CyberTalk

Electric vehicle cyber security risks and best practices (2023)

Micki Boland, Cyber Security Expert and Evangelist and Antoinette Hodes, Global Solution Architect IoT and Evangelist

Micki Boland is a global cyber security warrior and evangelist with Check Point’s Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology, and innovation. Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and an MBA with a global security concentration from East Carolina University.

Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the cyber security industry.

If you own an electric car or might purchase one in the future, this article is a must-read. In this fascinating interview, experts Micki Boland and Antoinette Hodes shed light on little-known threats to connected vehicles (and their owners). They discuss possible attacks on EV charging systems, which could leave drivers stranded, the risks associated with over-the-air vehicle updates and large-scale data privacy issues. Discover in-depth real-world insights and actionable connected car security best practices from true (and truly talented) technical experts.

Help our readers understand – Aside from the cool factor, what is the real value in developing connected vehicles, given the wide range of security threats and privacy concerns that come with this new territory?

The automobile industry is witnessing a groundbreaking revolution with the advent of electric vehicles, EV’s. These vehicles, equipped with advanced internet connectivity and integrated technologies, are reshaping the way we drive; optimizing safety, efficiency and convenience. The connected car has become a network of its own with all those connected assets, expanding the EV footprint and attack surface. EVs represent remarkable benefits, both to drivers and society as a whole. Allow me to highlight a few.

Enhanced safety measures

One of the most significant advantages of EV’s is the integration of advanced safety features into vehicles. These vehicles rely on a network connection to collect and exchange data with other cars, infrastructure and even pedestrians. This allows them to proactively detect and avoid potential collisions, reducing the number of accidents on the road. Additionally, EV’s often come equipped with technologies such as lane departure warnings, blind-spot monitoring, adaptive cruise control and automatic emergency braking, further ensuring passenger safety. Those systems require preventative security controls, ensuring reliability.

Improved efficiency and sustainability

EV’s are key players in promoting sustainability and reducing carbon footprints. By leveraging real-time traffic data, these vehicles can suggest the most optimal routes, minimizing time spent on the road and reducing traffic congestion. Moreover, EV’s can optimize fuel efficiency by analyzing traffic patterns and adapting driving strategies,leading to reduced CO2 emissions and improved fuel economy. By embracing EV’s, we can collectively contribute to a greener and more sustainable future.

Convenience and seamless connectivity

The integration of internet connectivity in EV’s opens up a world of convenience for drivers and passengers. EV’s can provide personalized infotainment systems, allowing occupants to access real-time news, music and other entertainment options or streaming services. Additionally, these vehicles offer advanced navigation systems with voice commands, making it easier than ever to reach your destination hassle-free. Connectivity also, enables drivers to make hands-free phone calls, send messages and even access their smart home devices remotely. With connectivity and communication, so called V2X “Vehicle to everything” communication topics like vehicle operations management, traffic efficiency are addressed. V2X communication may utilize GPS, 5G, LTE and more.

Smart car maintenance and remote diagnostics

EV’s revolutionize maintenance and diagnostics practices. Through continuous monitoring and analysis of various vehicle components, EV’s can predict and alert drivers or service centers about potential malfunctions, allowing for preemptive repairs. This proactive approach helps prevent breakdowns, saves money on costly repairs and maximizes overall vehicle lifespan. Remote software updates also ensure that EV’s stay up-to-date with the latest technology advancements, bolstering their performance and usability. The concern here is how are EV’s updated in a secure manner, both cyber security and safety wise.

Data utilization and improved transportation planning

The immense amount of data generated by EV’s offers valuable insights for transportation planning and development. Governments and transportation authorities can analyze this data to identify traffic patterns, assess infrastructure requirements and make informed decisions regarding road expansions and traffic management systems. This data-driven approach can lead to more efficient transportation networks, reduced travel times, and improved urban planning. Car data monetization concerns still do need to be addressed.

In theory, could threat actors hijack systems to compromise core vehicle functions?

Yes “smart” vehicles, EV’s are very attractive assets. Everyday, new vulnerabilities are discovered. or example, hackers can hijack user accounts, impeding charging and even gaining access to home networks. If we take a look at Charge Points, CP’s which is using Open Charge Point Protocol (OCCP), we see that OCCP  has been found to have many vulnerabilities and exploits. Think of the absence of encryption, access control and timely vulnerability patches. Basically, OCCP is lacking security best practices.

Other examples of compromised EV’s are: The most notorious is the Jeep hack from 2015! In a  more recent event, a French team hacked a Tesla at a hacking conference in Vancouver. But it is also about EV chargers, keyless car entry here (my favorite, also really old)  here,  here, and much more!

And what about how?

 At present, why aren’t connected vehicles sufficiently secure?

The EV industry lacks standardization. The security measures in EVs have not yet been standardized across the industry. This indicates that some vehicles may have better security features than others, making it easier for hackers to exploit certain vulnerabilities. Inconsistencies in security functionalities make it challenging to implement industry-wide protections, potentially leaving certain electric vehicles more exposed to attacks.

Other challenges:

Can you explain what Over-The-Air (OTA) updates are and how they work in the context of connected vehicles?

The rapid advancement of EVs, has not only introduced accessible, environmentally friendly driving options, but has also given birth to another innovation – Over-The-Air (OTA) updates. OTA updates are reshaping the landscape of electric vehicles and  this convergence is shaping a promising future for sustainable transportation.

Over-The-Air (OTA) updates are a type of software update that can be delivered wirelessly to a device or system. In the context of connected vehicles, OTA updates allow automakers to remotely update the software of a vehicle’s electronic systems, such as its entertainment or navigation systems, as well as its safety features, such as its automatic emergency braking or lane-keeping assist.

OTA updates work by utilizing the vehicle’s built-in communication module, which is connected to the internet via a cellular network. When an update is released, the vehicle’s software downloads the update package and installs it on the vehicle’s systems. This process can happen automatically while the vehicle is parked and connected to a Wi-Fi network, or it can be initiated manually by the owner through the vehicle’s infotainment system.

The benefits of OTA updates in connected vehicles include faster and more efficient updates, as well as the ability to remotely address software bugs or security vulnerabilities. Additionally, OTA updates can allow automakers to add new features or improve existing ones without requiring the vehicle to be taken to a dealership for a software update.

In summary, OTA updates are a wireless way to update a vehicle’s software systems and can be essential for keeping the vehicle up-to-date with the latest features, bug fixes, and security patches.

What kind of infrastructure is required to support OTA updates for connected vehicles? How does that play into the security equation?

To support OTA updates, several infrastructure requirements need to be in place:

Based on your real-world experiences, can you share best practices, recommendations and/or policy suggestions?

It is important to acknowledge the security concerns that come with this burgeoning technology. Without robust security measures in place, EVs remain vulnerable to cyber attacks, theft, and other potential threats. The future growth of the electric vehicle industry relies on addressing and rectifying these security concerns to ensure a safe and secure experience for EV owners. Efforts towards standardization, improved authentication systems, regular software updates, and enhanced security features will be crucial in bolstering security measures and inspiring consumer confidence in adopting electric vehicles.

OTA best practices:

Conclusion

EVs are equipped with complex computer systems that control various functions, including acceleration, braking, and steering. If these systems are compromised, it could lead to dangerous situations, including remote control of the vehicle or unauthorized access to sensitive data. Hence, implementing preventative security measures is imperative to protect the integrity and safety of EVs.

Furthermore, Over-the-Air (OTA) technologies have revolutionized the way software and firmware updates are delivered to various devices and vehicles. OTA updates allow for remote patching, bug fixes, and enhancements, offering convenience and efficiency. However, if OTA systems are not adequately secured, they can be vulnerable to malicious attacks. Unauthorized access to OTA systems can compromise the security and functionality of devices, leading to unauthorized surveillance, data breaches, and even remote control of vehicles or technologies. Consequently, preventative security measures are necessary to protect OTA systems, ensuring their reliability and integrity.

In conclusion, EVs, CP, and OTA technologies are integral aspects of our modern society. However, their widespread adoption also brings significant security concerns. To mitigate potential threats and attacks, preventive security measures are essential. These measures will not only protect the safety and integrity of EVs, CPs, and OTA systems, but also guarantee the reliable and uninterrupted functioning of our society. Connected cars are not just vehicles; they represent a pivotal transformation in the automotive industry. The value they bring through enhanced safety measures, improved efficiency, added convenience, and the potential for data-driven transportation planning is unparalleled. Implementing robust security protocols should be a top priority to safeguard these technologies and ensure a secure and sustainable future.

Exit mobile version