Car connectivity is becoming an expected part of the driver experience, with almost every automaker offering some degree of connected technology in its latest models. But with that connectivity comes vulnerability. As the complexity and integration of vehicle systems increase, so do the risks and security threats. A new white paper from Ixia examines the increasing number of access points available into a connected car and how to secure them.
Customers buying new vehicles have come to expect connected car technologies as a convenient feature. Connected cars link or sync into clouds and data centers, enabling easy access to smartphone and onboard apps, cloud-based apps and data, and real-time software updates. While they also increase safety through vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication, most of today’s vehicle networks were not intended to be secure, according to a conference convened earlier this year, and most vehicles have more than 50 vulnerable attack points.
The Ixia paper introduces security test methodologies that should be used to test the security of the connected car, and it raises legal issues surrounding security in a connected car: Who shoulders the risk? Automobile manufacturers? Insurance companies? Drivers themselves?
As V2V and V2I connectivity proliferates, automotive systems become more exposed, and internal vehicle networks become more vulnerable. Achieving a strong security posture for vehicles poses different challenges because:
- Modern cars can be connected to multiple networks (cellular, V2V/V2I, Bluetooth, Wi-Fi, as well as wired Automotive Ethernet), any of which may be used as a target or entry point for an attack;
- Automotive Ethernet and TCP/IP are familiar to hackers, which opens more attack opportunities;
- Automotive software cannot easily be upgraded, so once a weakness is out in the open, it is more difficult to prevent an exploit of the weakness;
- Attackers may have physical access to the vehicle, bypassing the protections built into wireless networks.
The Ixia paper says securing the connected car requires a layered approach that protects a car’s subsystems – especially any safety-related ones – in the event of an attack. It argues that optimal coverage of this comprehensive approach requires each security layer to be tested to make sure subsystems can maintain their strong security posture and resiliency to attack.
The paper also highlights Ixia’s test solutions designed to help automakers, enterprises, service providers, and equipment manufacturers optimize firewall and other intrusion prevention systems; mitigate distributed denial of service (DDoS) and other attacks; and validate and harden 3G and 4G/LTE networks under realistic conditions.
Read the white paper now to learn more.