Cybersecurity In The World Of Automotives: Protecting Users In An Era Of Connected, Intelligent Mobility

By Deepak Samaga

The automotive industry is experiencing a significant transformation, unlike any other in its past. Gone are the days of solely relying on occasional software to support basic mechanical machines - the new norm is software-driven, cloud-connected digital platforms. Popular features like ADAS, connected car services, smartphone integration, and over-the-air (OTA) updates are quickly becoming mainstream in all markets, revolutionising the way users engage with their vehicles.

With increased connectivity comes heightened vulnerability to cyber threats. The contemporary vehicle is now integrated into a constantly evolving digital world, making cybersecurity essential for ensuring user safety, privacy, and trust.

Expanding Attack Surface: What Modern Users Are Vulnerable To

As vehicles continue to interact with external devices, infrastructure, and cloud systems, this creates numerous opportunities for malicious actors. Some primary concerns involve:

Connected Apps and Smartphone Integration

Users depend on mobile apps for remote lock/unlock, vehicle status, route planning, charging control, and more.

Risk: There is a risk that compromised phones or insecure apps could give attackers indirect access to the vehicle.

ADAS & Sensor Systems

ADAS and sensor systems are essential components in modern vehicles. They play a crucial role in ensuring the safety and efficiency of driving by providing real-time data and assistance to drivers. These systems use various sensors, such as cameras, radars, ultrasonic sensors, and LiDAR, to monitor the surroundings of the vehicle and assist in detecting potential hazards.

Risk: One potential risk is the manipulation of sensor data or spoofing, which has the potential to hinder important functions such as lane assist and collision avoidance.

In-Vehicle Networks and Interfaces

CAN and LIN, being legacy protocols, were developed without considering security implications.

Risk: If a perpetrator gains access to a non-essential system (such as an infotainment system), they could then make efforts to infiltrate essential safety-focused electronic control units.

Over-the-Air Updates

The introduction of OTA has completely transformed vehicle maintenance, yet it also creates a way for remote entry.

Risk: Unauthorised firmware, cloned update servers, or attacks that result in the rollback of updates.

Personal Data Stored in Vehicles

Vehicles keep track of navigation records, contacts, vocal preferences, and multimedia logins.

Risk: There is a potential risk of sensitive personal data being stolen, whether through physical means or remotely.

The ever-growing risk environment highlights the importance of cybersecurity, shifting it from a technical matter to a critical safety precaution for all users.

How can Users Protect Themselves?

As automotive cybersecurity frameworks continue to be strengthened by both OEMs and regulators, it's important to recognise the crucial role that end users also play. Some practical safety measures for the users:

• View the Vehicle as a Digital Device: Use robust passcodes for internet-connected services. Utilise multi-factor authentication where available
• Ensure the safety of your smartphone, as it serves as the main access point. Ensure that the mobile operating system remains up-to-date on a regular basis
• Do not access connected car apps on shared or public devices
• Before selling or servicing a vehicle to an outside party, make sure to disable any app access
• Steer clear of unofficial third-party add-ons that have not been verified
• Avoid the use of aftermarket OBD devices, unauthorised apps, or non-approved telematics systems, as far as possible, as they may create security weaknesses
• Be sure to promptly install any OTA updates. OTA releases frequently include security patches as well. Ensure that update notifications come from authorised OEM sources
• Manage Digital Privacy Settings. Check the authorisations given to applications and linked services.
• Prior to leasing, transferring ownership, or passing on the vehicle to another individual, make sure  to erase any personal information

By following these simple steps, users can significantly decrease their risk level.

Industry Developments: The New Layers of Automotive Security

In response to ever-evolving threats, the industry is adopting multilayered cybersecurity strategies.

• Secure Vehicle Architectures: Making  the transition to zonal and service-based architectures, incorporating ECU isolation, communication firewalls, and secure gateways
• Regulatory and Standardisation Momentum: The drive towards regulation and standardisation is gaining traction. Regulations like ISO/SAE 21434 and UNECE WP.29 R155/R156 mandate the implementation of cybersecurity measures throughout the entire lifespan of a vehicle
• Hardware-Backed Security: Hardware Security Modules (HSMs) are becoming more common in ECUs, as they offer a range of security features such as encryption, secure boot, and authenticated updates
• Intrusion Detection and Response Systems: Utilising cutting-edge techniques such as anomaly detection, AI-driven intrusion detection, and cloud-integrated threat intelligence for real-time surveillance
• Secure Development and Testing via Digital Twins: Sophisticated virtualisation and digital twin environments are being utilised to pre-approve OTA software, replicate cyberattacks, and detect vulnerabilities beforehand

The industry is moving from a reactive approach to proactive cybersecurity-by-design, which is crucial in an ever-changing landscape of automotive software.

Cybersecurity As Foundation Of User Trust

With increasing levels of autonomy, connectivity, and reliance on software in vehicles, cybersecurity is becoming a backbone of user safety and a symbol of trust. The future of mobility will be shaped not only by innovation in electrification or autonomous driving but also by the industry’s ability to protect users’ digital lives.

In today's world of automotives, cybersecurity is now a fundamental requirement rather than an afterthought. The ultimate measure of responsible innovation will continue to be ensuring the safety and security of users.

(The author is the Vice President of Business Development at Vayavya Labs Pvt. Ltd)

Disclaimer: The opinions, beliefs, and views expressed by the various authors and forum participants on this website are personal and do not reflect the opinions, beliefs, and views of ABP Network Pvt. Ltd.