CONNECTIVITY AND VEHICLE SECURITY – DO THEY GO TOGETHER?

Vehicle manufacturers are faced with diametrically opposing demands, the need for ever increasing connectivity in vehicles and the significantly increased threats to vehicle security from cyber criminality.

 

The conflicting requirements that vehicle manufacturers, regulatory bodies and infrastructure providers (aka mobile network providers) have to weigh up and agree a way forward prompts the question, “In future, will motor vehicles remain a (relatively) safe space and comfortable form of transport or mutate into mobile bots?”

 

There are great new possibilities opening up with a multitude of functions and applications on the horizon. Developments are moving on at pace in the fields of infotainment and road-safety improvements. Manufacturers are expanding the networking capability of vehicles to allow the use of apps to facilitate vehicle-to-vehicle communication. The trouble is that even the current crop of vehicles, with relatively limited connectivity, are already susceptible to manipulation.

 

Hacked off

 

For example, it is a well-known fact in the industry since 2002 that GPS-based navigation devices can be manipulated. A ‘satellite simulator’ can overwrite the GPS signal that is used by the navigation system to determine the vehicle’s location. Using this method, vehicles can be intentionally diverted from their actual destination.

 

Traffic messages displayed on the navigation devices are also affected. The Traffic Message Channel (TMC), which is normally used to display traffic jam reports or other information, can be manipulated to this end. The problem is that the TMC channel is not protected and a false traffic message can be sent easily enough to a device via the FM radio signal.

 

Data theft

 

Yet another vulnerability is the Tyre Pressure Monitoring System (TPMS), which has been mandatory for all new vehicles sold in Europe from the end of 2014. Each pressure sensor in the TPMS system has its own ID, which can be scanned and read out.

 

Information about the location of certain sensors, i.e. vehicles, could be used to draw up user profiles. A list of times that certain cars arrive at or leave company car parks could be created, for example, without the vehicle owner’s knowledge.

 

The examples given represent a small sample of the potential for unwanted data gathering or manipulation today, using just existing technologies and capabilities. A much greater degree of digitisation is on the cards, which will be implemented in coming vehicle iterations.

 

At the latest when vehicles start to communicate with each other, when steering wheel movements are completely digitalised and ever more individual functions are controlled by smartphone is when manipulations of vehicle systems can have very serious consequences. Manufacturers such as Daimler already have apps, for example, the Mercedes me app that allows the driver to remotely lock or remotely park the vehicle using their smartphone.

 

But what about ever greater integration of the smartphone in the latest generation of cars? Previously, only the audio channel, i.e., music or phone calls, could be accessed through the in-car entertainment system via cable or Bluetooth connection. When using Apple Carplay or Android Auto, the applications, such as Facebook, still run on the smartphone with the car providing the entire user interface, i.e., the screen, speakers, microphone, aerial and controls. The familiar social media or infotainment applications are simply displayed in the car.

 

Data sovereignty

 

Premium manufacturers are building mobile phone interfaces into their cars and offering their own networked navigation, eCall, roadside assistance and other services. At the moment, the manufacturers use operating systems which only permit their own applications to run. The manufacturers can thus access the car’s operating data and transfer it to their own servers, e.g., for their roadside assistance. The customer can access these servers via the manufacturer’s app for their car and check whether the windows are closed or the battery is already fully charged, for example.

 

The advantages offered by such developments do, however, have a downside. The vehicle owner must sign a data-usage contract with the manufacturer in order to use these services. The integration of the networked applications in the car means that the customer can only obtain services from the manufacturer.

 

And this is a problem for third-party service providers. For example, a competing provider who wants to offer a service and cannot access the data in the customer’s car because the owner has signed an exclusive contract with the manufacturer.

 

The contract excludes any other service provider and this is why it is crucial that consumers have sovereignty over their data. In future, consumers must be free to decide how they want their data to be handled. It is important that consumers can chose a provider free from being tied to the vehicle manufacturer for services related to vehicle maintenance, for example. The car companies must allow third parties access to data from the car so that competition is not snuffed out.

 

Bricked

 

But the problems don’t just end with data access, there are also other less obvious and less immediate problems on the horizon. For instance, what if manufacturers discontinue IT support for vehicles long before they have reached the end of their ‘mechanical’ life. In the same way that updates to mobile phone operating systems has led users to accuse phone manufacturers of ‘bricking’ (rendering useless) phones, a vehicle could be ‘bricked’ simply by having an unpatched vulnerability in its operating system.

 

Update unavailable for this model!

 

It is also unclear as to what extent the vehicle and all of its functions would remain usable. International regulation is required in this area to ensure that software is updated and patches created for software over and beyond the planned lifetime of the vehicle. In the same way that the supply of replacement parts must be guaranteed by the manufacturer for at least ten years after production of a certain model has ceased.

 

Safety improvement

 

A major positive aspect of connected cars is that they can improve road safety. Currently, communication from vehicle to vehicle is very limited. Vehicles can often only communicate with other vehicles from the same manufacturer or the same model. The long-term vision is that all cars will not just communicate with each other but also with non-motorised road users and with traffic lights and traffic signs, etc. Networked communication in this form could revolutionise road safety and largely prevent accidents. But despite promising developments, early tests with heavy goods vehicles are proving just how difficult, for instance, even a simple ‘tethering’ system can be to implement under real-world conditions.

 

Driven to distraction

 

On the one hand, new cars are easier to drive but, on the other hand, the number and complexity of assistance systems and features are ever increasing. Additional stimuli or information, regardless of whether the input is coming from a passenger, the radio, an assistance system, telephone or a networked application in the car, places the driver under additional stress and can be a distraction too many!

 

In the same way that manufacturers prevent the driver from watching television or video on integrated displays when the vehicle is in motion, there is an understandable urge to limit the amount of information a driver can be confronted with when the vehicle is moving. Mobile phone use has been outlawed when driving, except in hands-free mode, in many countries. Applying the same principles, i.e., limiting the range and number of functions that can be accessed by the driver whilst the vehicle is in motion would seem an obvious and desirable outcome.

 

However, it is irrelevant whether a vehicle is connected to network or not, as the connection does not correlate to greater distraction. The decisive factor is the design of the user interface. Ideally, information should be prioritised and, if necessary, suppressed via workload management. Limiting the degree of input is in this way means that the driver only receives appropriate levels of information so that they are not distracted whilst driving. In practical terms, drivers must decide for themselves which sources of information they can and want to use while driving. Manufacturers should ensure that only indispensable operating actions can be carried out while driving; adjusting most of a car’s settings should only be possible when the car is stationary.

 

Time will tell

 

As ever, only time will tell if the advances in connectivity bring more advantages than disadvantages but now is the time when manufacturers and regulatory bodies must join forces to ensure that any advances are not wiped out by negative consequences. From the security of 5G networks to the IT security in the vehicles themselves, a lot of debate and a robust regulatory framework is needed in advance or else the future of mobility could be significantly affected.