SDVs integrate advanced driver-assistance systems (ADAS), in-vehicle connectivity, and digital features that enhance user experience and safety. According to a report by Statista, the global market for ADAS is expected to grow from $57.9 billion in 2024 to $125 billion by 2029, reflecting the rapid adoption of advanced automotive technologies.
However, vehicles’ increasing complexity and connectivity have also expanded the potential attack surface for cyber threats. This increase in attacks can be attributed to the rising number of internet-connected vehicles. By 2025, there will be over 400 million connected cars in operation, a staggering number that underscores the scale of the cyber threat. The connectivity that enables features such as remote diagnostics, over-the-air (OTA) updates, and infotainment systems also presents opportunities for malicious actors to exploit security weaknesses. For instance, a study by Upstream revealed that 95% of automotive cyber incidents were carried out remotely, highlighting the critical need for robust cybersecurity measures.
The increase in cyber threats targeting connected vehicles carries profound implications for user safety, privacy, and financial well-being. The financial impact of automotive cyberattacks is not to be underestimated, with estimates suggesting that the cost of such attacks could escalate to a whooping $505 billion by 2024, stressing the urgent need for proactive cybersecurity measures.
This article delves into the top automotive cybersecurity trends for 2024. From AI’s impact on cybersecurity to the evolving regulatory landscape to the role of user behavior in securing vehicles and beyond, this article will explore the key factors shaping the future of automotive cybersecurity.
The automotive industry has lately witnessed several significant cyberattacks that underscore the critical need for enhanced cybersecurity measures.
Security researchers Charlie Miller and Chris Valasek managed to remotely compromise a Jeep Cherokee over the internet. They were able to control critical functions like steering, acceleration, and braking, vividly illustrating the potential dangers of attacks on connected car systems. This case sparked a significant conversation about car cybersecurity and led to a recall by Jeep to patch the vulnerabilities exploited in the hack. This exploitation also led to the recall of 1.4 million Fiat Chrysler vehicles, making it the first case of a car manufacturer issuing a recall in light of hacker research. While this specific hack caused no reported accidents, it starkly showcased the potential for attackers to cause serious harm by taking control of a vehicle’s systems.
In another alarming case, Keen Security Lab researchers identified a flaw in Tesla’s central server that could have allowed them to remotely access a fleet of Tesla vehicles. This allowed them to gain control of functions such as opening sunroofs, messing with climate controls, or turning off safety features. Importantly, the researchers reported the vulnerability responsibly to Tesla, and a fix was implemented before any malicious actors could exploit it. This case highlights the importance of robust security measures in cloud-based systems connected to vehicles and the role of responsible reporting in mitigating cyber threats.
The same researchers from Keen Security Lab discovered vulnerabilities in the onboard compute units of BMW cars during a year-long security audit. The vulnerabilities found in the Infotainment System (Head Unit), Telematics Control Unit (TCU or T-Box), and Central Gateway Module could allow attackers to gain local and remote access to infotainment components, T-Box components, and UDS communication, as well as control the CAN bus. BMW responded by deploying over-the-air updates to mitigate the risks and improve the security of its vehicles.
The impact of these cyberattacks extends beyond financial losses and user safety. Privacy breaches have also become a significant concern as modern vehicles collect and transmit vast amounts of data.
From integrating AI to implementing strict regulatory standards, the landscape of automotive cybersecurity is rapidly changing. Understanding these trends is crucial for stakeholders aiming to avoid cyber threats and ensure modern vehicles’ safety, privacy, and reliability.
AI is revolutionizing the automotive industry, offering significant cybersecurity opportunities and challenges. On one hand, AI enhances vehicle security through advanced features such as anomaly detection and predictive maintenance. General Motors is one of the major OEMs exploring the benefits of implementing AI into their vehicles. The OnStar Virtual Assistant responds to common user inquiries, and routing and navigation assistance systems can analyze vast amounts of data from vehicle sensors to identify unusual patterns that might indicate a cyberattack, thereby enabling preemptive measures to mitigate threats.
AI-driven systems can detect deviations in a vehicle’s normal operational behavior, alert the driver, or shut down compromised systems to prevent damage. On the other hand, the same technology can be exploited by malicious actors to develop sophisticated attacks. AI tools can be used to create highly effective malware or to automate the exploitation of known vulnerabilities. The dual use of AI in automotive cybersecurity needs a balanced approach, leveraging AI for defense while anticipating and mitigating its potential misuse by cybercriminals.
The regulatory landscape for automotive cybersecurity is becoming increasingly rigorous, with new regulations such as UNECE R155 and R156 taking effect.
Under R155, OEMs must obtain a Cybersecurity Management System (CSMS) certification that covers all stages of a vehicle’s creation, including development, production, and post-production. The certification must also be assessed and renewed every few years.
Under R156, OEMs must implement procedures for delivering secure software updates for onboard control systems, including establishing a robust Software Update Management System (SUMS).
Additionally, ISO/SAE 21434 aims to ensure the integration of cybersecurity measures into vehicle design and development, focusing on the entire lifecycle of a vehicle from conceptualization to decommissioning.
Compliance with these regulations is crucial not only for legal reasons but also for maintaining consumer trust and protecting the integrity of vehicle systems. Failure to comply can result in significant fines, recalls, and damage to a brand’s reputation. As such, OEMs and suppliers invest heavily in achieving and maintaining compliance with these evolving standards.
Generative AI tools like ChatGPT are being integrated into vehicles, offering advanced functionalities like natural language processing and personalized user interactions. These tools enhance the driving experience by providing smart navigation, entertainment, and vehicle diagnostics assistance. However, their integration also introduces new security vulnerabilities. For instance, generative AI systems can be manipulated to execute unauthorized commands or to gain access to sensitive vehicle systems. Threat actors can also use generative AI to develop more complex phishing attacks or to bypass existing security measures.
GenAI tools can also be implemented despite these risks to stop sophisticated hackers. For example, large language models can analyze vast amounts of data to look for anomalies, whether when a vehicle is usually driven or in a vehicle’s typical driving patterns. When these anomalies occur, the technology could automatically alert the owner or shut the car down.
With the rise in high-tech car thefts, new anti-theft technologies are being developed to protect vehicles from advanced attacks. In 2023, Kia and Hyundai rolled out free anti-theft software updates affecting millions of their vehicles to stop an unprecedented rise in high-tech car thefts. AI-powered security systems, for example, use machine learning algorithms to detect and respond to suspicious activities around a car. These systems can monitor real-time data from cameras, sensors, and other devices to identify potential threats and alert the owner or authorities.
Collaboration between OEMs and cybersecurity firms is essential for enhancing vehicle security and achieving regulatory compliance. By partnering with cybersecurity experts, automobile companies can leverage specialized knowledge and technologies to protect their vehicles from emerging threats.
For example, Ford has teamed up with ADT, a security systems company, to develop a vehicle security system powered by AI called Canopy. It uses AI-powered security cameras, a mobile app for remote monitoring, and acoustic sensors, with AI used to identify and report credible threats.
Similarly, rinf.tech partnered with NXP and Bitdefender to integrate advanced cybersecurity features into the NXP Orangebox, a platform designed to secure connected vehicles and help prevent malware entry into automotive subsystems. The solution helps protect software-defined vehicles from ransomware, malicious attacks, and data breaches related to sensitive information, such as payments, tracking, and navigation, and helps reduce driver safety incidents.
These collaborations enable OEMs to stay ahead of cyber threats and ensure their vehicles meet the strict requirements of new regulations.
Adopting zero-trust security principles is becoming increasingly important in the automotive industry. Unlike traditional security models that assume trust within a network, zero-trust principles require continuous verification of every user and device attempting to access vehicle systems. This approach minimizes the risk of unauthorized access by ensuring that all communications and connections within the vehicle are authenticated and verified. Implementing zero-trust security can involve several measures, such as encrypting data, employing multi-factor authentication, and regularly updating software to address vulnerabilities. By adopting these principles, automotive companies can enhance the overall security of their vehicles, protecting them from internal and external threats.
Supply chain security is critical to automotive cybersecurity, as vulnerabilities within the supply chain can be exploited to compromise vehicle systems. Ensuring cybersecurity across the supply chain involves rigorous vetting of suppliers, enforcing strict security standards, and fostering transparent information-sharing practices. Many OEMs are now incorporating cybersecurity requirements into their contracts with suppliers and conducting regular audits to ensure compliance.
Strengthening supply chain security is essential to prevent breaches that can have far-reaching consequences for manufacturers and consumers.
As vehicles become more like personal devices, users’ actions and data security practices play a significant role in vehicle cybersecurity. Educating users about potential risks and best practices is crucial in mitigating threats.
“If the user’s data isn’t protected appropriately and proper caution isn’t exercised when downloading services and applications, the user can be a direct or indirect risk to vehicle security,” – Francesca Forestieri, Automotive Lead at GlobalPlatform.
Automotive companies can enhance user security by providing clear guidance and user-friendly features, such as easy-to-use encryption tools and automatic security updates. The industry can create a more resilient cybersecurity environment by actively empowering users to secure their vehicles.
Cybersecurity standards like ISO/SAE 21434 continuously evolve to address emerging threats and technological advancements. These standards provide a framework for managing cybersecurity risks throughout the vehicle lifecycle, from design and development to production and post-production. As the automotive industry embraces new technologies, such as autonomous driving and connected vehicle services, these standards must be adapted to ensure comprehensive protection.
Ongoing updates to standards will require automotive companies to stay informed and agile, regularly reviewing and updating their cybersecurity practices to remain compliant and secure.
Secure hardware design is increasingly crucial for protecting vehicles from physical tampering and cyber threats. Integrating secure hardware components, such as trusted platform modules (TPMs) and hardware security modules (HSMs), can provide a robust foundation for vehicle cybersecurity. These components ensure the integrity and authenticity of vehicle systems by securely storing cryptographic keys and performing critical security functions.
Additionally, secure hardware can protect against side-channel attacks and other sophisticated hacking techniques. By prioritizing secure hardware design, automotive companies can enhance the overall security stance of their vehicles and safeguard them against a wide range of threats.
The rapidly evolving landscape of automotive cybersecurity presents challenges and substantial opportunities. As vehicles become increasingly defined by their software capabilities and connectivity features, the attack surface for potential cyber threats expands correspondingly. This requires a comprehensive and proactive approach to cybersecurity, including the latest technological advancements, rigorous regulatory compliance, and collaborative efforts across the industry.
The automotive industry stands at a critical point. The integration of advanced technologies and the increasing connectivity of vehicles demand a robust and adaptive cybersecurity framework.
The fact file designed by Automotive IQ highlights these trends and challenges, providing valuable insights into the future of automotive cybersecurity. By understanding and addressing these trends, stakeholders can better prepare for the challenges ahead and ensure consumers’ safety, privacy, and trust in an increasingly digital automotive world.
Let’s talk.
Recapping the 2024 State of Automotive Software Development Report, focusing on how AI and ML are reshaping automotive design.
From integrating AI and 5G to adopting renewable energy sources, fleet management tech trends promise enhanced operational efficiency and align with broader sustainability and safety goals.
Delving into the myriad possibilities that AI introduces for augmenting the functionalities of Software Defined Vehicles (SDVs), alongside the crucial challenges that need to be resolved.
