Tuesday 18th June 2019

Farewell to hardware: the future of connected car security

Published on July 6th, 2018

Sam Shawki, CEO, MagicCube, writes about how the need to protect data about drivers and vehicles’ performance grows with each connected car that hits the grid – indeed data security in connected cars can literally be a matter of life and death. What must we do to protect it?

By 2020, one out of five vehicles will have some form of wireless network connection. Inside each car sits a tangled network of subsystems – attack such as for infotainment, braking and in-car payments – that are vulnerable to. These electrical components are linked to each other, to a central electrical components unit, and back to the outside world through the driver’s mobile device, or directly via other network interfaces.

They are typically protected by hardware from different suppliers with different compatibility challenges, while others have no security enforcement. This is a concern – imagine the consequences if a malicious hacker penetrated the system of a connected car and took control of it, which has happened as far back as 2015.

The pace of innovation is far outstripping today’s security infrastructure. As we are witnessing the advent of autonomous and connected vehicles, and different devices are being connected to them, securing the connected car’s ecosystem through hardware won’t suffice – although right now, that is predominantly how security is addressed in this market.

Seeking software solutions

Software could hold the solution to this increasingly critical problem. Certainly, there is no shortage of examples of software transforming entire industries, such as Netflix wiping out Blockbuster, and Spotify and iTunes disrupting the way we listen to and buy music. Now connected cars need breakthrough software-based solutions to protect consumers’ data and deliver effective results, but there are some big challenges.

Each connected car subsystem presents its own unique issues. They include upfront material costs, complicated hardware integration and expensive after-sales updates. Still, the list is perhaps less daunting than previous generations of car subsystems that have been limited to hardware. Their long list of limitations includes licensing, incompatibility, specific manufacturer’s requirements and more; as market intelligence firm IDC explains in its recent whitepaper, “hardware-centric solutions have a higher materials cost, and the complex deployment model results in higher operational costs.”

To get away from the complexity and constraints associated with hardware, more and more creators of subsystems are turning to device-independent, hardware-grade security, so that they have regain control of their own apps’ security. This demands well-crafted software that works across platforms and devices, so that the applications can communicate and transact seamlessly. Software-based solutions will also allow a faster and cheaper response to attempts to exploit vulnerabilities. New security features will generally be deployed over the air with a simple software update.

Sam Shawki

Act, no permission required

Not only is software more efficient, cost-effective, and quicker to deploy, it can also level the playing field. Providers can own their solutions end-to-end, without having to ask permission or strike agreements to access and use security hardware in the user’s device.

This is because software can be easily integrated into an app using APIs, in contrast to most hardware-based security where has a long and cumbersome integration cycle. Software is also easily scalable, so companies can provision millions of devices in minutes, not months.

The time has come to bid farewell to costly, impractical, restrictive technologies and to embrace the future. To fully adopt tomorrow’s innovations in automated and autonomous vehicles, we need to be confident that they are safe and secure. Our challenge is clear: develop secure software solutions to replace what is quickly becoming an antiquated approach.

As we progress into a truly connected world, connected cars’ security needs to be at the forefront of all aspects of the application value chain. Consumers want peace of mind and businesses need to be confident in the safety and security of their connected vehicles. To meet these needs and expectations, application providers will need to think seriously about how software can solve the many challenges associated with securing connected vehicles.

The author of this blog is Sam Shawki, CEO, MagicCube

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow