Category: Blog

5 July, 2022 . 8 mins read

Trends in the E-Mobility Industry 2022

As climate change accelerates across the globe, facilitating a fast and smooth transition into electric vehicles (EV) and electric mobility (e-mobility) is now at the top of the agenda for governments, transport ministries, and the automotive and mobility industries. With tremendous investment and efforts pouring into the transition over the past several years, we have seen significant improvements in the quality, usability, and performance of EVs and their supply equipment (EVSE).

AUTOCRYPT considers contributing to the transition to e-mobility of utmost importance. That’s why we exhibited at this year’s EVS35 (Electric Vehicle Symposium and Exhibition) in Oslo, Norway to showcase our latest e-mobility solution EVIQ and propose our proprietary security framework for Plug&Charge (PnC). Being at the event also helped us gain insights into the latest trends in the fast-evolving e-mobility industry.

2022: The Tipping Point of EV Adoption

Although it can take quite some time before all vehicles on the road become electric, EVs are dominating new car sales in many countries. Norway, the leading country in EV adoption, showed a record-high annual EV market share of 86% over the year 2021, followed by another monthly record of 92% in March 2022. At this point, about 23% of all vehicles in use in Norway are EVs. Other leading EV adopters include Sweden, with an annual market share of 45% in 2021, followed by the Netherlands at 30%, Germany at 26%, Britain at 19%, France at 18%, and China at 15%.

Although Norway is currently the only country with an EV market share above 50%, there is little doubt that other countries will quickly catch up. Looking at Norway’s EV adoption pattern, it took about an equal amount of time for the market share to grow from zero to 20% and from 20% to 90%. This 20% mark can be seen as a tipping point, where adoption begins to accelerate.

EV Market Share in Norway (% of New Car Sales)

This pattern can be explained by two reasons. The first is peer influence. Whenever a new technology is introduced to replace an existing one, a great majority of people try to wait until the early adopters have fully tested the technology before making a purchase. This effect is especially salient when making a high-involvement purchase like a car. Once one in five people (20%) start to purchase the new technology, the worries dissipate, and the general population begins their adoption. When reaching a stage where two in five people (40%) go for the new technology, people begin to feel peer pressure and refrain from purchasing the older technology due to fear of being left behind and loss of resale value.

The second reason is of course the growth in EV technology itself.

Based on this pattern, we can estimate that the EV market share in the EU (currently at 20%) will likely reach 80% in five years, and China (currently at 15%) will reach 80% in six years. These estimates do not take into consideration the accelerating growth of e-mobility technology and infrastructure so; by taking that into account, the EV market share in both EU and China could potentially reach 80% in as soon as four years.

Even in slower markets like North America, 2022 is on track to becoming a promising year. Canada’s EV market share grew from 3.8% in 2020 to 5.6% in 2021, showing great potential of reaching the 10% mark within 2022.

Widespread Commercialization of Plug&Charge and V2G Technology

The V2G (vehicle-to-grid) communication interface defined by ISO 15118 is a protocol designed for bidirectional charging/discharging between EVs and chargers. Within the standard is a feature called Plug&Charge (PnC), which enables an EV to automatically prove its identity to the charger on behalf of the driver, then exchange its digital certificate with the certificate of the charger to allow for automated payment. To enable PnC, both the vehicle and the charging station must be PnC-compatible.

The initial years after PnC’s release showed slow progress. After the Plug&Charge section was first added to ISO 15118 in 2014, not a single OEM had a functional implementation until 2018. A few OEMs began demo testing between 2019 and 2020. Eventually, some exciting results were shown in 2021. Several vehicle models – including Hyundai IONIQ 5, 2021 Porsche Taycan, 2021 Lucid Air, and 2021 Ford Mustang Mach-E – are now fully compatible with PnC. The same goes for charging stations. In 2021, both Electrify America and Electrify Canada deployed PnC to their charging networks in North America. Ionity also announced in late 2021 that all their charging stations across Europe are PnC-compatible.

Although it still seems like very few OEMs and charge point operators (CPOs) are implementing the technology, it is great news that PnC is now widely available for commercial use with mass adoption underway, and AUTOCRYPT is fully prepared to implement its AutoCrypt PnC secure charging framework to protect the personal and financial data of the driver during the PnC process, as cybersecurity has become a requirement in ISO 15118-20.

As for the bidirectional charging and energy distribution aspects of V2G, there are very few market implementations today, but the industry is making great progress. Many providers are beta testing V2G chargers capable of selling electricity back to the grid, with hope to bring bidirectional home chargers to the market in the next two years.

Elevated Environmental and Regulatory Pressure

Over the past decade, governments around the world have been using the incentive approach to encourage EV ownership. By subsidizing the costs of vehicle acquisition and e-mobility infrastructure development, EVs have now become affordable for most middle-income families. The availability of charging stations has also greatly improved.

With more climate disasters occurring across the globe, governments are now pushing forward a disincentive approach by putting regulations in place to “punish” carbon emitters. In 2020, the European Union’s Regulation (EU) 2019/631 entered into force, setting specific emission targets for OEMs. For every year between 2020 and 2024, the average CO2 emission for an OEM’s entire fleet registered in the year must be kept below 95 g/km for cars and 147 g/km for vans. If the average emission figure exceeds the target, the OEM must pay an excess emissions premium (EEP) at 95 euros per every g/km exceeded, multiplied by the total number of its newly registered vehicles in the EU in that year. To further incentivize EV production, the regulation also adds a super-credits system for low-emission vehicles with less than 50 g/km, by loosening the targets for OEMs that sell more of these vehicles.

As a simplified example, a 2.5 L gasoline-engine 2022 Hyundai Sonata has an emission rate of 182 g/km, which exceeds the 95 g/km target. If Hyundai wants to avoid paying the EEP, it must sell a lot of IONIQ 5s in that same year to both loosen the target figure (to above 95 g/km) and pull its total average figure down.

Starting in 2025, the target emission standards will become stricter and set out on a per OEM basis as a percentage reduction from their 2020 starting points, encouraging continuous progress.

Adoption of eMobility in Fleets

Electric vehicles are not only becoming popular among consumers, but many companies have started adopting EVs for commercial use. Mobility service operators were among the first to adopt all-electric fleets, because EVs today are easily capable of ranges above 350 km, well above the daily needs of most MaaS and taxi drivers. Additionally, since gasoline prices around the world nearly doubled over the past two years, the electrification of commercial vehicles has become a necessary cost-saving measure for many businesses.

A more exciting trend is the electrification of heavy-duty commercial vehicles like delivery vans, semi-trailer trucks, and buses. Only a couple of years ago, all-electric heavy-duty vehicles were considered barely viable due to technological limitations in batteries and motors. Thanks to accelerating technological growth and decreasing battery prices, heavy-duty EVs have become widely available, with over 100 models of heavy-duty electric trucks and buses in the market today.

Of course, infrastructure must also be upgraded to match the needs of heavy-duty EVs. Charge point operators are expanding their networks of high-speed DC chargers with charging speeds above 250 kW, which can charge a semi-truck in about two hours. Since time is crucial for logistics companies, charger manufacturers have also been working on Mega chargers specifically designed for trucks, namely the Megawatts Charging System (MCS). These charging systems are capable of charging speeds in the megawatts range, capable of filling a semi-truck in minutes.

Lastly, investing in an all-electric fleet also gives the fleet operator the potential of participating in V2G bidirectional charging when it becomes more available in the coming years, allowing the operator to make profits from their unused fleets.

AUTOCRYPT’s Work Towards Connected eMobility

As an automotive cybersecurity and mobility solutions provider, AUTOCRYPT plays a range of roles in bringing convenience and security to e-mobility. Starting from AutoCrypt PnC, a PKI-based security module that secures the PnC charging framework, AUTOCRYPT expanded its offerings by launching its e-mobility solution, EVIQ, an all-in-one EV information and charging platform that provides a Charging Station Management System for CPOs as well as charger locator maps for EV drivers.

To learn more about AUTOCRYPT’s e-mobility offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

16 May, 2022 . 6 mins read

Managing Automotive Software Security With the Software Bill of Materials (SBOM)

The automotive industry is evolving at an incredible pace, characterized by changes in vehicle architecture, automotive software, and user experience. No longer are automobiles a mere transportation tool, but consumers are now expecting their car to function as their smart mobile device on the road, capable of not just (autonomous) driving, but also personal computing tasks from music and video streaming to in-car payment and cloud-based functionalities. Today, drivers and passengers want their interactions with the car to be personalized, synchronized, and most importantly, effortless.

A smart mobile device relies heavily on software applications. Just like smartphones and tablets, the modern vehicle operates on hundreds of software applications with millions of lines of source code, powered by up to a hundred application processors in the forms of MCUs (microcontrollers) and ECUs (electronic control units)—and in some cases, a couple of centralized CPUs. Whereas conventional vehicles are largely evaluated by their hardware, software is playing an increasingly important role in defining today’s vehicles. We are in an age where two vehicles with the exact same engine and technical specs can drive and feel entirely different depending on the underlying software.

The Role of Automotive Software

In a modern vehicle, a surprising number of features that consumers take for granted are enabled by software. To consumers, the most familiar type of automotive software is the user applications installed in the head unit (i.e., dashboard and infotainment system), which make up the human-machine interface (HMI). Yet, beneath the surface, there are hundreds of software applications embedded throughout the in-vehicle system, underpinning the smart features that are seamlessly integrated into the driving experience. For instance, software is embedded in every camera to process the captured imagery and transmit the visual information to the computing unit, enabling advanced driver-assistance systems (ADAS).

Looking deeper within the vehicle, all ECUs contain pieces of embedded software that act as communication modules, allowing them to communicate with one another throughout the CAN buses, the head unit, the telematics control unit (TCU), and externally to the telecommunications network and the clouds. These communication interfaces lay the groundwork for V2X (vehicle-to-everything) communications and vehicle-infrastructure cooperated autonomous driving (VICAD). Lastly, information collected from the in-vehicle system is likely recorded and transmitted to the OEM cloud, allowing for the vehicle security operations center (vSOC) to detect anomalies and respond to any potential cybersecurity threats. All these software-enabled features run seamlessly without the need for any manual intervention.

Who Develops Automotive Software?

Unlike hardware parts, most of the software components used in automobiles are not directly developed by OEMs or Tier 1 suppliers. Instead, they come from a diverse range of software vendors and providers, including HMI providers, middleware providers, operation systems providers, telematics providers, ADAS software providers, telecommunications providers, cloud providers, security providers, and many more. Some of these software components are installed directly on top of the infotainment system, while others are embedded within the wide array of in-vehicle systems prior to the assembly phase. Oftentimes, software vendors need to work with hardware suppliers and chipmakers during the production process to ensure cross-industry interoperability. As software becomes an integral part of production, the automotive supply chain is looking less like a vertical deliver-and-assemble process but more like a horizontal network of partnerships and co-developments.

The Components of Automotive Software

A vehicle’s software environment is much more complex than that of other computing devices like smartphones and PCs. Smartphones and PCs operate on a single OS, where all software applications are developed for the specific platform. In the vehicular software environment, however, vehicles do not run on a single OS nor a proprietary platform (even though OEMs are moving in that direction—topic for another time). This means that every software component is essentially independent, only to be stitched together by the rules set out by standardized communication protocols and interfaces.

Since automotive software components are developed by individual parties, a large portion of them contain open-source code and licenses. This isn’t surprising given that more than 70% of all the world’s software source code is open source—the most popular mobile OS Android was built on the grounds of the open-source Linux kernel, while over two-thirds of all web servers in the world run on the open-source Unix OS and its variants. Of course, these popular open-source distributions are often developed and managed by large corporations, ensuring that vulnerabilities are monitored, detected, and patched immediately. But this isn’t the case for automotive software, which comes from hundreds of vendors and developers across the world. Since open-source code is widely copied and modified during the development of applications, even developers can lose track of which components or licenses were used, or whether one component could form codependency with another. This makes it much more challenging to manage software updates and ensure that patches get to the right vehicles on time.

Fortunately, there is a promising solution that makes it easy for automotive OEMs to continuously manage their in-vehicle software throughout all stages of the software development lifecycle (SDLC)—the software bill of materials.

Securely Manage Automotive Software With the Software Bill of Materials (SBOM)

To counter the security risks that arise alongside the growing popularity of open-source software (OSS), the software bill of materials (SBOM) has become a popular tool to manage OSS vulnerabilities across many industries. An SBOM, as its name suggests, is a machine-derived list that contains a detailed breakdown of all open-source ingredients—including code and licenses—found within a piece of software. In 2021, a US Executive Order on enhancing OSS security made SBOM mandatory for certain sensitive industries. A detailed guideline was later published by the National Telecommunications and Information Administration (NTIA) of the US Department of Commerce.

Like many other industries, the SBOM is the most effective way for OEMs to manage automotive software. Not only does it help establish a vulnerability-free software environment in the first place, but it also allows OEMs to keep track of vulnerabilities in their OSS and licenses during the aftermarket stage and have them patched via OTA (over-the-air) updates to all impacted vehicles.

AUTOCRYPT’s newly launched AutoCrypt® Security Analyzer (SA) is an SBOM-based software analysis and management tool that accurately detects and categorizes software components, enabling OEMs to continuously manage their automotive software during all stages of the vehicle’s lifecycle.

To learn more about AutoCrypt® Security Analyzer and AUTOCRYPT’s mobility service solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

15 April, 2022 . 5 mins read

Protecting Vulnerable Road Users (VRU) With V2P Technology

Vulnerable road user (VRU) is a term used to describe any road user who is not inside a motor vehicle. This can mean a pedestrian, a cyclist (or motorcyclist), a scooterist, or someone in a wheelchair. Compared to motorists, VRUs are much more likely to suffer from severe injuries or death in a traffic accident due to their lack of external protection. Although vehicle-pedestrian crashes are much less common than vehicle-vehicle crashes, these accidents still contribute to a significant number of road fatalities. According to the Insurance Institute for Highway Safety (IIHS), pedestrian fatalities account for 17% of all casualties from traffic accidents, while cyclist fatalities account for another 2%.

Why Are VRU Fatalities Increasing?

During the past decade, we have seen significant improvements in Advanced Driver-Assistance Systems (ADAS), including features like pedestrian detection and warning. This gives us an intuition that VRU safety must have been improving. Shockingly, a completely opposite trend was observed. Pedestrian fatalities have in fact increased by 51% over the past ten years, most of which occurred in urban areas.

Given all the technological advancements, why isn’t the pedestrian fatality rate falling? One possible explanation is the growing popularity of SUVs, which are taller than sedans and more likely to hit the pedestrian’s upper body in crashes. Another likely cause is that both drivers and pedestrians today face constant smartphone distraction, making them less focused and attentive on the road.

The Struggles to Keep VRUs Safe

Over the past few years, urban planners and policymakers have been implementing progressive approaches to improve VRU safety by either eliminating roadways in crowded urban centers or reducing the speed limit to less than 30 km/h in city streets. However, these countermeasures are only effective in cities with a well-established public transit system that can handle a drastic increase in passengers. For many cities that rely heavily on personal vehicles, implementing such measures can be quite disruptive and inefficient for daily commuters.

Protecting VRUs isn’t about sacrificing one group for the other. It is essentially about protecting everyone, as every driver technically becomes a VRU the moment they exit the car. Hence, finding a balanced solution that benefits both motorists and VRUs is crucial. In this regard, V2P technology shows great potential. V2P (vehicle-to-pedestrian) technology is a sub-type of V2X (vehicle-to-everything) communications technology that allows vehicles to communicate with pedestrians in real-time wirelessly. With V2P, vehicles and pedestrians will be able to cooperate seamlessly on the road to prevent accidents.

How Does V2P Differ From V2V and V2I?

V2P operates under the same mechanism as other types of V2X communications like V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure). However, there are some unique aspects of V2P that make its deployment and application somewhat different from the other two.

Installation

To enable any V2X communication, a V2X connectivity unit must be installed on every end entity of the ecosystem. An end entity can be a vehicle, a traffic signal, a roadside camera, and many more. The V2X connectivity units can either be embedded within the end entities during the manufacturing process or externally connected to existing vehicles and infrastructure that do not have embedded units.

However, we cannot simply install V2X connectivity units on unpowered V2P entities like bicycles, scooters, skateboards, wheelchairs, and of course, the human body. In this case, smartphones can act as end entities. A compact and lightweight portable V2X device can be plugged into the mobile devices of VRUs so that they can easily participate in V2P communications. These portable V2X devices are extremely versatile and can be plugged anytime into all kinds of smart devices such as phones, tablets, and vehicle head units via common ports like USB-C.

Another potential deployment method relies on a specific type of V2X mode—the C-V2X Uu interface. Different from the PC5 interface—which enables end entities to communicate directly with each other without going through any medium—the Uu interface sends all messages through the mobile broadband spectrum, connecting all entities to the cellular network. Under this mode, all smart devices with cellular connectivity become readily available V2X connectivity units with no need for external hardware.

Application

Whereas V2V and V2I communications are used to serve the purpose of vehicle-infrastructure cooperated autonomous driving (VICAD), V2P adds VRU cooperation to the mix, taking autonomous driving to the next level. By doing so, it further enhances the safety of autonomous driving in urban areas by complementing conventional ADAS and pedestrian warning systems. In application, vehicles receive the real-time location, speed, and direction of every VRU in their surroundings, allowing them to respond immediately to all kinds of unexpected behaviours.

On the other hand, V2P can also be used to issue warning messages to pedestrians. Many observational studies have pointed out the severity of pedestrian smartphone distraction. One study in Melbourne found that 20% of all walkers were on their smartphones while crossing the road. These “smartphone zombies” are at a significantly higher risk of traffic accidents. With V2P-enabled smartphones, these walkers can be alarmed at traffic signals and pedestrian crossings.

Better Autonomous Driving Starts from Road User Cooperation

Even though most developments in autonomous driving have been focusing on V2V and V2I applications, we should not forget that vehicles are not the only road users. To make autonomous driving smarter and safer, more participants should be invited to join the ecosystem. Adding VRUs to the cooperated autonomous driving mix has the potential to greatly reduce vehicle-VRU accidents and improve road safety and efficiency in urban areas.

AUTOCRYPT is actively working on developing technologies that accelerate V2P deployment. To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

To learn more about AUTOCRYPT’s mobility service solutions, contact global@autocrypt.io.

31 March, 2022 . 6 mins read

A Technological Path Towards Universal Mobility

What Is Universal Mobility?

Universal mobility refers to the state in which everyone has access to reliable means of transportation for necessities like going to work and school, accessing public services and healthcare, as well as shopping and socializing. Despite being taken for granted by many, there is a significant percentage of the population whose basic mobility needs are not met.

Achieving universal mobility can indeed be challenging, considering that car ownership might not be a viable option for everyone, and that there are many less-developed nations as well as sparsely populated regions where transit services are not financially sustainable. What’s more, even in places with adequate transit services, they can be difficult or impossible to access for those facing mobility challenges—for instance, people with temporary or permanent disabilities, parents of young children, and older people who need moving assistance. According to WHO estimates, 1% of the world’s population needs a wheelchair, while 3.2% of the world’s population is affected by blindness or some form of visual impairment.

Universal mobility is only said to be achieved when every member of the society—regardless of their place of residence, financial status, and physical condition—can enjoy reliable transportation on a day-to-day basis.

The Two Barriers to Universal Mobility

There are two main barriers to achieving universal mobility. The first is systematic barrier. This can be defined as a lack of motivation and initiative to improve transportation infrastructure for those in need. This could be due to a lack of public awareness with regard to accessibility needs or incompetent governments.

A second barrier is financial barrier. Even with strong motivation and improvement plans, financial challenges tend to prevent these plans from turning into actions. Problems such as high operational and maintenance costs and expensive fares make it difficult to expand transit services for sparsely populated regions and improve accessibility.

In many parts of the world, financial barrier has been the biggest obstruction to the path towards universal mobility. Indeed, building and maintaining transit services is expensive. Operating accessible transit services is more expensive. Even some of the largest metropolitan transit operators with millions of daily passengers can experience frequent budget deficits that need to be filled by government subsidies. For decades, governments around the world have been trying to solve these issues with policy changes but saw no significant improvements.

To break through the financial barrier, maintaining profitable services is crucial. Even though profitability and universal mobility may sound contradictory, they are in fact mutually inclusive. It is important to acknowledge that universal mobility is only achievable if all services are capable of long-term financial sustainability. In this regard, several newly developed mobility technologies offer great potential.

A Technological Path Towards Universal Mobility

Rather than struggling with endless policy changes, we can pave a technological path to improve transportation coverage and achieve universal mobility. With the integration of smart mobility technologies, we can make transportation and mobility services more sustainable by cutting down unnecessary costs and improving efficiency.

V2X and Autonomous Driving

V2X (vehicle-to-everything) is the wireless communication technology used for real-time message transmission from vehicles to vehicles (V2V), vehicles to infrastructure (V2I), and vehicles to pedestrians (V2P), making it an essential building block for L3+ autonomous driving. How does autonomous driving help achieve universal mobility?

Even though taxi and mobility services are common in cities, they are less common and often nonexistent in smaller towns and rural regions due to a lack of profitable business models. With L4 and L5 autonomous driving, mobility service operators can deploy autonomous vehicle fleets in these less-populated regions to fill the unaddressed demands, without incurring the cost of hiring new drivers.

Fleet Management and Service Optimization

From the perspective of a mobility service operator, every mile on the road without a passenger indicates an opportunity cost. Hence, minimizing vehicle vacancy is crucial to the long-term financial sustainability of a mobility service. A fleet management system collects mechanical and location data from every vehicle in real-time, allowing the service platform to match demands to their closest supplies and map out optimized routes to the destinations, ensuring that the vehicle fleet is utilized to its maximum capacity.

In fact, in terms of serving sparsely populated regions and those with special accessibility needs, demand-responsive transport (DRT) services are much more efficient than fixed-route transit. With the help of big data and AI, barrier-free DRT services have great potential in such niche markets.

For this reason, AUTOCRYPT started its barrier-free DRT solution, AutoCrypt EQ, helping businesses establish accessible DRT platforms for those with mobility challenges, while ensuring that all data shared through the platform are end-to-end encrypted and verified.

Reliable Transport Enhanced by Connectivity

Although cutting down unnecessary expenses is beneficial, maintaining reliable and high-quality service is equally important for achieving universal mobility. Ensuring that all services are safe, secure, and reliable is a crucial task not only for mobility service operators but also for automotive OEMs. With the accelerated adoption of vehicle connectivity and autonomous driving, it is more important than ever to secure vehicles from hacking attempts and unauthorized access. As mandated by industry regulations and standards, many automotive OEMs now run a Vehicle Security Operations Center (vSOC) that monitors the real-time security status of their active vehicles using data collected from the OEM cloud, while identifying and reporting any potential intrusions immediately.

New Business Models for Universal Mobility

These new smart mobility technologies are not only beneficial to existing service providers. They also encourage new operational models and provide growth opportunities for businesses and NGOs that look forward to improving transportation coverage and accessibility. These new business models not only have the potential to break through the typical financial challenges of public transit, but also generate more initiatives in serving niche markets and bring us closer to universal mobility.

AUTOCRYPT shares this vision and is actively working with partners to develop innovative mobility service models in the form of DRT services, accessibility mapping, and multi-modal MaaS platforms.

To learn more about AUTOCRYPT’s mobility service solutions, contact global@autocrypt.io.

To stay informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

11 March, 2022 . 6 mins read

Who Might Launch Cyberattacks on Connected Cars and Why?

Cyberattacks on connected cars have long been considered a potential threat to the safety of road users and pedestrians. Fortunately, we have not yet seen any reports of major cybersecurity incidents that directly affected safety-critical vehicle systems, mostly because the automotive industry has been preparing for such attacks long before any hackers have had a chance to gain a footstep in the connected car ecosystem, but also because the financial incentives of hacking vehicles have not been appealing enough to make them primary targets.

However, this does not mean that the automotive and mobility industry will not become a primary target in the future. Since 2020, cybercriminals have been frequently crossing the boundaries of IT and stepping into the OT (operational technology) environment, disrupting physical operations at factories, airports, power plants, pipelines, and even hospitals. Likewise, as the connected car ecosystem continues to grow and V2X-based autonomous driving begins to take off, there is an increased possibility that vehicles and C-ITS infrastructure could one day become a primary target of cyberattacks.

Therefore, to keep itself ahead of any potential cybercriminals, it is important for the automotive and mobility industry to analyze and predict who might be the potential perpetrators and why they would want to launch an attack. These predictions can then be used to guide the TARA (Threat Assessment and Remediation Analysis) process, followed by threat modeling and penetration testing.

These are some of the potential threat actors who might be interested in hacking the connected car ecosystem.

Nation States

Along with military strength and economic power, cyber capability has become another hidden force for countries to exert influence on the world stage. Many nation states today target their adversaries with cyber campaigns ranging from espionage and infiltration to DDoS and ransomware attacks. Common targets include government agencies, infrastructure operators, healthcare providers, schools, and businesses. As the connected car ecosystem continues to expand, nation states could target vehicles and roadside infrastructure to gain big data on a country’s road network, including details on the locations of cameras and traffic lights as well as traffic movements. The personally identifiable information (PII) associated with each vehicle owner can also be exploited to launch targeted infiltration and phishing campaigns against high-profile individuals.

In the worst-case scenario of an armed conflict, hostile states could even try to disrupt the C-ITS infrastructure to cause traffic chaos and accidents. Under Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD), vehicles rely on the V2X messages received from roadside cameras and infrastructure for autonomous driving. In such a network, a DDoS attack against any of the crucial infrastructure systems can cause autonomous vehicles to lose cooperative driving capabilities and be forced to switch back to manual and ADAS driving, leading to sudden and unexpected disruptions to traffic on a wide scale.

Hacktivists and Terrorists

Hacktivists are self-organized hackers that target specific governments or organizations to raise public awareness on certain political or social causes. For those who want to target an automotive manufacturer or regional government, launching an attack against the OEM’s connected car fleets or a regional C-ITS infrastructure can be a quick and effective way to make their voices heard. In February 2022, an unknown hacker targeted a supplier of Toyota’s key components, forcing the OEM to shut down operations for 24 hours. In the future, a similar attack might be targeted directly at vehicle fleets.

Whereas hacktivists target organizations, terrorist groups target citizens. Terrorist groups in the future could also launch disruptive attacks against connected cars and road infrastructure to generate fear among the public. In an extreme case, they could even try to take control of an autonomous vehicle remotely and manipulate the vehicle to trigger crashes.

Ransomware Gangs

Ransomware gangs are financially motivated criminals that deploy ransomware on targeted networks to encrypt systems and steal sensitive data. The victims are then forced to pay a ransom if they want their system decrypted or to prevent the stolen data from being released or sold. Just like how these ransomware operators target enterprise networks, it is technically possible for them to infect connected cars with ransomware that locks certain vehicle functions until the victims pay the ransom.

The good news is that the technical difficulty of intruding a connected car system is much higher than that of an enterprise system. Even if the ransomware gets successfully deployed, the ransom payment the attacker can exploit from an individual vehicle owner is very limited. Hence, ransomware attacks against private vehicles remain very unlikely in the foreseeable future. Alternatively, attackers could try to infect the OEM’s servers to disable OTA services and steal the sensitive data of vehicle owners, forcing the OEM to make the payment.

Criminal Groups and Thieves

Criminal groups and thieves can exploit autonomous vehicles and use them as a tool to commit crimes. For instance, they could gain remote control to a parked vehicle and redirect it to a remote area under their control to steal the personal belongings of the owner. They could also control these vehicles for illegal trafficking by hiding cash, weapons, or drugs inside. Nonetheless, despite being a possibility on paper, these tactics are too complex for most criminal groups and are not likely to be exploited anytime soon.

A Well Protected Connected Car Ecosystem

Despite all the possibilities of being targeted by a wide array of perpetrators, connected cars remain the safest tech devices today. Thanks to the advanced planning and early integration of robust cybersecurity measures by the industry, launching any profitable cyberattacks on the connected car ecosystem remains extremely difficult even for the most sophisticated hackers.

AUTOCRYPT has been constantly working with OEMs and suppliers to ensure a safe and smooth transition into the connected car ecosystem. From V2X connections to in-vehicle systems, electric vehicle charging infrastructure to mobility services, AUTOCRYPT protects every endpoint to ensure that cybersecurity risk is kept at a minimum.

To learn more about AUTOCRYPT’s end-to-end solutions, contact global@autocrypt.io.

To stay informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

16 February, 2022 . 6 mins read

Top 4 Car Features That Rely on Vehicle-to-Cloud Connectivity

As modern vehicles become increasingly connected and software-oriented, the role of the cloud in the vehicular environment continues to grow. For many years, automotive manufacturers and suppliers have been looking for innovative ways to utilize vehicle-to-cloud (V2C) connectivity to enhance the mobility experience and introduce new features to their vehicles. Today, the role of vehicle-to-cloud connectivity is no longer limited to providing peripheral benefits like onboard entertainment but is also relied upon for many crucial operational and security functions. Here are four vehicle features that utilize vehicle-to-cloud connectivity.

1. Vehicle Maintenance and Over-the-Air (OTA) Software Updates

The growing sophistication of modern vehicles has made regular maintenance and software updates more important than ever. Yet, keeping track of when to make the next maintenance and servicing appointment can be quite a hassle for vehicle owners. To streamline the maintenance process, many automotive OEMs now collect and store telematics data from their active vehicle fleets to keep the owners informed of their vehicle conditions. Based on the owner’s consent, collected data usually contain odometer readings, average mileage, and other mechanical information from the in-vehicle system. Vehicle-to-cloud connectivity allows these data to be synchronized in real-time with the OEM cloud, enabling vehicle owners to view their vehicle information and receive notifications on maintenance schedules via their online accounts.

Whereas hardware maintenance can be performed once per year, software updates should ideally be updated as soon as a feature upgrade or security patch is available to avoid exposing the vehicle to software vulnerabilities. Just like how PCs receive automatic updates, many OEMs have started pushing over-the-air (OTA) software updates to their vehicles from the cloud servers. All updates are sent via the Internet as soon as they become available so that users no longer need to take any actions or worry about software-related recalls.

2. Vehicle Security Operations Center (vSOC)

The Vehicle Security Operations Center (vSOC) is another important feature that relies on vehicle-to-cloud connectivity. As vehicles become “computers on wheels”, it has become the OEMs’ responsibility to manage post-production security risks during a vehicle’s lifespan. The vSOC is a centralized cybersecurity management system that allows an OEM to monitor abnormal activities and manage security threats in its connected vehicle fleets and related services in real-time. Like the Security Operations Center (SOC) used in the enterprise environment, the vSOC continuously monitors all in-vehicle systems by tracking and analyzing vehicle log data so that the OEM can detect and respond to any anomalies immediately, preventing any malicious intrusions from causing any damage.

Many OEMs today are adopting vSOCs to comply with vehicular cybersecurity regulations like WP.29. There are multiple approaches to designing a vSOC. The OEM can either choose to integrate the vSOC to their existing enterprise SOC or build an independent vSOC isolated from the corporate network. Some might also choose to outsource both development and monitoring to a third-party provider in the form of vSOC-as-a-Service. Regardless of the design, a vSOC must be connected to the OEM cloud to synchronize real-time data from the vehicles it needs to protect.

To learn more about vSOCs, see AutoCrypt vSOC.

3. Third-Party Applications

With internet connectivity (either embedded or tethered), the in-vehicle infotainment system today runs a variety of built-in and third-party applications, just like smartphones. These can range from music and video streaming apps to smart navigation and car payment tools. These applications act as a bridge that connects the vehicle to third-party cloud servers and platforms, utilizing internet connectivity from the eSIM (embedded SIM) or tethered cellular data from Android Auto and Apple CarPlay.

4. Electronic Control Units (ECU) in the Cloud

ECUs are collectively the brain of a vehicle. These are chips with low computing power that are ideal for handling independent and repetitive tasks. The modern-day car has on average 100 ECUs, and each of them is responsible for controlling a specific feature. Hence the more features a vehicle has, the more ECUs need to be built into it. This has led to an emerging problem; as vehicles become increasingly sophisticated, using a great number of ECUs and having each control an independent task might no longer be ideal. Having too many ECUs in a vehicle not only complicates the manufacturing process, but also makes it difficult and costly to diagnose issues in the long run.

One solution to this problem is to centralize a vehicle’s computing power. That is, instead of having over 100 ECUs controlling independent tasks, one or two CPUs can be embedded to take over a high number of tasks simultaneously like PCs. Many OEMs have adopted this approach, with many expecting this centralized E/E architecture to take over conventional architecture by the mid-2020s.

As 5G technology starts to kick in, many experts have proposed an alternative solution that utilizes vehicle-to-cloud connectivity; that is to adopt a cloud-based E/E architecture by moving certain ECUs to the cloud. Despite seeming like an unrealistic approach during the 4G era, debates around this solution have resurfaced in the world of 5G thanks to the incredibly low latency of 5G networks. Although it can still seem radical to move all ECU functions to the cloud, a hybrid approach may be adopted where only ECUs crucial to safety are kept locally while the rest gets relocated to the cloud.

Securing Vehicle-to-Cloud Connectivity

As 5G network infrastructure becomes increasingly mature, more and more car features will be reliant on cloud storage and possibly cloud computing, delivering a wide range of digitalized mobility experiences. However, as much as how the vSOC can be utilized to enhance the security of in-vehicle systems, the data that travels between the vehicle and the OEM cloud must also be protected.

AutoCrypt V2X is a complete V2X (vehicle-to-everything) solution that secures all connections between the host vehicle and other end entities it communicates with, including entities located in the cloud. It safely authenticates all users in the connected vehicular environment and encrypts all data and messages in transmission.

To learn more about AUTOCRYPT’s end-to-end solutions, contact global@autocrypt.io.

To stay informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.