Solution Briefs for Automotive

Issue link:

Contents of this Issue


Page 0 of 1

Solution Brief | for Automotive for automotive Connected vehicles are commonplace Connected vehicles are now available from most manufacturers. Latest research estimates the global connected car market to increase 40% from 2016 to 2021 1 . Great for consumers, but from a security perspective, this increase in connectivity represents a growing attack surface. Utilizing an app to interact with a connected car is becoming as ubiquitous as a metal key. Unfortunately, this convenience comes at a price — apps downloaded from public app stores are easy targets for bad actors. New threats require new solutions While the industry's Automotive Information Sharing and Analysis Center is developing best practices for connected car security, they do not prescribe specific technical or organizational solutions. Although a set of industry best practices is a good first step, these high-level guidelines aren't requirements and take time to implement. In order to address the serious threats facing today's connected cars, auto makers and commercial car companies must reconsider their approach to app security. Protecting a moving target Connected car apps are equally vulnerable to attacks as any other app downloaded from a public app store. Without code protection, connected auto apps can easily be reverse engineered to steal code, intellectual property, personally identifiable information (PII), or give cybercriminals a way to communicate with back office systems. If the integration between a smartphone app and the Human-Machine Interface (HMI) of a connected vehicle is compromised, it can be used as a gateway to everything electronically tethered inside and outside the connected car. Once an app is compromised, it can provide access to vehicle controls, including locks and ignition, voice recognition, dashboard buttons, navigation, and in extreme cases, computer-controlled throttles, steering, braking, and other autonomous vehicle operations. Breached applications yield control of external services such as infotainment, insurance, and banking accounts which can then be exploited for follow-on fraud. Mobile app-level protection is critical Attackers vary from lone wolves to nation states — all with varying motives, but they all share a few common traits: they are relentless, and they are ever evolving their attack methods. The potential for loss is high: business reputation, brand, financial loss, and most importantly, customer safety. Coding best practices and traditional software protections cannot provide adequate protection against determined bad actors employing reverse engineering methods to attack apps. What is required to protect today's connected automotive mobile apps is a layered approach that can secure app code from reverse engineering attacks and be applied during the DevOps 1 Statista Digital Market Outlook

Articles in this issue

Links on this page

view archives of Solution Briefs - for Automotive