You are using an older browser version. Please use a supported version for the best MSN experience.

How do you truly secure the connected car?

TechCrunch TechCrunch 15/06/2016 Oren Betzaleli

We’ve become accustomed to staying connected whenever and wherever we are. From Instagramming our exotic summer vacations to receiving alerts from our smartwatches about our next meeting — even ordering groceries via our mobile devices to skip the line — we have more than enough ways to stay tuned in 24/7.

For better or worse, the fear of missing out (a.k.a. FOMO) is real, and businesses are quick to capitalize. To integrate the connected experience into everyday situations, retail stores have installed beacons at malls to alert us of promotions. CNN and The New York Times can now alert us to the latest headline-grabbing news in real time.

A more novel and practical use case of how this is coming to life can be found in the healthcare industry. Last year, healthcare IT solution provider eClinicalWorks integrated its subsidiary, Healow (Health & Online Wellness) with wearable devices and fitness trackers. Through this integration, patient data from these wearables seamlessly integrates with personal health records. The synchronization instantly provides medical providers with the most up-to-date and useful information, taking healthcare service to the next level.

All this connectivity is great, but it has also blinded us to the associated risks of being online at all times. As 60 Minutes recently highlighted, connected devices — especially smartphones — are vulnerable to cyber attacks from hackers, so security is of the utmost importance. Just a little further down the road is the next major connected device: the vehicle. Admittedly, connected cars come with some well-founded safety concerns.

While most of us aren’t overly concerned about our phones and computers being vulnerable to the threat of a cyber attack, we cannot afford to become complacent in safeguarding our cars. The stakes are higher when it comes to our vehicles — so high, in fact, that the FBI and National Highway Traffic Safety Administration shared a joint formal announcement cautioning drivers of the increased risks that come with connected vehicles.

Like phone security, car data security is not always assured. Skilled hackers can and will find data and sell it to the highest bidder — or exploit it in other ways. Connected cars layer in an added risk to driving, as drivers’ well-being can be in jeopardy if something goes awry. While hackers generally tend to access private data and systems for personal gain, they do have the ability to take control of connected vehicles and make unexpected stops or turns, which could cause accidents.

Just last year, an experiment showed how researchers hacked a reporter’s vehicle, taking over the transmission, steering and brakes. With GSMA Research estimating 100 percent of all cars will be connected by 2035 and that 75 percent will be autonomous by 2025, there’s an immediate need to educate the public on the various facets of car connectivity and safety.

Nothing stops the hackers from continually trying to find and exploit new vulnerabilities.

Concerned drivers must be made aware of the solutions available to reduce the vulnerabilities of a connected car. There are a multitude of solution options to help protect connected cars from cyber attacks, including secured hardware components at the chip level for secured operating systems and isolation and sandboxing capabilities that network protection at different layers (e.g. firewall) — all available to assuage drivers’ safety concerns and alleviate auto manufacturers’ cyber attack worries.

However, even with all these mechanisms in place, nothing stops the hackers from continually trying to find and exploit new vulnerabilities. The only way to mitigate this ongoing risk is to enable the in-vehicle systems to learn new ways to fight back. To achieve this, connected cars need mechanisms that continuously update the vehicle software with the newest and most advanced security features. These updates can be done either manually at the dealer, or automatically over the air.

Over-the-air (OTA) updates are used in a multitude of growing technology spaces today, including GPS, smartphones, tablets and more. In fact, there are currently more than 10 million vehicles equipped with the capability to receive software updates over the air. Similar to that of a smartphone receiving operating system updates and enhancements from the manufacturer, OTA updates allow car manufacturers and their suppliers to effectively manage all software components within the connected car.

Given this capability, auto manufacturers can enable vehicles to mitigate any new cyber threats without calling the cars back to the dealers. OTA updates automatically sync with connected cars to ensure all software is current at all times, helping provide future-proof security coverage, cost savings and increased customer loyalty.

Future-proof security coverage throughout the automotive lifecycle

To keep the car secured throughout its lifecycle, we must be able to update it at any point in time. OTA updates are the most effective and efficient way to accomplish this — they keep a car safe and circumvent potential cyber attacks, providing a tremendous security advantage over other vehicles.

As consumer demand for connectivity rises in tandem with solid security needs, automotive manufacturers are increasingly adding smart components to the car development process. The added benefit of ingraining smart technologies early on is that the embedded software continuously receives updates from the moment the connected vehicle rolls off the production line to the end of the vehicle’s lifespan.

Software-related recalls have doubled within the past few years — soon they’ll match mechanical recalls.

OTA updates ensure that connected cars always have up-to-date maps and the latest cybersecurity features. Utilizing OTA, in-vehicle GPS units can quickly deploy updates of new user interface elements, maps and points of interest to the infotainment platform. Additionally, OTA-enabled vehicles have the advantage of deep-rooted analytics and prognostics, which monitor all vehicle diagnostics for optimal performance levels at all times.

Simply put, connected cars with OTA-embedded updates operate with a higher level of safety and security throughout the automotive lifespan, giving automotive manufacturers — not hackers — the upper hand.

OTA updates make life more convenient for car owners, as well. Rather than physically bringing a vehicle to the dealership for repairs or waiting for another form of manual installation for a software update, OTA updates are instant, seamless and secure, so drivers can continue riding while upgrades are made. Additionally, their monitoring capability enables vehicles to receive warnings about malfunctioning parts ahead of a breakdown.

With this, car owners are able to better service their vehicles, ensuring consistent in-person security, as well as top-notch cybersecurity. By eliminating the need for physical software transfers, automotive manufacturers now have the ability to keep vehicles safely and securely running for an extended period of time without maintenance interruptions.

Cost and time savings through reduced recalls and warranties

Recall and warranty issues tend to be quite painful for consumers and extremely costly for automotive manufacturers. It’s safe to say any innovation that prevents maintenance trips and spending would be welcomed. Software-related recalls have doubled within the past few years — soon they’ll match mechanical recalls.

Software malfunctions, such as the breakdown of GPS navigation and Bluetooth connectivity systems, are the leading cause of these recalls. In fact, of the $6.9 billion in recalls, CX3 Marketing’s research attributes 6.4 percent, amounting to $436 million, to software.

Consumers want a car that works at every point of interaction — without complications, security attacks or malfunctions.

Today, cars can have more than 125 individual software-driven electronic control units (ECU). Inside the connected car, there are 100 million lines of code, and that number is growing exponentially. Software veteran Steve McConnell says that the industry average finds approximately 15 to 50 errors per 1,000 lines of delivered code. As such, it is nearly impossible to manually catch every security flaw or breach before someone with a malicious intent finds out and corrupts the software.

Luckily, OTA updates are an innovation in car software that reduces the likelihood for recalls and guards systems against hackers and security breaches. They have key benefits, such as a small on-device footprint, enhanced operational reliability and platform- and OS-agnosticism for a solid fit with any connected vehicle system. Software updates continually reduce the level of required physical maintenance. As a result, vehicles will be protected over time and have fewer recalls and warranty issues.

Ensuring customer satisfaction and loyalty

As soon as we drive away from the dealer in our new cars, what we envision is all the amazing road trips we’ll take with friends and family. Most of us don’t picture multiple trips to the dealership to update software throughout the year. OTA updates provide customer service benefits for today’s car owners, including instant enhancements, reduced maintenance costs and an extended vehicle lifespan, which ultimately increase brand loyalty.

To roll out its new Autopilot feature, Tesla offered Model S owners with the Autopilot hardware who did not purchase the feature a 30-day, free trial. This barely scratches the surface for what’s possible. The combination of keeping customers safe through regular updates and the opportunity to try new features before making a final purchase decision will be key to fortifying customer loyalty to car manufacturers.

A recent public service announcement puts the onus on consumers to remain vigilant about their software updates, but there’s a chance connected components won’t receive critical updates manually in a timely manner. The lack of convenience involved in updating software at a dealership will inevitably result in car owners missing updates here and there.

Unlike any other connected device, avoiding software updates in vehicles gives hackers the ability to access data and/or control key car components, resulting in life-threatening danger. In the United States alone, there are 2.35 million people injured or disabled in car accidents. Situations where the driver could lose control because of malicious individuals necessitate OTA updates to protect car owners from cyber attacks.

At the end of the day, consumers want a car that works at every point of interaction — without complications, security attacks or malfunctions. Similar to that of wearables, phones and other devices, there’s an unspoken assumption for ease of use, interactivity and security with each connected experience. As we move forward with connected cars, OTA updates will serve as that invisible hand guiding drivers toward truly secure and effortless experiences on the road.

More from TechCrunch

image beaconimage beaconimage beacon