Connected vehicles are unbounded security risks because hackers can penetrate them remotely and potentially create damage to multiple vehicles simultaneously. It’s relatively easy to unlock doors, turn on the engine, remotely operate the vehicle through OBD2 or mobile aps among other car invasions, according to Jeff Lebowitz, Vice President Market Development for Upstream Security.
These cyber security risks never existed until recently. But connected vehicles are a giant safety risk because hackers can easily penetrate them remotely and potentially create damage to multiple vehicles simultaneously. Hackers can unlock doors, turn on the engine, remotely operate the vehicle or vehicles through existing unprotected OBD2 or mobile aps.
“The automotive industry is undergoing rapid transformation and becoming part of a new smart mobility world. The foundation of this emerging electronic ecology is connectivity, which is the key enabler for any type of value-added services that companies can build on top of the connected ca,” says Lebowitz.
Then the payoff comes, but not for the car owners who have lost the rights to their own data, Smart mobility unlocks myriad selling opportunities for both the OEMs as well as so-called value-added service creators. It also brings with it a range of cybersecurity risk that never existed before.
“If you look back, say, 5 to 10 years ago, a typical vehicle was air-gapped,” says Lebowitz. “ Basically, it had protection from the outside world. There was no way a hacker could penetrate it unless they were physically near that vehicle. However, this changes the second connectivity is in a car. So, if you were to ask an automotive security officer whether they had cybersecurity issue, with these unconnected cars, they would likely opine, ‘We didn’t have any issue or security risk was very low.’ Unfortunately, that all changes the second you introduce connectivity to these vehicles. Connectivity opens the doors for hackers to remotely penetrate a car and potentially create damage that can span multiple vehicles at the same time.”
Connected Vehicles
We now have a vehicles that have internet connectivity, either through an embedded SIM card or through an aftermarket “dongle” that provides mobile connectivity for this vehicle . Through this data connection, the car connects to the automotive cloud, where a typical OEM or a fleet operator would host a range of applications such as telematics, mobile application servers, LiDAR, maps, an ever-growing list. The last part of the infrastructure is the mobile phone, which consumers can use to unlock the doors, turn on the engines, and perform a variety of actions such as driving the car remotely from the driveway. Now that we understand the infrastructure, let’s look at how a hacker would try to penetrate all this connected vehicle service.
The most obvious attack vector is what we call Near Field attack, wherein a hacker can physically compromise the car either through OBD II, through Bluetooth, or Wi-Fi. Near Field attack, in most cases, are confined to the impact that they can create as they’re isolated to a single vehicle. The more serious attack vectors are actually what we call remote attacks that are generated from the public internet, from locations that are nowhere close to the vehicle. Hackers can remotely compromise a service either by attacking the automotive cloud, and through it, being able to attack multiple connected vehicles at the same time. The third attack vector would be to go through the mobile app and then use it to pivot into the automotive cloud, and from there, into the connected vehicles and basically compromise the entire vehicle fleet.
https://www.upstream.auto/solutions/#the-challengeConnected vehicles generate data from many different vehicle sensors, resulting in enormous piles of information. Buried within this information are valuable performance indicators, such as driver and vehicle behavior, vehicle utilization, maintenance, driving routes and much more.
OEMs, telematics providers and vehicle fleet stakeholders could gain greatly from uncovering these valuable insights into fleet health, discover meaningful connections, trends and patterns that could improve driver experience as well as vehicle and fleet quality and reliability. Leveraging this data that is already being collected and stored, could serve to build a stronger competitive advantage and create new revenue channels.
Cybersecurity Designed for the Connected Car Age
Upstream Security was founded by Yoav Levy (CEO) and Yonatan Appel (CTO), two seasoned security professionals with over 20 years of professional experience. They understood that the automotive market is undergoing a massive disruption, potentially greater than the one experienced by the mobile phone industry and that this disruption will require radically different security solutions to reach its potential – automotive cybersecurity solutions purpose-built for the automotive industry and its unique challenges.
The automotive industry is undergoing a transformation – decades old business models are rapidly changing, and connectivity is quickly becoming an integral part of conducting business. Connected cars sit at the core of a new smart mobility ecosystem. Connectivity enables automotive vendors and service providers to monetize car data and achieve superior operational results. Consumer experience as well as operational efficiency can be improved, and new business opportunities can be imagined. At the same time, however, connectivity exposes vehicles to a wide array of risks that never existed before – cyber-threats as well as misuse.
OEM car makers and service providers have been challenged with identifying and locating cyber threats targeting their smart mobility services and connected vehicles. To secure the smart mobility ecosystem – vehicles, infrastructure and services – from attack, fraud or misuse, a new breed of security solutions is required, one that is purpose built for the unique challenges of the automotive industry and to the specific attributes of an individual connected car.
Like the transformation undergone by cybersecurity solutions in enterprise IT, automotive security solutions need to be designed for the age of “connected cars everywhere” and move from an endpoint (in-vehicle agent based) security model to a centralized cloud-based agent-less one. Cyber solutions must be able to understand and distill the massive amounts of unique data created by fleets.
The automotive industry is undergoing rapid transformation and becoming a smart mobility ecosystem. The foundation of this ecosystem is connectivity, which is basically the enabler for any type of value-added services that you can build on top of the connected car. Smart mobility unlocks a host of opportunities for both the OEMs as well as value-added service creators. The same times, it brings with it a range of cybersecurity risk that never existed before.
About Ken Zino
Ken Zino, editor and publisher of AutoInformed, is a versatile auto industry participant with global experience spanning decades in print and broadcast journalism, as well as social media. He has automobile testing, marketing, public relations and communications experience. He is past president of The International Motor Press Assn, the Detroit Press Club, founding member and first President of the Automotive Press Assn. He is a member of APA, IMPA and the Midwest Automotive Press Assn.
He also brings an historical perspective while citing their contemporary relevance of the work of legendary auto writers such as Ken Purdy, Jim Dunne or Jerry Flint, or writers such as Red Smith, Mark Twain, Thomas Jefferson – all to bring perspective to a chaotic automotive universe.
Above all, decades after he first drove a car, Zino still revels in the sound of the exhaust as the throttle is blipped during a downshift and the driver’s rush that occurs when the entry, apex and exit points of a turn are smoothly and swiftly crossed. It’s the beginning of a perfect lap.
AutoInformed has an editorial philosophy that loves transportation machines of all kinds while promoting critical thinking about the future use of cars and trucks.
Zino builds AutoInformed from his background in automotive journalism starting at Hearst Publishing in New York City on Motor and MotorTech Magazines and car testing where he reviewed hundreds of vehicles in his decade-long stint as the Detroit Bureau Chief of Road & Track magazine. Zino has also worked in Europe, and Asia – now the largest automotive market in the world with China at its center.
Hack Attacks – Connected Vehicle Cyber Security Lags
Connected vehicles are unbounded security risks because hackers can penetrate them remotely and potentially create damage to multiple vehicles simultaneously. It’s relatively easy to unlock doors, turn on the engine, remotely operate the vehicle through OBD2 or mobile aps among other car invasions, according to Jeff Lebowitz, Vice President Market Development for Upstream Security.
These cyber security risks never existed until recently. But connected vehicles are a giant safety risk because hackers can easily penetrate them remotely and potentially create damage to multiple vehicles simultaneously. Hackers can unlock doors, turn on the engine, remotely operate the vehicle or vehicles through existing unprotected OBD2 or mobile aps.
“The automotive industry is undergoing rapid transformation and becoming part of a new smart mobility world. The foundation of this emerging electronic ecology is connectivity, which is the key enabler for any type of value-added services that companies can build on top of the connected ca,” says Lebowitz.
Then the payoff comes, but not for the car owners who have lost the rights to their own data, Smart mobility unlocks myriad selling opportunities for both the OEMs as well as so-called value-added service creators. It also brings with it a range of cybersecurity risk that never existed before.
“If you look back, say, 5 to 10 years ago, a typical vehicle was air-gapped,” says Lebowitz. “ Basically, it had protection from the outside world. There was no way a hacker could penetrate it unless they were physically near that vehicle. However, this changes the second connectivity is in a car. So, if you were to ask an automotive security officer whether they had cybersecurity issue, with these unconnected cars, they would likely opine, ‘We didn’t have any issue or security risk was very low.’ Unfortunately, that all changes the second you introduce connectivity to these vehicles. Connectivity opens the doors for hackers to remotely penetrate a car and potentially create damage that can span multiple vehicles at the same time.”
Connected Vehicles
We now have a vehicles that have internet connectivity, either through an embedded SIM card or through an aftermarket “dongle” that provides mobile connectivity for this vehicle . Through this data connection, the car connects to the automotive cloud, where a typical OEM or a fleet operator would host a range of applications such as telematics, mobile application servers, LiDAR, maps, an ever-growing list. The last part of the infrastructure is the mobile phone, which consumers can use to unlock the doors, turn on the engines, and perform a variety of actions such as driving the car remotely from the driveway. Now that we understand the infrastructure, let’s look at how a hacker would try to penetrate all this connected vehicle service.
The most obvious attack vector is what we call Near Field attack, wherein a hacker can physically compromise the car either through OBD II, through Bluetooth, or Wi-Fi. Near Field attack, in most cases, are confined to the impact that they can create as they’re isolated to a single vehicle. The more serious attack vectors are actually what we call remote attacks that are generated from the public internet, from locations that are nowhere close to the vehicle. Hackers can remotely compromise a service either by attacking the automotive cloud, and through it, being able to attack multiple connected vehicles at the same time. The third attack vector would be to go through the mobile app and then use it to pivot into the automotive cloud, and from there, into the connected vehicles and basically compromise the entire vehicle fleet.
https://www.upstream.auto/solutions/#the-challengeConnected vehicles generate data from many different vehicle sensors, resulting in enormous piles of information. Buried within this information are valuable performance indicators, such as driver and vehicle behavior, vehicle utilization, maintenance, driving routes and much more.
OEMs, telematics providers and vehicle fleet stakeholders could gain greatly from uncovering these valuable insights into fleet health, discover meaningful connections, trends and patterns that could improve driver experience as well as vehicle and fleet quality and reliability. Leveraging this data that is already being collected and stored, could serve to build a stronger competitive advantage and create new revenue channels.
Cybersecurity Designed for the Connected Car Age
Upstream Security was founded by Yoav Levy (CEO) and Yonatan Appel (CTO), two seasoned security professionals with over 20 years of professional experience. They understood that the automotive market is undergoing a massive disruption, potentially greater than the one experienced by the mobile phone industry and that this disruption will require radically different security solutions to reach its potential – automotive cybersecurity solutions purpose-built for the automotive industry and its unique challenges.
The automotive industry is undergoing a transformation – decades old business models are rapidly changing, and connectivity is quickly becoming an integral part of conducting business. Connected cars sit at the core of a new smart mobility ecosystem. Connectivity enables automotive vendors and service providers to monetize car data and achieve superior operational results. Consumer experience as well as operational efficiency can be improved, and new business opportunities can be imagined. At the same time, however, connectivity exposes vehicles to a wide array of risks that never existed before – cyber-threats as well as misuse.
OEM car makers and service providers have been challenged with identifying and locating cyber threats targeting their smart mobility services and connected vehicles. To secure the smart mobility ecosystem – vehicles, infrastructure and services – from attack, fraud or misuse, a new breed of security solutions is required, one that is purpose built for the unique challenges of the automotive industry and to the specific attributes of an individual connected car.
Like the transformation undergone by cybersecurity solutions in enterprise IT, automotive security solutions need to be designed for the age of “connected cars everywhere” and move from an endpoint (in-vehicle agent based) security model to a centralized cloud-based agent-less one. Cyber solutions must be able to understand and distill the massive amounts of unique data created by fleets.
The automotive industry is undergoing rapid transformation and becoming a smart mobility ecosystem. The foundation of this ecosystem is connectivity, which is basically the enabler for any type of value-added services that you can build on top of the connected car. Smart mobility unlocks a host of opportunities for both the OEMs as well as value-added service creators. The same times, it brings with it a range of cybersecurity risk that never existed before.
About Ken Zino
Ken Zino, editor and publisher of AutoInformed, is a versatile auto industry participant with global experience spanning decades in print and broadcast journalism, as well as social media. He has automobile testing, marketing, public relations and communications experience. He is past president of The International Motor Press Assn, the Detroit Press Club, founding member and first President of the Automotive Press Assn. He is a member of APA, IMPA and the Midwest Automotive Press Assn. He also brings an historical perspective while citing their contemporary relevance of the work of legendary auto writers such as Ken Purdy, Jim Dunne or Jerry Flint, or writers such as Red Smith, Mark Twain, Thomas Jefferson – all to bring perspective to a chaotic automotive universe. Above all, decades after he first drove a car, Zino still revels in the sound of the exhaust as the throttle is blipped during a downshift and the driver’s rush that occurs when the entry, apex and exit points of a turn are smoothly and swiftly crossed. It’s the beginning of a perfect lap. AutoInformed has an editorial philosophy that loves transportation machines of all kinds while promoting critical thinking about the future use of cars and trucks. Zino builds AutoInformed from his background in automotive journalism starting at Hearst Publishing in New York City on Motor and MotorTech Magazines and car testing where he reviewed hundreds of vehicles in his decade-long stint as the Detroit Bureau Chief of Road & Track magazine. Zino has also worked in Europe, and Asia – now the largest automotive market in the world with China at its center.