The connected car is one of the central mobility topics. Numerous vehicle models from different manufacturers are already online, and in a few years the permanent connection between the vehicle, the systems of the manufacturers, other service partners and the internet will be standard. However, this also creates new dangers, because as cars become more and more rolling data centers, they are also exposed to the threats that are now common in IT. Security experts clarify which attack vectors are particularly important in the connected car.
Attacks Via Media Interfaces
Modern vehicles have numerous media interfaces, for example Bluetooth, USB or WLAN hotspots; Users can use it to make phone calls, stream music, chat on Facebook or read emails; Attacks can be carried out using these means using simple means and standard tools, for example by injecting malicious code through infected media files or downloading it through applications in the vehicle. At best, the patching of the media components are only carried out as part of an inspection. The vehicle manufacturers rely on the services of the provider, since these are not part of their core business.
Attacks On Systems Through The Web
Vehicle control units and head units from various manufacturers are already extensively exchanging data with manufacturer and internet services. About location, destinations, open windows and doors, service data or damage events. Relevant information can often be called up through vehicle apps on smartphones and web browsers. This also creates a central point of attack on vehicles. From a security point of view, there is the advantage that these systems are operated by most manufacturers as classic IT systems, so that they are also subject to the IT processes and are therefore regularly patched. The applications naturally have the same problems as other IT applications; Continuous security testing and a risk-adequate architecture are therefore essential.
The digitalization of driving inevitably brings a new topic for IT security into the world. Cyberattacks on vehicles were previously individual attack scenarios. In the foreseeable future, this will be just as much a part of everyday security as ransomware or attacks on web servers. It is therefore important to take suitable measures against this threat.