Category: Blog

27 July, 2020 . 6 mins read

Top 6 Security Threats for Modern Vehicles

Modern vehicles have a lot of advanced safety features that keep us safe on the roads. Blindspot detection, lane keep assist, and forward-collision assist with automatic emergency braking (AEB) are some of the standard features that we take for granted. Moving a bit upward, a typical high-end vehicle today has face detection capabilities that would send all kinds of warnings when it sees the driver drowsing. If the driver fails to wake up, the car would slowly park itself on the roadside.

Very soon in the future, we are likely to see a significant decrease in traffic accidents when older cars get phased out. However, not everything is as rosy as it seems. Modern cars are essentially sophisticated computers on wheels. The more sophisticated they are, the more weak points they have, and the more possibilities for high-tech attackers to exploit them.

Indeed, modern cars are keeping us safe. But who keeps cars safe? (Hint: AUTOCRYPT)

We need to understand where the threats come from and take the correct measures to prevent them. Here we take a look at six of the top security threats for connected vehicles.

1. Attack on Smart or Digital Keys

Smart keys commonly referred to as “keyless entry”, do not require the driver to push any buttons on the key to unlocking the doors. Doors unlock automatically when the key fob is near the car. Smart keys mostly utilize infrared radiation (IR) technologies to transmit signals to the car. Digital keys built-in mobile applications work in a similar way, except that they transmit signals via Bluetooth or NFC technologies.

Under situations where the key is nearby a locked vehicle, a hacker could break into the car by gaining access to the IR communication with a brute-force attack, by using a relay box to scan and reflect the communication signals, or by manipulating the Bluetooth communication between the smartphone and the vehicle. Automakers have started to make keys with much shorter signal transmission ranges, in which the key fob or smartphone needs to be right beside the doors for them to unlock.

2. Attack on Embedded Software

Modern cars have up to 80 electronic control units (ECUs) that keep the vehicle functioning. The embedded software in these ECUs is not only growing in numbers but is becoming increasingly complex. Critical functions like the anti-lock braking system (ABS) and electronic injection lineup are all controlled by ECUs. The embedded software analyzes data such as temperature, engine speed, and accelerator position to determine the optimal behavior of the fuel injectors, hence delivering the optimal results depending on the driver’s settings (e.g. eco, comfort, sports, etc.).

Attackers can inject malware into the ECUs to manipulate their state and actions, posing a significant threat on the functioning of the vehicle. To protect these built-in software from external threats, automakers need to provide prompt software patches and invest in a reliable in-vehicle firewall.

AutoCrypt IVS is an advanced firewall optimized for automotive communication protocols. With two decades of experience in intrusion detection, AutoCrypt IVS effectively blocks all malicious traffic from entering the vehicle system. Click here to learn more.

3. Attack on Software Applications

In-vehicle infotainment systems have become just as important as the engines. Other than the built-in applications, Android Auto and Apple Carplay are now offering an increased number of vehicle-compatible mobile applications from a wide range of categories, including navigation apps, payment apps, media apps, social networking apps.

Similar to embedded software, built-in software applications need to be constantly updated and patched, as well as protected by an in-vehicle firewall. To prevent threats coming from mobile applications, vehicle-to-device (V2D) security measures should also be deployed.

AutoCrypt V2D is a security solution that protects the communications between vehicles, mobile devices, and cloud service providers. Click here to learn more.

4. Attack on Sensors

The majority of modern cars have certain degrees of autonomous driving capability, ranging from SAE Level 1 to Level 4. (Click here to see SAE’s automation level definitions.) To provide such driving assistance and autonomous driving features, a wide range of sensors must be built within the cars to help them detect road conditions, lighting conditions, obstacles, moving objects (e.g. cars and pedestrians), and inertia. Cars also rely on GPS data to locate and navigate with high precision.

Threat actors could exploit vulnerabilities in these sensors to undermine their range, detection capabilities, and reliability. They could also manipulate GPS data to provide wrong directions and control the route of the vehicle (for Level 4 automation). State-backed APT groups could hack into the sensors of multiple vehicles to cause mass-scale collisions and destruction.

5. Attack on Cloud-based Servers

After the sensors collect all the data, they transmit that information to the cloud database to enhance the autonomous driving experience, and also to enable communications between the vehicle and the transportation system. Thus large amounts of data are sent to the cloud database.

Sophisticated threat actors could compromise the cloud databases to steal sensitive information about the vehicles and the drivers. These data could be used to identify weaknesses of a vehicle, which could be exploited for future intrusions and phishing campaigns.

6. Attack on Networks

Modern vehicles are all part of the vehicle-to-everything (V2X) network. The V2X network consists of countless numbers of vehicle-to-device (V2D), vehicle-to-grid (V2G), and vehicle-to-infrastructure (V2I) communication messages. These communications would increase substantially once cooperative-intelligent transportation systems (C-ITS) roll out on a large scale. As such, a car is exposed to hundreds of endpoints that could serve as entry points for hackers.

To protect the car in a V2X network, an in-vehicle firewall is not enough. An authentication framework must be put in place to verify every user before allowing them to connect to the vehicle system.

AutoCrypt V2X utilizes user authentication and data encryption technologies to secure all sensitive information related to the vehicle. AutoCrypt PKI supplements V2X by offering a certificate-based authentication system for external users like vehicles, pedestrians, and road infrastructure. Click here to learn more.

Safety is the Number One Priority

Safety has always been paramount in transportation. We expect seatbelts and airbags to work in the event of a collision, and expect the car to not catch on fire after crashing. But as we transition into this new era of connected vehicles, we as consumers do not seem to have any clear expectations yet.

This is why AUTOCRYPT is not only providing the most complete vehicle security solution for the industry. It is also working with automakers and other security experts to establish an international security standard that would help shape expectations, set up high standards, and keep our roads safe in the era of automation.

22 July, 2020 . 4 mins read

Why COVID-19 Has Made Vehicle-to-Grid (V2G) Security Even More of a Necessity

When the concept of Vehicle-to-Grid (V2G) began and companies and organizations began their research and implementation into EV systems, the main aim was to have an optimal energy management system. EVs, when charging bidirectionally, would not only maintain a minimum charge but balance the grid and minimize emission. The system’s goal is twofold: to increase efficiency in terms of renewable energy sources and costs, and simultaneously balance the demand for electricity on the grid. While no one could have imagined the paradigm shift that would occur worldwide through COVID-19, industries, and even new technologies are now trying to shift and evolve in order to meet the demands of the millions whose lives must go on in terms of their household, career, and transportation. With work-from-home (WFH) and social distancing deemed “the new normal,” there’s an increasing number of people who have no choice but to work and communicate remotely, meaning, technologies like V2G and consequently V2G security may now be more necessary than ever before.

V2G for Customers and Businesses

From March to April 2020, 30 million Americans filed for unemployment. The growing figures are an obvious sign of how many are facing financial strain due to COVID-19. However, at least for EV owners with Plug & Charge (PnC) capabilities, their electric bills may be minimized by using smart charge systems. For bi-directional PnC users with charging points in their homes, because their vehicles are spending more time parked in the garage than driving on the road, their batteries have more of the capacity to be used to power the grid. This can be good news for clients who are spending more time at home powering their laptops, entertainment systems, and home appliances while WFH, but do not necessarily have the financial means to be beholden to surge pricing.

For businesses with EV charging points, management of their services during the COVID-19 pandemic remains crucial – with an unbalanced supply chain (weakening demand in some industries with skyrocketing demand in others) and increasing financial pressures, PnC allows for businesses to set limits on energy consumption and avoid surge pricing, allowing them to maintain operations. Especially for start-ups or small businesses, minimizing operations costs is crucial: estimates show that more than 100,000 small businesses have permanently closed due to the pandemic.

Both customers and businesses can enjoy the benefits of PnC, as most offer real-time data available through an app or online platform. This can further allow users to optimize their charging during off-peak hours and maximize financial returns.

V2G Security

However, as with all connected technology, the technology itself is only half of the equation. With increased usage comes even more temptations for tampering. All parties involved from manufacturers, Mobility Operators (MO) all the way to Charge Point Operators (CPO) must ensure that the connections that the charge points are safe from intruders — because like it or not, owning a connected vehicle comes with social responsibility.

The most obvious damage that uninvited “guests” may wreak is through tampering with the payment systems. PnC allows for easy, streamlined payment, which means everything is done through payment methods and membership registration information already in the system. With loose security regulations, this could mean that payment systems could be hijacked without anyone ever knowing. During a critical time such as this, it is definitely not in anyone’s best interest to be hacked, left with an even thinner wallet than before. This is why AutoCrypt, in accordance with the international ISO 15118 Standard ensures that encryption and digital signatures are implemented to protect vehicles during charging.

The second concern is one that may fly under the radar, but EVs and V2G focus on the exchange of data – the time of day, the amount of charge, the pricing, and the payment methods for the vehicles and the charging points. Data monetization is becoming more and more lucrative as more EVs and connected cars hit the market and the economy suffers further due to COVID-19 — and in the wrong hands, this could mean loss of privacy and even in worst-case scenarios, data terrorism.

These are just a couple of reasons why AUTOCRYPT not only provides a comprehensive security solution, but is constantly working with manufacturers, MOs, and CPOs to ensure that customers on and off the road are able to keep safe in this connected car era. In a time where things are unpredictable, perhaps it would be safe to say that no one wants the security of your vehicle and wallet put into that group as well.

Stay safe, wash your hands, and keep your connections secure.

15 July, 2020 . 3 mins read

Welcome to the World of V2G

Electric Vehicles are no longer a future premise… In fact, from 2012 to 2018, global plug-in vehicle deliveries grew by 46-69%, and it’s likely that this growth will continue. We see EVs on the road and charging points in parking garages, and while the concept seems to be comparable to charging a mobile phone—plug it in, wait, and go… is the process really that simple?

In reality, charging a car involves several parties:

1. The OEM manufacturer who made the vehicle

2. The CPO that provides the Charge Point, similar to a gas pump for non-electric vehicles

3. The MO that registers members to be users for the charging service

This MO does not own the charging point itself, but builds the interface and the system required to use it. The MO is the party that has contact with the actual customers, and receives and maintains their charging data and information. The CPO, who owns the charge points, relays the operations of its station to the MO, and pays the network usage fee.

Users need to be certified by the OEM, MO, and CPO and then deliver the certificates to the V2G infrastructure in order to have the ecosystem ready for charging.

cpo mo oem process

While this may sound and look to be quite complicated, for the end-user, it’s quite simple. Plugin the charger at a nearby charging station, and then go—Plug & Charge (PnC). Just like a mobile phone, the process has been streamlined. All the certification, verification, and payment processing happen in an instant behind the scenes, and AUTOCRYPT V2G keeps those processes secure.

But what happens when the security landscape is always changing? From the early stages of the EV, AUTOCRYPT has been ready to bring solutions and products to the table, taking on the future era of EVs.

This also means that it has been and continues to be crucial to continue testing for compliance with not just domestic, but international standards, manufacturers, and guidelines around the world as this is an era that is constantly evolving. AUTOCRYPT has participated in several testing symposiums to meet international standards, and we continue to conduct interoperability testing with various companies. AUTOCRYPT has also been invited to share its unique V2G technology all over the world, as industries and organizations worldwide are increasingly eager to get into the conversation about EVs and the need for security, standardization, and quick integration.

AUTOCRYPT V2G ensures that your EV experience is a seamless one, letting you spend more time on the road without compromising your safety and security. For more on how the V2G experience works with AUTOCRYPT, click to watch our video below!

28 June, 2020 . 3 mins read

Infographic: All You Need to Know About Electric Vehicle Fill-ups

2020 is set to be the year of Electric Cars, according to numerous automotive analysts around the world.

More and more global manufactures are joining the wave of launching new electric vehicle products in hopes to lower the carbon dioxide (CO2) emissions level.

As a result, Electric Vehicle (EV) charging points are noticeably increasing on streets, highways, and parking spaces around all continents.

Now you can get a bird’s eye view on what you need to know about the new trend of vehicles including tips on electric vehicle fill-ups and charging.

(Accessibility version below)

electric vehicle fill-ups infographic

All You Need to Know About Electric Vehicle Fill-Ups

1. How far can I go on 1 hour of charge?

The distance your vehicle can go after an hour of charging depends on your vehicle model and the embedded battery type. The unit of measurement for charging is kilowatt-hours. Regular 120v power outlets allow for a distance of 6.5km per hour of charge, 240v residential chargers allow for 40km, Commercial chargers for 40km, and Fast-charge commercial chargers can allow for distances up to 300km.

2. How long does it take to charge?

Based on the time it takes to charge to 80% of a 63kWh battery (standard sized battery of a US BEV model as of May 2019), a 120v power outlet can take up to 42 hours, a 240v residential charger 2.6-15 hours, commercial chargers 20-60 minutes, and fast-charge commercial chargers 8-20 minutes.

3. Am I able to charge my EV at any charging point?

Unfortunately, no. Manufacturers have different models for plugs depending on the region, speed of charge, and the manufacturer brand. For example, the SAE Combo Coupler System (CCS), CHAdeMO, and Tesla are the three most common plug types.

4. How often should I charge my EV?

While frequency does depend on your driving habits, if you are a daily user of your EV and drive long distances each time, it’s recommended that you charge your EV battery each night. However, on average, EV users tend of charge about 2-3 times a week.

5. Where can I find the closest charge station?

Charge stations are marked clearly on most maps, but visit websites like PlugShare to find out more details. This site also indicates which plug types are supported by the charge points.

6. How much is the cost of an electric vehicle fill-up?

Costs vary greatly depending on the country and model of vehicle, but the national average rate for the USA is $0.13/kWh, for the UK 0.14pounds/kWh, and the EU at 0.21 euros/kWh. It also depends on the time of day (peak/off-peak), for example, for a 2018 Tesla Model 3, would cost about $1.56 for 50 miles, if you charged at an off-peak hour of 11pm. However, it would cost four times as much at $6.37 during peak hours.

For more information about EVs, security, and other automotive technology, visit autocrypt.io.

9 June, 2020 . 3 mins read

Infographic: 3 Must-Have Technologies For Autonomous Driving

With the rise of autonomous vehicles, it’s more essential than ever to consider what technologies and security systems are in place to ensure the safety of the vehicle and those in surrounding areas.

Take a look at what exactly defines an autonomous vehicle and the 3 must-have technologies for self-driving vehicles. (Accessibility version below)

3 Must-Have Technologies for Autonomous Driving

The levels of driving autonomy:

Level 1: Vehicles feature basic automated systems like braking or cruise control, but only as assistance. The driver must carry out actual driving.

Level 2: Vehicles can partially self-drive, controlling both speed or lane position in some situations, but the driver must be engaged and monitor at all times.

Level 3: Vehicles are in full control in many situations, monitoring traffic, steering, and braking — but may alert the driver to take over at a moment’s notice

Level 4: Vehicles can take over all driving tasks under certain use cases and conditions. The driver isn’t required to intervene, but has the option to do so if they desire.

Level 5: Vehicles do not require a human driver and can operate in any environments without human interaction.

To be truly autonomous, vehicles and their infrastructure systems must have certain technologies firmly in place to ensure the safety of the vehicles and those in surrounding areas.

Must-have #1: Sensors

In order to “see” what is ahead of them, autonomous vehicles use various types of sensors.

  • GPS: Identifies the exact location of the vehicle and assists in navigation from point A to point B.
  • Camera: Collects visual information from the road and traffic, sending it to the controller for processing.
  • Radar: Reflects radio waves off surrounding objects, transmitting information about object’s location and speed. Radar cannot distinguish between different objects.
  • Lidar: Uses laser pulses to build a 3D model of surroundings and differentiating objects. Lidar is not limited visually (e.g., dark, light, poor weather)

Must-have #2: Communication

To communicate with their surroundings, autonomous vehicles use various communication interfaces like V2V, V2I, V2N, V2P, to ensure safe driving.

Must-have #3: Security

According to a survey from 2017, 75% of respondents expressed concern that fully driverless vehicles may be susceptible to hackers. Automotive companies are spending more on cybersecurity measures, as the UN has mandated new regulations for managing vehicle cyber risks, which will take effect starting in 2021. In fact, cybersecurity spending is estimated to nearly double from 4.9 billion to 9.7 billion in 2030 (McKinsey).

Secure First, then Ride

With the rise of autonomous vehicles, it is inevitable that society will transition into a driverless one. But until this technology is more widely adopted, keep in mind the 3 must-haves to ensure that your ride is secure.

For more information on automotive technology and security, visit www.autocrypt.io

15 May, 2020 . 6 mins read

What Are Connected Cars and How Safe Are They?

The age of connected cars

Connected cars are no longer a thing of the future – the truth is that many of us are already driving one of these without realizing it. A connected car is a vehicle with internet connectivity and the ability to send and receive data. Since cars have been equipped with Bluetooth and GPS connections since long ago, the transition to internet connectivity is not as noticeable. Vehicles are generally connected in two ways: embedded and tethered. Cars with embedded internet connectivity come equipped with a built-in antenna and chipset to access the internet directly. On the other hand, cars with tethered connectivity connect to another device (i.e. smartphone) to borrow its internet connection.

Prevalent features of connected cars

Some connected features have already become prevalent in most newly manufactured cars. Take the navigation system, for example, a GPS navigation without an internet connection would not be able to provide any real-time information, and tend to show a significant lag at detecting locations. Many of the navigation systems today come equipped with embedded internet connectivity and provide real-time updates on all kinds of information including traffic jams, accidents, prices of nearby gas stations, and weather conditions. Another common feature of cars today is smartphone integration. Almost every vehicle sold in 2020 has Android Auto and Apple CarPlay as available options. This feature allows you to integrate your Android and iOS smartphones with the infotainment system so that you can access the contents of your phone through the infotainment screen. Car buyers today increasingly look for these convenience features for their new car. The infotainment system has become just as important a decision factor as the engine.

The future of connected cars

So far, internet connectivity for vehicles only seems to be a fancy add-on feature for entertainment purposes. Meanwhile, we are at a transition phase where internet connectivity is gradually becoming a necessity. With increased coverage of 5G infrastructure, autonomous driving with preventative safety features will soon kick in as the new standard, making our transportation system smarter. A smart transportation network is sophistically interconnected. Not only will vehicles be connected to our smartphones (vehicle-to-device, V2D), vehicles will connect and communicate with other vehicles on the road (V2V), with pedestrians (V2P), with infrastructures (V2I), and with the power grid while charging (V2G). All these connections are part of the vehicle-to-everything (V2X) network. How do these connections help? A vehicle in the V2X network would be able to automatically avoid physical contact with other vehicles, follow speed limits, and stop at traffic lights, without the need for manual intervention. Indeed, we are still a few steps away from full automation because it requires the active involvement of multiple parties, including governments. Nevertheless, starting from the high-end market, semi-autonomous vehicles will soon dominate our roads.

Click here to see how autonomous driving is classified and which stage your car is at.

Are connected cars safe?

The short answer is yes. Connected cars tend to have smart and preventative safety measures that older cars lack. However, these advanced features are only safe if the system works properly, thus keeping all the connections secured from potential cyberattacks is a crucial part of automotive safety. There is a key difference between IT security and mobility security. In an IT network, you make the connections, then secure them. In a V2X network, you cannot make the connections without securing them in the first place, thus there can be no such thing as an unsecured connection. This is why AUTOCRYPT is a key component of the V2X network. The bad news is that since we are at a relatively silent transition phase, some automakers seem to be lagging behind at adapting to the security standards of connected vehicles. Let’s take a look at this recently disclosed issue.

“Critical security vulnerabilities found on Volkswagen and Ford vehicles”

In early April, Britain-based Consumers’ Association, branded as Which?, teamed up with cybersecurity professionals to examine the connected elements of the two most popular cars in Europe – the Volkswagen Polo SEL TSI Manual 1.0L gasoline, and the Ford Focus Titanium Automatic 1.0L gasoline. The examination resulted in the discovery of several serious vulnerabilities that pose privacy and safety risks to the vehicle owners. First of all, the examiners were able to hack into the infotainment system of the Volkswagen Polo by exploiting a vulnerability found in the electronic traction control system. The infotainment system contains the personal data of the user, including their whole phone contact list, call history, and location history. Another vulnerability involved significant safety concerns. The examiners obtained access to the front radar module by simply opening up the VW emblem from outside the car. Gaining access to the radar system allows hackers to tamper with the collision detection and warning system. This could cause life-threatening consequences, especially if the vehicle were to travel in autonomous mode. The examiners were also able to interfere with the messages sent from the tire pressure monitoring system on the Ford Focus, and trick the system to display that the tires are fully inflated when they are actually flat.

Source: Which?

Only two vehicles were chosen for this experiment. More likely than not, a handful of other vehicles would have similar vulnerabilities. At first glance, these issues may not seem that vital. Some may say, “So what if the collision detection system malfunctions? You are supposed to keep your eyes on the road anyways.”

Indeed, as of now, these issues do not seem that harmful. However, remember that we are still at a transitional stage. As cars gain increased autonomy, such vulnerabilities would no longer be tolerated. You don’t want your vehicle to bump into the wall during remote parking, a feature that most news cars already have today. Mobility security deserves more attention. As consumers, we must treat these issues seriously to help build a better future for transportation.

For more information on how AutoCrypt V2X protects connected vehicles, click here.