As the Internet of Things (IoT) era gathers steam, leaders are increasingly discussing how connected vehicles can be part of intelligent transport systems (ITS) that will power tomorrow’s Smart Cities.
The development of ITS – advanced systems that make transport ‘smarter’ through enhanced communication and connectivity – is expected to have a significant and positive impact on how we travel.
ITS could help reduce the 1.25 million annual road traffic deaths worldwide, as well as significantly reduce traffic and pollution. ITS could also provide greater mobility to the 1 billion people with disabilities around the world.
However, the rapid technological upgrades for connected cars are bringing with them a range of new safety and security issues, especially those related to data privacy and hacking. Over-the-air (OTA) software updates can help mitigate some of these risks, even though they are also a potential vulnerability as hackers can intercept and hack these updates. In addition, global harmonization of technical standards would provide another important defense layer, leading to a more secure automotive environment.
In order to keep automobile travel safe these days, car manufacturers must “plan it with cyber in mind,” Yoram Berholtz, Director of Business Development at Argus Cyber Security told ITU News.
More software, more vulnerabilities?
Cars on the market today are equipped with a wide variety of onboard computing, from GPS and bluetooth phone connectivity, to parking assist technology such as rear-mounted radar and cameras. And with increasing amounts of software for connected cars, we will likely see more flaws that can create vulnerabilities.
“If you are putting more software [in the car] the chances there are bugs in the software is increasing. This is very natural.” Berholtz explained.
In 2015, Chrysler recalled 1.4 million Jeeps after a hackable software vulnerability was discovered that would allow the hacker to take control of the vehicle. Last month, researchers at Kaspersky Labs discovered that malware installed on an Android device could locate a connected car, unlock it, and in some instances, start the car. While these were academic proof-of-concept hacks, they highlight real dangers for automobile users in the future of connected driving.
“The vulnerability of vehicles to malicious intrusion will remain a fact of life indefinitely and the risks – ransomware, remote control, personal information access, terrorism – will only increase as vehicles increasingly become part of a larger network or networks,” Roger Lanctot, Associate Director, Global Automotive Practice, at Strategy Analytics, told ITU News.
However, as hardware and software improves, original equipment manufacturers (OEM) “will create a more robust system against hacking,” says Berholtz. “You can not prevent by 100% … but you can reduce it very, very significantly.”
Better security with over-the-air updates?
One way that OEMs are navigating these issues is through OTA updates, software updates distributed wirelessly to the car.
“When we talk about modern security for ITS for connected cars, were talking about the ability to rapidly and safely respond to issues that have been discovered,” says Arthur Taylor, Chief Technology Officer of Advanced Telematic Systems. “Manufacturers can mitigate that cost and respond faster and get the benefits of being able to flexibly develop and deploy their software by integrating OTA into their systems.”
According to Timo Littke, Chief Analyst at Advanced Telematic Systems, there are three main benefits of OTA updates:
- Cost savings on expensive vehicle recalls (Ford’s 2015 recall cost the company in excess of USD1 billion);
- Additional revenue generated by allowing customers to purchase special features;
- Confidence that the car complies with mandatory policies and regulation without needing to go to a dealer or shop.
“Most car OEM are preparing OTA update services, because there is less restrictions in time and space than the conventional update method (e.g. a wired manner),” Seungwook Park, Research Engineer at Hyundai told ITU News.
Standardization, the ‘first defense layer’
“There are interoperability and compatibility issues in ITS environments, because there are different entities made by different manufacturers there,” says Mr Park. “We [Hyundai] think ITU-T is the right place to develop car-related IT technology.”
Hyundai is the first car maker to join ITU-T, the arm of ITU that deals with developing internationally agreed technical standards.
“In order to realize a ‘hyper-connected intelligent car’, four key technologies are required, like sensor fusion, advanced network system, artificial intelligence and robust vehicle security. So following our company’s roadmap, we are going to focus on those items,” says Park.
But how can standards help defend against security issues faced by ITS? The experts all agreed: harmonization across the industry would lead to a safer, more secure automotive environment.
Standardization “puts the first defense layer in the system to defend against hacking those ITS systems,” Berholtz said.
“If cars are going to rely on wireless communications for collision avoidance, a higher level of security credentialing is necessary and international coordination is unavoidable as cars are sold throughout the world,” Lanctot told ITU News.
We need international frameworks “that describe what the minimum global expectation is for security and for quality,” said Taylor.
A new ITU standard for secure remote software updates to connected vehicles is on course for final approval at the upcoming meeting of ITU-T Study Group 17 (Security) in Geneva, 22-30 March.
Lucy Spencer (@L_M_Spencer)