehicle is going to make life easier. For the hacker! With consumer concerns and software provider holes apparent, how will connected car technology providers be able to make the growth gains that seem to be available to them in this growing market? The answer is simple… Protect code and data; stop theft of IP and reverse engineering; keep cryptographic keys and data private.
High-end security applications add a layer of protection to help avoid the limitations and risks involved with conventional application security. Integrating with existing applications, our high security software-solutions deliver the next level of obfuscation, self-defense and tamper resistance technology against tampering and piracy.
On November 18th – 20th at the Los Angeles Convention Center, whiteCryption will be exhibiting at the Connected Car Expo. Take advantage of the tremendous potential that the connected car is providing and secure your solution for growth!