Are smart cars cybersecure?

Posted date 04/04/2024

Autor

INCIBE (INCIBE)

¿Los coches inteligentes son ciberseguros? Imagen decorativa

Nowadays, many technological advances have been made, one of the most important of which is the Internet of Things (IoT), as it provides a multitude of information in real time, thus allowing full knowledge of the data obtained in real time. Over the last few years, this technology has been progressively implemented in the automotive sector, as the current trend revolves around the autonomous car.

But it is not all good news: if information is transmitted to the cloud or the data being transmitted becomes more and more important, vehicles will increasingly become the target of cyber-attacks. The following are some examples of cyber-attacks on vehicles in recent years:

One of the most commonly used cyber-attacks targets the Keyless system. This technology has a control unit, such as a control unit, which is used to interpret the communications between all the devices in the vehicle. With all these features, the attacker tries to replicate the information sent by the remote control to the control unit in order to open the car and take what is inside the vehicle or even the vehicle itself.

- Keyless system -

Another of the quintessential cyber-attacks is DDoS (denial of service) to intelligent transport systems, as they would be able to block all communications of connected cars and therefore pose a high risk to people's safety.
Another problem to watch out for is vulnerabilities that are discovered and not fixed, due to the difficulty in updating all the devices that contain vehicles.
It is also very important to consider entertainment systems, such as displays, e.g. Apple-Car or Android Auto, which could allow control of the vehicle's console.
Sometimes it can also happen that the vehicle is infected by another external device, such as a charging station, or even by infected devices in the vehicle's manufacturing plant.
USB ports can also be used maliciously to execute code, install apps or even obtain sensitive information.
The GPS used can face two very important and high-risk threats, e.g. spoofing and jamming, which are capable of manipulating the GPS signal and can override or even replace the real GPS signal.
Attacks on the sensors installed in cars, such as intense noise to make the acoustic sensors malfunction or a magnetic attack on the odometric sensors.

Due to the large number of possible cyber-attacks and their growth over time, companies in this sector are investing more and more in cyber-security, some of the progress being made to improve cyber-security in vehicles will be explained below:

Creation of different regulations so that the cars that are manufactured can be homologated to be cyber-safe, one of these regulations is the UNECE/R155, this regulation requires compliance with the following protocols:
- identify and manage cybersecurity risks in vehicle design;
- verify that risks are managed, including testing;
- ensure that risk assessments are kept up to date;
- monitor and effectively respond to cyber-attacks;
- analyse successful attacks or attempted attacks;
- assesses whether cybersecurity measures are still effective in the light of new threats and vulnerabilities.
Another important regulation is UNECER/R156 which is more focused on software security, some of the requirements of this regulation are:
- the update target;
- the impacts that may occur to the car when such an upgrade is performed;
- if the software update modifies any requirements previously met;
- under what conditions such an upgrade can be carried out;
- confirm that the software update has been properly verified and validated.
Other standards, such as ISO TC22/SC32/WG11 or TC22/SC32/WG12. Depending on the country in which it is manufactured or used, they may be required to comply with different standards.
Implementation of cyber-secure protocols for communication, whether it is used to communicate with other vehicles, with infrastructure or even with pedestrians and cyclists. In addition to communications with the cloud.
Increasing people's awareness of the possibility of a cyber-attack, such as not leaving Bluetooth or Wi-Fi on when it is not necessary, especially when you are not in the car.

Conclusion

As you have seen throughout the article, it can be observed that the automotive sector is one of the sectors where the growth of cyber-attacks has been considerable, largely due to the implementation of new technologies in today's cars, such as the introduction of GPS, artificial vision, sensors that transmit what they detect while driving, etc. As a result, the industry is investing a lot of time and money in finding solutions to improve cybersecurity. Examples of these improvements are the creation of new regulations such as UNECER/R155 and UNECER/R156 that allow vehicles to meet certain requirements in order to be marketed.

Content produced in the framework of the Spanish Government's Recovery, Transformation and Resilience Plan financed by the European Union (Next Generation).