A growing number of modern cars come with some sort of connectivity, from GPS to SIM cards for concierge services and communications. Features like remote diagnostics, telematics and infotainment rely on communications between vehicles and manufacturer’s cloud services. And self-driving cars will connect not just to brand-specific infrastructure, but in all likelihood to one another. Which is wonderful and exciting and a wonder of modernity… but also a potentially massive security risk.
Where there’s valuable data being exchanged nefarious agents will look to exploit it, and connected cars are no exception. Which is why Russian cybersecurity firm Kaspersky Lab is partnering with AVL Software and Functions to make sure only the intended parties are able to control tomorrow’s connected vehicles.
One of the key goals of the partnership is to develop a Secure Communication Unit (SCU) manufacturers can develop for and install in their vehicles. What will the SCU do? According to Kaspersky Lab it’ll “guarantee interference-proof secure communication between car components, the car, and its external connected infrastructure”.
To achieve this, AVL and Kaspersky will be looking at everything from car components and software to “creating a training and coaching portfolio for automotive security”. The pair plan to show off the first results of the partnership at the New Mobility World event in Frankfurt, Germany in September 2017.
Battening down the hatches
Andrey Nikishin, Kaspersky’s head of future technologies projects says vehicle manufacturers have started to pay closer attention to security since Kaspersky demonstrated how even infotainment system vulnerabilities on a Jeep could be used as a means of compromising its safety systems.
“We look at the security of connected cars through the prism of safety,” he says. Asked what consumers should be asking when buying a connected car, Nikishin says the key thing is how private data is handled. “BMW, for example, has introduced in-car payments for fuel. That’s sensitive data that needs to be protected. Also, a lot of telematics data – like how you drive, your insurance information and so on – should also be treated as private.”
He says business customers need to ask those same questions, along with additional ones concerning fleet management. “Can routes for lorries be altered? Can the taxi fleet be tracked? Can the tracking data be cheated? With an SCU we can provide not just secure storage, but also secure channels to communicate with cloud infrastructure.”
Nikishin says most cars will be “fully connected” within the next decade, with autonomous ones relying heavily on two-way communications. “So providing secure communications is very important. Most of the modern cars are like computers on wheels already, but this is only going to ramp up.”
Kaspersky expects to have its first SCU clients by the end of the year and Nikishin says the solution can be implemented quite late in the design process, so might show up on cars sooner than consumers expect. Also, because the lifecycle of a car is more like that of white goods than consumer electronics, he says Kaspersky will support the units for the entire duration of the lifecycle in the same way it supports long-life industrial infrastructure.