Many new car models are 'connected,' bearing a 4G LTE wireless datapoint that uploads data to the cloud and downloads updates for software and firmware updates.
Many new car models are 'connected,' bearing a 4G LTE wireless datapoint that uploads data to the cloud and downloads updates for software and firmware updates.
( Source: iStock)

Connectivity Cyber-physical security measures: Are connected cars hackproof?

| Author / Editor: Jason Unrau / Erika Granath

Autonomous connected vehicles (ACVs) rely on intra-vehicle sensors such as camera and radar as well as inter-vehicle communication to operate effectively. This reliance on software exposes ACVs to cyberattacks, leading us to look into just how hackproof today's connected vehicles really are.

Picture a 2,000 kg sedan barreling down the road as the occupant behind the controls is entirely powerless to change the vehicle's course. A madman or a mischievous hacker is manipulating every move like a puppeteer pulling a marionette's strings. That might sound extreme, but with connected cars, the risk of this nightmare-like scenario turning real is, unfortunately, present.

Technology is in place for vehicles to be hacked. Many new car models are 'connected,' bearing a 4G LTE wireless datapoint that uploads data to the cloud and downloads updates for software and firmware updates.

Acceleration is electronically controlled with drive-by-wire designs, as is the steering system. A wireless connection plus an opportunity to take over the reins from the occupant is a dangling carrot many hackers will chase after.

What does security for connected cars look like? Let's explore questions related to cyber-security in today's vehicles and moving forward.

How much data does a Connected Car generate?

Much of the concern related to hacking cars seems like it should be of limited scope and little impact. In fact, it's quite the opposite. Connected cars generate up to 4TB of data every day, sending information across networks to be processed as well as onboard processing. That includes navigation details, interfacing ADAS systems, and ECM processes onboard. It affects acceleration, steering, braking, safety systems, infotainment, and even smartphone integration.

While 4TB per day is a lot, fully autonomous cars are expected to generate that same volume per hour of driving.

How safe are Connected Cars from hacking?

A study of automotive industry cyber-security practices by Synopsys and SAE International reveals that three in ten respondents don't have an established product cybersecurity program or team. Furthermore, 63 percent report that they "test less than half of hardware, software, and other technologies for vulnerabilities."

Unfortunately, there's a gap in knowledge. OEMs can't confidently say their vehicles cannot be hacked.

Case in point, researchers gained access to a Jeep Cherokee through its Uconnect infotainment system in 2015 and were able to affect acceleration, braking, and steering control. The revelation spurred a mass recall from FCA involving 1.4 million vehicles.

What can lead to security breaches?

Like the Jeep example, most access points are through a vehicle's infotainment system. At the root of the concern is the vehicle's onboard network that passes data from control module to control module rapid-fire.

Inbound and outbound data that's never expected to leave the vehicle is exposed once the vehicle is connected wirelessly. Systems are even more exposed as connected cars open up connections to the Internet of Things (IoT) through other gateways.

Fiat Chrysler Automobiles began implementing security measures in much of its products from 2018, implementing the Secure Gateway Module that creates a firewall between private data points into all it's new models.

The reality of compromised security

Will hackers really take over vehicles in a maniacal bid to cause anarchy? It may be possible, but it's unlikely. The truth of compromised cybersecurity systems in connected cars is much more insidious.

  • Infotainment systems can be used as an access point for personal information never meant for prying eyes. It may include addresses and names, or even credit cards associated with private accounts.
  • Connected services may be interrupted. A vehicle's telematics connection can be disrupted, reducing the ability to use ADAS systems and Bluetooth connectivity, for example.