Securing the Connected Car and Protecting Against Software Vulnerabilities

You just rolled out of the dealership in your brand new car. Maybe it’s a 2014 Jeep Cherokee, a 2014 Infiniti Q50, or a 2015 Cadillac Escalade and like a lot of cars these days it’s loaded with state-of-the-art features that are networked and automated making driving a wonderful, even futuristic experience. But according to Dark Reading, these three automobiles are the most likely to get hacked.

Get hacked you say?

Depending on the vehicles network setup (yes… network) Bluetooth and radio functions might share the same telematics as the car’s engine or braking systems making a hack not only a possibility but quite simple. Some of the potential hacks are mischievous but some are downright terrifying.

  • Blasting the horn with the engine off
  • Preventing the car from powering down (wearing out the battery in electric vehicles)
  • Changing speedometer and gas gauge readings
  • Tightening the driver’s and passenger’s seat belt
  • Sudden acceleration
  • Turning headlights or blinkers on or off
  • Disable power steering or braking
  • Control braking (on or off)

As the connected car becomes a reality – and it is quite quickly – automakers need to step up their security. Tesla Motors, one of the most connected cars available today is actually hiring 30 full-time hackers whose job will be to find and close vulnerabilities in the car’s firmware. According to Computerworld, Tesla is getting very serious about securing its connected car:

Tesla has been among the most proactive carmakers in addressing potential security threats. It was the only automaker to attend the recent Def Con security conference in Las Vegas, where a security executive took the opportunity to promote the company’s responsible vulnerability reporting program and to recruit new team members.

Hacking isn’t just about driver safety either. EDRs (event data recorders or “black boxes”) collect driver data that can be used to reconstruct accidents, improve driver safety and comfort, and help detect car imperfections. But this data can also be hacked, compromising driver privacy.

As a company with long and deep experience in securing data and user privacy in connected Consumer Electronics and mobile products, Intertrust believes a key step is to create an ecosystem that identifies all stakeholders involved in the connected car, including automotive microprocessors and other components, networked services, their manufacturers and providers of these, the vehicle driver, repair personnel, etc.

Once this ecosystem develops, we can take steps to protect privacy and ensure security within the ecosystem. Intertrust recommends steps such as the establishment of a chief security architect and IT security organization within automobile and automobile related manufacturers. These would be responsible for the security processes, testing and other procedures needed to implement the necessary security frameworks and the proper test and updating methodologies.

At the heart of all hacks lie exposed software and that’s one area that needs serious attention. The automotive industry today invests heavily both financially and time-wise in the development and deployment of software applications. These applications need to be secured to protect IP and reputation. Join us in Los Angeles at the Connected Car Expo on November 18th – 20th. We’ll be exhibiting our software code and data protection solutions designed to prevent reverse engineering and tampering of applications and digital assets within the connected car.

See you there!