Vehicles today have evolved from a means of commuting to being an extension of people’s personal space. They provide comfort, convenience, and safety – just like homes.
With the integration of software and connectivity, the way one interacts with the vehicle has completely transformed. However, connectivity has also opened doors for threats and vulnerabilities. In 2023, India recorded 2,138 weekly cyber-attacks per organization, a 15 percent increase from 2022.
Cybersecurity and SDVs
In SDVs, software governs almost every aspect of vehicle functionality from infotainment systems to advanced driver assistance features and even autonomous driving capabilities. Software permeates every facet of modern vehicles. The complexities stem from their interconnected nature and the sheer volume of software components integrated into these vehicles. Today, cars have 100 million lines of code and by 2030, it is predicted to be 300 million lines of codes with multiple devices being connected to the internet. Unlike traditional automobiles, SDVs rely on a multitude of sensors, processors, and communication systems to function effectively. This increased reliance on software comes with an inherent vulnerability to cyber threats. This interconnected ecosystem creates numerous potential entry points for cyberattacks, ranging from in-vehicle interfaces to external communication networks.
Unveiling Vulnerabilities
Infiltration into the car’s central system can originate from various entry points, including headlights, brakes, and infotainment systems. With cars evolving into sophisticated mobile computers, they have become prime targets for cyber-attacks and are posing a new hazard on road.
In 2022, a “Rolling-PWN attack” targeted the Remote Keyless System of vehicles. Researchers successfully breached the system, enabling them to unlock doors and start engines remotely, a concerning revelation for vehicle security. The same year, critical vulnerabilities were discovered in widely used vehicle GPS trackers. They could be exploited by hackers to track individuals and remotely disable vehicles.
Last year, a group of seven security researchers uncovered numerous vulnerabilities in vehicles from 16 car manufacturers – allowing hackers to manipulate car functions, access internal systems, and expose personally identifiable information of customers and employees.
With more and more vehicles becoming connected, the Indian automotive sector is exploring innovative solutions to enhance security in the connected vehicles. Continental’s R&D Centre in Bengaluru has established an exclusive team especially dedicated to cybersecurity.
Three step strategy for tackling cybersecurity
Prevention: The likelihood of security encroachment rises in tandem with the degree of networking and the number of in-vehicle interfaces that it demands. Hackers are driven by several factors including data theft, financial gain, and prestige. Manufacturers must strengthen all potential attack points and lay down security solutions across multiple levels and departments.
This can be made possible by identifying the various attack points, understanding the behavior, and designing safety measures to secure the systems. In other words, make it as hard as possible for hackers to attack. This typically involves hardware-enhanced crypto, embedded security software, secure networks, and secure vehicle architecture. In terms of automotive cybersecurity, another example of a preventive approach would be DevSecOps. The practice ensures that developers are using coding practices that are less vulnerable to attacks.
Identifying point of entry: Know that the system is being hacked, identify the point of entry, exposed vulnerabilities, and other critical information in real time. This involves live monitoring and tracking of connected vehicles. An example of this would be setting up the Security Operation Centres (SOCs). SoCs facilitate real-time detection of any such breach and tackle it in real-time. SOCs also help identify the gaps and do quick patches to avoid long-term exposure to vulnerabilities in on-road vehicles.
Response: Mitigate the damage and immunise the fleet in hours. This involves software updates over the air and patch management. Cybercrime is an asymmetric challenge. Although an organisation must monitor hundreds of processes, hackers just need to find a single flaw to gain access. It is like a never-ending race between those who want to secure networks and those who want to break them down. Therefore, once a loophole is identified, it is vital to act as quickly as possible.
Cyber threats are dynamic. The scope of cybersecurity in SDVs is complex and requires concerted effort from automotive companies to effectively mitigate risks and safeguard vehicle systems. Cybersecurity is a key factor in ensuring the integrity, reliability, and safety of SDVs. By embracing proactive threat detection, leveraging technological advancements, ensuring robust encryption protocols, continuous software updates, and fostering industry collaboration, one can ensure a secure and reliable future of mobility.
Harikrishna Khandavalli, Head of Engineering – Bangalore & Head of Engineering Software – APAC, Architecture & Networking, Continental Automotive India. Views expressed are his own.
