Untangling the maze of connected vehicles before taking a plunge
New Delhi: In 2015, the public went into a frenzy when all of a sudden a Jeep Cherokee, began blasting out freezing air through the air conditioning system, the car’s radio switched station on its own, the windshield wipers turned themselves on with wiper fluid spurting across the windshield, and then the car ran itself off the road. Looks like a ghost movie scene?
No, it’s not a movie, but the first instance of car hacking when researchers had remotely exploited a zero-day vulnerability in the vehicle’s uConnect infotainment system, which permits drivers to connect to a car via a mobile device and take over the control.
In-vehicle-infotainment systems are ecosystems comprising of third party apps to leverage and interact with information and services from the connected vehicles over-the-air which makes them vulnerable to cyberattacks.
According to a McKinsey ‘Connected Car Consumer Survey’ the number of reported incidents on cyber-attacks on the global automotive transportation system has grown six-fold in the four years from 2015 through 2019. The alarming rate at which these attacks are gaining pace reflects that it’s time for an automotive cybersecurity wake-up call.
By 2024, globally more than 300 million vehicles on the road will be capable of receiving centralized updates.Vishak Raman, Director-Security Business, Cisco India
In the recent past, many instances of hacking came forward like, Tesla Model 3 autopilot system getting hacked, or a breach in a connected alarm system that could enable hackers to steal vehicles, or numerous infotainment, telematics and ECU vulnerabilities that could allow BMW vehicles to be compromised. In the Nissan leaf scenario, attackers gained direct remote access to the in-vehicle network of an entire fleet around the world.
According to a market intelligence report by BIS Research, the global automotive cyber security market size is expected to be valued at $1.26 billion in 2019 and is anticipated to grow at a CAGR of 14.25% during the forecast period to reach $6.03 billion by 2029. As per Raman, “cloud is going to play an important role in this. The cloud security is the fastest growing segment in the automotive cybersecurity market and is growing at a CAGR of 29.4%.”
Talking to ET Auto, on why cars need to be secured, Vishak Raman, Director-Security Business, Cisco India, said, “A connected vehicle is as good as an IoT endpoint. It’s giving loads of customer information, financial information and other data about the driver’s behaviour. From data point of view, 90 minutes of connected vehicle driving generates 4TB of data (data in transit ), It’s huge and it needs to be secured. ”
Further, elaborating upon the main pain points of these cyber-attacks, he said, “ E-Call & Infotainment are the top attack vectors in a connected vehicle which pave way for potential risk of spoofing access to vehicle-to-vehicle, ECU (Electric Control Unit) tampering, driving route information – disclosure, malware infusion and possible leak of ID/password.”
By 2024, globally more than 300 million vehicles on the road will be capable of receiving centralized updates. Vehicles will be capturing and sharing many types of data, including geolocation, vehicle performance, driver behaviour, and biometrics data.
Now a days cars have over a million lines of codes, for example Ford pickup F150 has 150 million lines of codes which is much higher than aircrafts. Boeing 787 has only about 7 million lines of codes. Every line of code poses an additional threat.
This will ensue into the market for software in automobiles to explode, according a report software content market size for only passenger vehicles will grow more than three-fold to $1200 billion by 2030 from about $280 billion now.
According to worlds’ leading auto parts maker Continental, the industry’s software sales amount to only $280 billion and sales of services come to only $30 billion. In the next 20 year the service is expected to surge to $1500 billion.
Thus, computer programs will bring in much more revenue. Sales here will increase tenfold compared to $2,700 billion in and around the car.
In contrast to this, hardware is estimated to grow marginally in terms of market size to $2800 billion by 2030 from $2470 billion now.
The other major disruptive advantages that connected technology brings along includes the real-time data sent from vehicle sensors that can identify problems early, and enables predictive analytics. This can allow companies to get out in front of potential warranty and recall issues.
But this has spurred a global debate on who owns data of the public held by connected vehicles and if released in the open in an anonymised fashion could harm the users.
Raman clarifies, “When you sign up to these connected cars, there is an end user acceptance where they give you a choice of whether this data will be consumed by servers, just like when you buy a cloud service. The user acceptance is required before the data to be shared.”
Recently, Continental AG’s CEO Elmar Degenhart asserted that the data should be owned by public or user.
The connected car market in India is at nascent stages. Currently only 2% of cars in India are considered connected cars and vehicle security has started evolving. The demand for connected car services is expected to grow exponentially in India and mirror the global growth trends.
This will create a great growth opportunity for automotive cyber-security in India. “The market is picking up. If you look at the recent devices which is coming into the Indian market,” Raman added
In India, the value of connected mobility market could reach the size of $3 Billion USD by 2020 in India according to a report by Cisco.
Talking about the measures to combat these cyberattacks, Raman concluded, “ The connected vehicle market is coming out with their own standards for connected vehicle protection like SAE J3061 (Cybersecurity Guidebook for Cyber-Physical Vehicle Systems), Auto ISAC ( Automotive information sharing & Analysis Center ) and NHTSA ( National Highway Traffic Safety Administration).
If the developed countries like the US is suffering from such a vulnerability, then what happens to countries like India where digital crimes are rampant. India’s automobile testing agencies like ARAI and iCAT have not yet thought of building any capability for the testing and validation of digital technology. It is still struggling to attain the traditional – crash and emission norms.