The Driverless Car: Hardened Apps are the New Locks

Driverless cars offer the potential to someday save thousands of lives. But there are many technical problems that can also put lives in jeopardy. One of the most concerning is the threat that malicious software can intentionally impair vehicle operation.

Let’s look at a couple of car hacking examples. Recently, Chinese security researchers at Keen Lab hacked a Tesla Model 6 from 12 miles away. Late last year, software developers at the Norwegian company, Promon, were able to use a Tesla Android app as an entry point to successfully hack the vehicle. And this is just the tip of the iceberg.

As technology and automotive companies race to bring driverless cars to the road, consumers have concerns about the trustworthiness of this technology. McKinsey & Company released findings that showed 45 percent of new car buyers in the U.S. are reluctant to use connected car services because of data privacy fears, and 4 percent of drivers are afraid that hackers will be able to tactually manipulate safety features such as braking.

What can industry do to reassure anxious consumers? Manufacturers of connected cars – and, quite frankly, manufacturers of all IoT devices – must approach securing any device in a holistic and top-to-bottom way. To be effective, security cannot be bolted on at the end of the assembly line. Security cannot be thought of as a “feature.” For widespread consumer adoption for driverless cars to happen, they must know that the manufacturer has integrated security into the design process as diligently as they have the car engine.

How can driverless car manufacturers do this? To ensure that the software powering connected vehicles is secure, it needs to be “hardened” at the application level to prevent hacking. Increasingly, mobile apps are becoming the main target for malicious behavior. Over the last four years, there has been a 188 percent increase in the number of Android vulnerabilities and a 262 percent in the number of iOS vulnerabilities. And esteemed industry analyst Gartner Group found that 75 percent of mobile apps would fail basic security tests.

As a result, developers have been focusing on hardening the security within the actual app to prevent hacks. Researchers have found that app security is compromised when the cryptography within the app is broken. This occurs for one of two reasons. Either the app is using a weak algorithm for encryption and decryption, or the app is using a strong encryption algorithm but implementing it in an insecure way.

Fortunately, hardening apps within the IoT ecosystem is a relatively easy fix. Enterprise-level solutions are now available that can help application developers introduce the security needed to prevent breaches. Whitebox cryptographic libraries that implement standard cryptographic algorithms in a way that completely hides the keys, and code protection for hardening software applications on multiple platforms, can work together to increase security protection against multiple threats.

These enterprise-level security solutions, however, cannot be a “one-off” so to speak. These security solutions must be integrated as part of the overall security solution, from the beginning, and updated frequently to prevent tampering with apps running in threat-rich environments, such as Android and iOS.

As regulators, manufacturers and consumers prepare for the dawn of the driverless car, secure apps are just one of the items on their checklist to ensure that driverless cars are safe enough to fulfill the promise of saving thousands of lives.

Bill Horne, Vice President and General Manager, Intertrust Secure Systems