Securing Your Drive: Vulnerability Assessment & Architecting Security Solutions

By Krish Kupathil, founder and CEO of Mobiliya

connectedcar-logoThe recent WannaCry attack that hacked into some of the largest digital systems globally proved that anything digital can be hacked at any time. This rings alarm bells particularly for the automotive industry, which has seen the biggest technological transformation in the form of the connected car and the emergence of fully autonomous vehicles. A research report by Business Insider (BI) suggests that by 2021, about 82 percent of total cars manufactured will be connected. Modern cars today are turning into computers on wheels, with millions of lines of code embedded in them. Most automakers believe that while this has opened up tremendous business opportunities, it has also made the potential for a global automobile cyberattack a very real threat. The widely publicized incident of white-hat hackers hacking into and taking control of a Jeep Cherokee, leading to Chrysler’s recall of 1.4 million vehicles in 2014, illustrates just how serious the threat is. While there has not been a WannaCry-like attack on the automobile industry yet, the threat is ever-looming and even more disastrous, as a hacking incident does not only mean the loss of data or money but can also result in the loss of human lives. Thus, it is imperative that car manufacturers and tech providers provide the highest level of cybersecurity and constantly monitor automobile software for vulnerabilities.

Securing the Connected Car: An Evolved Approach
While remotely controlling a connected car for the purpose of crashing it or driving it off road may seem far-fetched, the threat of the connected car systems compromising driver safety is not completely unfounded. Hacking into the operating system of the connected car could allow hackers to track vehicle movements, tap into conversations or monitor other data that passes through the system. Systems like IVI or entertainment systems that are connected to the outside world are the most susceptible to such attacks. Hence, it is important to have a layered approach to automobile cybersecurity to ensure that the connected car is fully secure.

1. Isolating Core Systems: To counter cybersecurity challenges, car manufacturers are looking to isolate the most sensitive car systems, such as brakes, accelerators or gear boxes. This means that these systems would be housed locally on individual ECUs and would not be compromised even if hackers gained access to other systems like IVI or navigation.

2. Strengthening IVI Security: IVI or entertainment systems are the most vulnerable systems, as they are exposed to the outside world the most. Hence, car manufacturers must deploy specialized security solutions, particularly for ECUs that are connected to external sources.

3. Deploy VAPT (Vulnerability Assessment & Penetration Testing) Techniques: Penetration testing involves conducting physical security assessments of servers, systems and network devices, probing for vulnerabilities in applications and pinpointing methods that attackers could use to exploit weaknesses and logical flaws. Security teams must wear the proverbial hackers hat to regularly conduct audits of networked systems and check for any unwanted/vulnerable software applications, the integrity of the information stored in databases and the authentication of users and devices.

4. Secure Over-the-Air Updates: Car manufacturers, along with their tech partners, should ensure that they always keep the software running in the cars up-to-date and secure. Cloud security services can deliver over-the-air updates in real time to detect and correct threats even before they reach the vehicle.

5: Secure Gateway: A secure gateway acts as a firewall that controls and manages access by external digital sources to the cars internal network. It also acts as a secure bridge between the outside world (e.g. Internet) and the cars many internal units.

According to Mary Barra, CEO of General Motors, “A cyber incident is not just a problem for every automaker in the world. It is a matter of public safety.” This underlines the fact that a cyberattack on automobiles is imminent and its severity and nature remains unknown. Hence, it is vital for auto manufacturers and their tech counterparts to proactively deploy security measures instead of waiting for an attack to happen.

About Mobiliya
Mobiliya is a global IT services and engineering company enabling digital transformation for the worlds leading organizations through disruptive technologies. The company specializes in next-gen technology consulting, system integration, solution development, deployment and security. The company’s end-to-end services in niche engineering areas, coupled with an innovation-intensive approach, spearhead the success for Mobiliy as customers and employees. With a quickly growing global team of over 400 people, Mobiliya steers advanced technologies like artificial intelligence, deep learning, robotics, blockchain, augmented reality and Internet-of-Things. Based on the strong foundation of its core software engineering capabilities, Mobiliya is setting and realizing technology benchmarks for its customers in industries including: automotive, healthcare, energy, insurance, telecommunications, logistics and more. For more information, please visit www.mobiliya.com

About the Author
Entrepreneur, thought leader, speaker and innovator Krish Kupathil juggles diverse roles with great finesse. As the CEO, Krish has been at the helm of affairs at Mobiliya since its inception and is spearheading company’s global strategic growth through disruptive technologies and niche engineering in the IT industry. He has been responsible for pivoting the company to new emerging technologies and developing intellectual property owned platforms.

A qualified Chartered Accountant with a heart of a techie, Krish brings in more than 25 years of experience in building and growing companies and new markets. Over the years, Krish has successfully formulated and executed long-term strategies and led the company’s passion for building innovative products and developed strong customer relationships. He has been the chief architect in building teams that deliver proven solutions to solve customer challenges.

Comments are closed.