Safety and Security of Connected Vehicles

According to IHS projections, 30 billion connected things are expected to be in use by 2020. [1] These devices include but not limited to home appliances, connected vehicles, medical devices, and machines in a factory. Last week, Steve Herrod from General Catalyst Partners explained to us about the growing importance of cybersecurity in a connected world. Security risks associated with IoT devices are very different from computers and mobile devices. Besides financial and privacy loss, there could be physical effects due to compromised IoT devices. Modern cars today contain approximately 100 million lines of software code.[2] The software is going to get much complex with the advent of autonomous vehicles. Security risks associated with connected vehicles are much higher when compared to traditional computing platforms.

Nowadays, a modern vehicle may have up to 70 electronic control units (ECU) for various subsystems like engine control, antilock braking/ABS, cruise control, and electric power steering. [3] All modern vehicles also provide an on-board diagnostics (OBD-II) port which is connected to Controller Area Network (CAN) bus. CAN protocol is used for communication between ECUs and sensors of the vehicle. So an access to the OBD-II port also implies access to the vehicle’s ECUs.

There are several OBD-II plug-in devices which provide wireless connectivity to the OBD-II port. These devices are mainly used by consumers and insurance companies to track and monitor vehicles. The OBD-II port was initially intended to be a physical-access port, so it lacks adequate security mechanisms when accessed through a wireless connection.

In the year 2015, researchers at the University of California at San Diego showed that they could take control of a Corvette’s brakes using OBD2 dongle distributed by insurance companies.[4] In another demonstration, security researchers took control of a Jeep Cherokee through its internet connection.[4] These incidents indicate the potential hazards of connecting vehicles to a wireless network.

IHS Markit report projects the number of autonomous cars worldwide to reach 30-40M by 2040. [5] Autonomous vehicles mainly rely on wireless connectivity to communicate with other vehicles (V2V) and roadside infrastructure (V2I). There are many advantages to these modern car technologies. For instance, V2V communication’s ability to wirelessly exchange information about the speed and position of surrounding vehicles will avoid crashes and ease traffic congestion.[6] Despite the many benefits of these new technologies, there are several concerns related to security and privacy aspects. The U.S. Department of Transportation (USDOT) is currently providing a Proof of Concept (POC) message security solution for V2V and V2I communications. This solution is named Security Credential Management System (SCMS) and it is based on Public-Key-Infrastructure(PKI)-based approach. [7]

Even after following security best practices, new issues related to security will arise in the future. A security breach in an autonomous car could have a devastating impact on public safety. So proper mechanisms should be in place to communicate and resolve security-related issues promptly. Identifying the affected vehicles and performing OTA upgrades will become crucial for the smooth and safe operation of connected vehicles.










2 comments on “Safety and Security of Connected Vehicles”

  1. Hello RamaSundar,

    You are raising an interesting topic that made me stop and wondered. I have always thought that autonomous cars were a crazy good invention. I even thought that “regular” cars were gonna disappear eventually, but what happens when criminals hack into someoneĀ“s car to kidnap them or even hack police cars to stop a chase?

    Autonomous cars could decrease the accident rate, but what other problems would they bring? Is it worth having them? Definitely something worthwhile to think about.


    Users who have LIKED this comment:

    • avatar
    1. Yes, there will be security concerns for any “thing” that is connected to the internet or network. In case of connected vehicles, the U.S. Department of Transportation (USDOT) is already providing a security solution that is currently under test at different Connected Vehicle Pilot sites.
      Connected vehicles use a wireless technology called dedicated short-range communication (DSRC) for V2V or V2I communication. Since this is a short range, malicious actors need to be in the proximity of the vehicle to break V2V or V2I communications.


Comments are closed.