The Security Risks of Connected Vehicles
March 11, 2024
It resembles a scenario from a Fast & Furious movie: hundreds of connected vehicles controlled by a malicious actor without the owner’s knowledge or consent… a bit farfetched? Or is it? Recently, the US Department of Commerce issued a notice of proposed rulemaking that will launch an investigation into the National Security risks posed by connected vehicles.
“Smart cars” gather every manner of sensitive information with the intent of making the user experience more customized to the individual driver. Drivers and passengers can link smartphones to vehicle infotainment systems, expanding access to personal and sensitive data. Modern vehicle infotainment systems use Wi-Fi, Bluetooth, USB and cellular to connect drivers to their vehicles technologic environments. These interfaces represent access points to hackers. Vehicle manufacturers lag in integrating robust cybersecurity measures into vehicle data systems. This facilitates easier access for hackers to personal information compared to traditional avenues like desktops and laptops.
Consumers expect seamless, timely over-the-air updates and bug fixes for vehicle systems with minimal user input. Modern vehicles essentially consolidate systems often manufactured by numerous companies. There are a few agreed-upon standards regarding cybersecurity for the numerous systems incorporated into today’s vehicles. Even though many manufacturers follow ISO (International Standards Organization) and NIST (National Institute of Standards of Technology) standards, few Chinese manufacturers adhere to such frameworks.
The global auto industry, sourcing components from thousands of manufacturers worldwide, faces a significant challenge in validating the integrity of sub-components within vehicle operating systems. The need for manufacturers to rapidly implement new features and technologies can compromise the overall security of these connected systems. It’s important that consumers understand these vulnerabilities and take action to reduce their exposure to potential malicious acts.
Regularly updating vehicle systems ensures security updates are made to critical systems. Using strong passwords and deleting administrative passwords where possible can deter hackers from accessing vehicle systems. Deleting applications that you don’t use from smart phones and connected infotainment systems reduces access through unpatched app vulnerabilities. Consumers and dealers can further reduce personal data theft by deleting vehicle data systems upon resale. If user data isn’t intentionally deleted from the vehicle’s data-collecting systems, it persists even after ownership changes. And don’t forget integrated garage door and gate openers.
The industry is evolving to a more connected transportation network, connected EVs, self-driving vehicles, and smart safety systems that connect GPS and intervehicle coordination all increase the challenges posed by nefarious actors. The first step in mitigating risk is understanding vulnerability and how consumers can take positive action to reduce it.
To learn more about how to mitigate this risk for your dealership and your customers, contact us in the form below.
Why A2C?
Compliance is an incredibly complicated topic, but our solution is the opposite of complicated: it’s just simple. We take the complexities of information security compliance and simplify them, so you can know what you need to do, do it efficiently, then get back to doing what you do best. You’ll get everything you need from us, and that’s all – you will not be paying for extras you DON’T need. We know what we’re doing. As you begin your information security compliance journey with A2C, you can rest assured you’ll be headed down the road to compliance.
Let's Talk
Still need help? Let’s talk! You’ll learn how easy our product is to use and scale, and how we can save you time, money, and stress.
Address:
605 North Highway 169, Suite 250
Plymouth, MN 55441
Sales:
[email protected]
Support:
[email protected]