8. Failure to keep up with the latest security patches and updates: As new threats and attacks are discovered, the only effective solution is to ensure that the platforms can be easily and securely updated once deployed into the field. Many of these updates are delivered through supplied software, components and systems which rely upon wireless communications networks connected to personal computing devices, with their own inherent security challenges.
9. Inadequate key management processes: Although most automotive manufacturers use key management systems for the management of cryptographic keys, some still use a manual process, limiting their usefulness and hampering security.
10. In Vehicle Infotainment (IVI) vulnerabilities: Innovations in vehicle entertainment systems – everything from satnav to high-definition streaming media – bring benefits to drivers, but these platforms increasingly provide services that make use of sensitive data and are security-critical to vehicles and end-users. Both Android and Apple offer infotainment systems and vehicle-centric app stores, and there are opportunities for combining applications like payment and social networking with more vehicle-centric needs, such as tolls, parking and journey planning. Linking these worlds introduces new possibilities, but it also brings with it the threat that app-centric malware could attack the automotive platform.
The industry’s rapid transformation towards autonomous, connected, electric and shared (ACES) mobility, and the rise of high-bandwidth 5G connectivity, is enabling auto makers to deliver new in-vehicle services and rich content. These increasingly sophisticated digital cockpit systems will bring new, personalized digital experiences for drivers and passengers – but also create security and content-protection challenges that must be addressed with proven trust. With cars having such long life-cycles compared to other smart devices, innovative OEMs and Tier 1 vendors must build connected car architectures with long-term security at their core.
About the author:
Ben Cade, is CEO at Trustonic - www.trustonic.com