The cybersecurity of connected vehicles: a race between manufacturers and cybercriminals

Today’s vehicles incorporate a number of fundamental safety systems, such as ESP (electronic stability program) and ADAS (advanced driver assistance systems). The incorporation of networked systems, particularly for infotainment or telemetry, creates new vulnerabilities that provide entry points for cyberattackers. Unsecured interfaces, insufficiently protected communication channels and software bugs are all possible attack vectors.

Cyber criminals use wireless communications to hack into vehicle systems, exploit bugs in the software and hijack certain vehicle functions. Case studies show that significant attacks are often based on flaws in vehicle software or communication systems.

A number of incidents have already revealed potential flaws in vehicles’ cybersecurity. Take, for example, the attack on some of Tesla’s models in 2020. The perpetrators were able to exploit a vulnerability in the technology used for the key cards and the mobile application, allowing them to unlock and start the vehicle. This incident underscores the importance of security for wireless communication systems and the need to constantly improve authentication protocols.

Another example is the attack on a major car manufacturer’s vehicle fleet management system. By exploiting a vulnerability in the system, the attackers were able to access sensitive data and take control of certain vehicle functions.

Manufacturers’ strategies

The automotive industry is implementing a range of security protocols and technologies to respond to these cybersecurity threats. The industry’s strategy is based on a mix of advanced technologies and proactive strategies, including new, robust encryption methods for transmitting data between vehicles and external networks. The AES (Advanced Encryption Standard) encryption algorithm ensures secure communications.

Applying software updates and patches on a regular basis allows you to react quickly to identified vulnerabilities. These updates are distributed by wireless link (Over-The-Air, OTA), a fast, high-performance solution. Intrusion Detection Systems (IDS) also enhance security by monitoring network traffic and system activity for anomalies and possible intrusion attempts to help detect unauthorized access at an early stage.

Another approach is to compartmentalize the vehicle network. Separating critical systems (braking and steering, for example) from less critical ones (such as infotainment) reduces the risk of cybercriminals accessing essential vehicle functions by passing through less protected systems.

Carmakers are also focusing their R&D investment on artificial intelligence and machine learning. These technologies assist in developing security systems that can learn and adapt to respond to new types of attack. By analyzing large quantities of data, unusual patterns and potential security threats can be identified more quickly.

Prospects and challenges

Connected vehicle cybersecurity will continue to evolve. Carmakers have no choice but to adapt to cyberattackers’ resourcefulness, while incorporating new technologies such as AI and machine learning to boost their security levels. These advances will be decisive in ensuring that vehicles operate safely in an increasingly connected environment.

Cybersecurity challenges will continue to diversify and grow in complexity, especially given the trend towards increasingly autonomous vehicles. This development calls for a rethink of the security architecture. These vehicles rely on complex networks of sensors and algorithms, which could be vulnerable to attack.

Communications between vehicles (V2V) and between vehicles and infrastructure (V2I) form another aspect of cybersecurity. These technologies, which are essential for coordinating driving and smoothing vehicle traffic flows, are creating new attack surfaces. Secure communication protocols will therefore have to be introduced to ensure that the data transmitted is protected.

Solutions will have to be found to protect not only the vehicle itself, but also how it interacts with external systems such as traffic lights, parking management systems and charging points. Regulatory requirements will also influence developments in this sector. The implementation of standards and directives for connected vehicle cybersecurity will force manufacturers to comply with a certain level of security and to check their systems regularly.

Finally, user training and awareness will continue to play a central role. Users must be informed of the risks and given the keys to understanding the functions of their vehicle that are relevant to safety, so that they can use them properly. No comprehensive security strategy can afford to overlook the importance of improving users’ skills.