4. Manipulation of safety-critical systems: There is the potential for hackers to take control of safety-critical aspects of a vehicle’s operation - for example, by compromising the cruise control system to manipulate steering and braking.
5. Mobile application security vulnerabilities: As more mobile apps are released by manufacturers for communicating with vehicles, the more these become a target for bad actors. For example, in the case of the Nissan Leaf, security testers demonstrated how they could gain unauthorized access to control the heated steering wheel, seats, fans and aircon remotely. In an electric vehicle, this can drain the battery and render it immobile. According to Gartner, 75% of mobile applications fail basic security tests. The number of security vulnerabilities in the Android and iOS mobile operating systems are also a source of concern.
6. Lack of “designed-in” security: The automotive industry has little historical experience of dealing with cybersecurity risks and this has become evident from the lack of security built into many of the software and hardware components in the first generations of connected cars. Furthermore, there appears to be a lack of adequate education about secure coding practices and rigorous security testing, much of which takes place too late in the product development life-cycle. And, to cut component costs, some safety-critical and non-safety-critical functions may share resources (processor cores, physical connectivity or internet access). Designing from the ground up, from the perspective of a hostile environment, is the only way to build “Secure by Design” systems that will be robust in the long term.
7. Security vulnerabilities in the complex supply chain: Automotive manufacturers rely heavily upon third party vendors to supply systems, software and hardware components for their vehicles. However, unless auto manufacturers impose rigorous cyber-security requirements on their tier 1 and 2 suppliers, they run the risk of introducing security vulnerabilities via these components. Counterfeit components can also enter the supply chain, threatening safety by reducing wear ratings, overriding safety limits etc. Any component responsible for primary activities, such as braking, clearly needs to meet the highest standards of security.