Infographic: Potential Cyberattacks in Connected Cars and Mobility

Cyberattacks in connected cars are becoming an increasing threat. A modern connected car has a highly sophisticated electrical/electronic (E/E) architecture that contains up to 100 electronic control units (ECU) linked through multiple Controller Area Network (CAN) buses. Moreover, vehicle and driving data generated from the internal system are exchanged and shared with outside parties–including the OEM cloud, third-party clouds, smartphones, and other road users–through various forms of connectivity protocols, from satellite and Bluetooth to Wi-Fi and cellular. As a result, the modern vehicle contains a lot of endpoints that may be vulnerable to attackers. To secure a connected vehicle, it is crucial to consider all potential attack vectors that attackers could use, from man-in-the-middle (MitM) attacks to message spoofing.

The below infographic illustrates some of the most common entry points and how they must be secured.

potential cyberattacks in connected cars and mobility infographic 1/3
potential cyberattacks in connected cars and mobility infographic 2/3
potential cyberattacks in connected cars and mobility infographic 3/3

Download PDF

(Accessibility version below)

Entry Point I. Head Unit

The vehicle’s head unit is the closest entry point to its internal system, often containing a mainboard ECU that serves the infotainment system, and a gateway ECU that directs application requests to the CAN bus. If a hacker gains access to the head unit, they are only one step away from gaining control of the CAN buses and ECUs, potentially taking over the vehicle.

Risks? Vehicle hijacking, vehicle takeover

By who? Criminals

Solution?

AutoCrypt IVS

  • Intrusion detection and protection system (IDPS)
  • ECU protection
  • Vehicle security operations center (vSOC)

Entry Point II. V2X Messages

In the C-ITS environment, V2X messages are transmitted between road participants like vehicles, infrastructure, and pedestrians in real-time. Attackers can attempt to spoof the V2X messages broadcasted from these participants, leading to wrong judgments and even potentially controlling the targeted vehicles. They could also sniff the messages to steal data.

Risks? Vehicle hijacking, vehicle takeover, theft, terrorism, data breach

By who? Nation-states, criminals, thieves

Solution?

AutoCrypt V2X

  • Message encryption
  • User verification via Security Credential Management System (SCMS)
  • Integrated certificate management

Entry Point III. EV Charging Station

When an EV is plugged into a public charging station, the charging operator collects the owner’s membership and payment card information for transaction processing. An attacker can target the Plug&Charge (PnC) system to steal membership credentials and credit card details, or potentially attack the power grid.

Risks? Data breach, payment card fraud

By who? Nation-states, criminals

Solution?

AutoCrypt PnC

  • PKI-based Plug&Charge user verification
  • Message encryption
  • OCPP support

Entry Point IV. OBD-II Port

Onboard diagnostics (OBD) tracks a vehicle’s condition and driving behaviour. Such information is used by fleet operators and technicians for management and maintenance. The OBD-II port provides access to information on the powertrain, emission control systems, Vehicle Identification Number (VIN), and all kinds of driving information. When targeting the OBD-II port, an attacker could gain access to these sensitive data and possibly even inject malicious code into the CAN bus.

Risks? Vehicle hijacking, data breach

By who? Nation-states, criminals

Solution?

AutoCrypt IVS

  • Intrusion detection and protection system (IDPS)

AutoCrypt FMS

  • Secure fleet management through machine learning and AI
  • Proprietary OBD-II units

Entry Point V. Smart Key

Smart keys unlock a vehicle with electronic signals. Unlike keys with buttons, smart keys continuously release signals to allow keyless entry. Thieves could hack the smart key and redirect the signals to unlock and even turn on a car.

Risks? Vehicle theft

By who? Thieves

Solution?

AutoCrypt Digital Key

  • PKI-based certification and user verification
  • Carsharing and restriction settings

Entry Point VI. Telematics Control Unit

The TCU facilitates all wireless communications between the vehicle and the outside world, normally containing an eSIM, radio data system (RDS), Bluetooth, Wi-Fi, and a V2X connectivity unit. When the attacker access the telematics of a vehicle, possibly by injecting malware through a malicious app on a connected smartphone, they could attack the head unit directly.

Risks? Vehicle hijacking, vehicle takeover

By who? Criminals

Solution?

AutoCrypt IVS

  • Intrusion detection and protection system (IDPS)

AutoCrypt V2X

  • User verification via Security Credential Management System (SCMS)

Infographic: 2021 Year in Review

Thank you for your support in 2021. Though there have been unexpected challenges with the ongoing pandemic, we have taken every opportunity to ensure that secure transportation and mobility are prioritized in the changing landscape of connectivity and transport. See below for what AUTOCRYPT has accomplished in 2021 in review.

Here’s to 2022!

Forbes 100 to Watch – AUTOCRYPT was selected to be part of Forbes Asia’s inaugural 100 to Watch list, a list which highlights notable companies on the rise in the APAC region.

15 Million! – We closed our Seeries A funding round in January 2021, bringing the total raised to USD 15 million. Currently, Series B is in progress, open to global investors to become involved.

AutoTech Breakthrough – AUTOCRYPT was announced as 2021’s “Automotive Cybersecurity Company of the Year” for the second year in a row.

4-Layers Interoperability – In 2021, AUTOCRYPT demosntrated the “Four-Layers” interoperability of our V2X security solution. AUTOCRYPT’s solutions are compatible with C-SCMS, EU-CCMS, and SCMS, crucial for implementing security into C-ITS projects.

Germany – AUTOCRYPT’s first European office was opened in Munich, Germany in June 2021. The new office is expected to play a key role in the company’s active work with European OEMs and the continent’s C-ITS projects.

Events – We missed seeing our customers and partners in person, but were able to begin heading back out to events in the latter half of 2021.

Canada – Establishing a North American subsidiary, we opened a new corporate office in Toronto, bringing us closer to partners and OEMs in the region.

ITF-CPB Member – AUTOCRYPT officially joined the ITF’s Corporate Partnership Board. As a partner, AUTOCRYPT will bring its security expertise to work on intelligent transport systems, and the future of mobility.

Mobility Services – We launched a number of new services which utilize our fleet management solution, including a EV charging information application, and a Demand Responsive Transport (DRT) for inclusive transportation.

Infographic: 7 V2X Application Scenarios

V2X (vehicle-to-everything) communication technology enables real-time wireless communication between vehicles (V2V), infrastructure (V2I), and pedestrians (V2P) in the C-ITS (Cooperative Intelligent Transport Systems), paving the path towards full driving automation.

Establishing a V2X ecosystem is a massive project that requires a solid foundation, before building blocks are gradually added to serve functional purposes. Thankfully, years of development and testing across multiple industries have laid the foundation that brought the technology to the surface. Many V2X-enabled services are now being applied in smart cities across the globe, marking the beginning of large-scale commercialization.

The below infographic illustrates seven V2X application scenarios that are widely seen today.

V2X Application Infographic

Download PDF

(Accessibility version below)

  1. Signal Phase and Timing – SpaT is a V2I service used at signalized traffic intersections. The RSU in the traffic signal controller sends a message indicating light color and remaining time to the OBUs of the inbound vehicles. The vehicles then use this information to determine whether to cruise through or decelerate to a stop.
  2. Emergency Vehicle Preemption – EVP is a V2I service that gives road priority to emergency vehicles. The OBU of a dispatched emergency vehicle sends a special message indicating its location and path to the RSUs of upcoming traffic lights. These traffic lights then work in favor of the emergency vehicle to ensure safety and a speedy response.
  3. Intersection Collision Avoidance – IVA is a V2V service that prevents collisions at traffic intersections. The RSU of the roadside camera monitors vehicles and moving objects in all directions and sends a warning message to inbound vehicles when it detects potential signal violators in the cross direction, preventing T-bone collisions.
  4. Emergency Brake Warning – EBW is a V2V service that prevents rear-end collisions caused by sudden braking. The OBU of the braking vehicle sends a message indicating its intended behavior to the OBU of every subsequent vehicle, so that they can all start braking at the same time, preventing collisions and overbraking.
  5. Pedestrian Collision Avoidance – PCA is a V2P service used for pedestrian protection. roadside cameras detect pedestrians on the roadway and send warning messages to nearby vehicles. Newer developments embed RSUs into smartphones so that such warnings can be sent directly from the pedestrian’s devices.
  6. Smart Parking – Smart parking is a V2I service used to match the supply and demand for parking space in real-time. The RSUs of the parking lot sensors send messages notifying parking availability to nearby vehicles, allowing vehicles to drive towards the nearest parking space seamlessly, easing traffic jams in high-density commercial zones.
  7. Do Not Pass Warning – DNPW is a V2V service that is used to ensure safe overtaking on undivided highways. The OBU of the first vehicle in the lane sends messages to the vehicles behind, warning them not to pass when it sees vehicles traveling down from the opposite direction.

To learn more about V2X application scenarios and AUTOCRYPT’s V2X security solutions, see AutoCrypt V2X.

Infographic: The Different Types of Electric Vehicles

The EV is an umbrella term for battery EVs, plug-in hybrids, hybrids, and fuel cell EVs. In this infographic we go through the different types of electric vehicles and their key differences.

(Accessibility version below)

types of electric vehicles

Electric Vehicles, or EVs, are all over the news. With demands on the rise dueto environmental concerns, we have seen many more EVs in the news and on the road.

But did you know? An EV is in reality, an umbrella term. Despite what many may think, EVs can still have a traditional combustion engine as well as a battery-powered motor, and can even generate electricity without plugging into a charge point.

Take a look at the different types of electric vehicles (EVs) and all the different components they utilize to operate properly on the road.

  1. HEV – Hybrid Electric Vehicle
    • Utilizes traditional internal combustion engine (ICE) with electric propulsion, meaning that the ICE charges the batteries to power the electric motor
    • Still requires fuel to operate, though it has a higher fuel economy than ICE vehicles
    • Less carbon emissions than ICE vehicles
    • Heavier weight because of the components involved
  2. FCEV – Fuel Cell Electric Vehicle
    • Fuel cells combine hydrogen and oxygen to product electricity, which runs the motor
    • The battery captures braking energy, conserving extra power to smooth out power from the fuel cell
    • Emissions are simply water vapor and warm air
    • Vehicles can be more expensive and difficult to refuel due to the lack of fuel stations
  3. PHEV – Plug-in Hybrid Electric Vehicle
    • PHEVs can be charged for power, and runs mostly on the electric motor
    • Still utilizes fuel to power the ICE, but the engine is considered backup
    • Prices can be higher than other vehicles
    • Less fuel consumption, less carbon emissions
    • Heavier weight due to the components involved
  4. BEV – Battery Electric Vehicle
    • No ICE, powered by electricity only. The vehicle plugs into a charge point to recharge the battery
    • No emissions, and lower maintenance
    • Charging can take time, and range anxiety can limit driving distance
    • Prices can be higher than conventional ICE vehicles, but more affordable models are launching as demand rises.

Secure it First. No matter what your vehicle is fueled by, without proper protocols in place, systems can be more vulnerable to cyberattacks. EVs are no exception. Particularly for BEVs, communication between the vehicle and charge point, as well as its servers, could pass along sensitive information like 1) Credit card / payment information, 2) Personal Identification Information (PII), and 3) Vehicle data.

Ensure that your charge point operator and mobility operator’s systems are in compliance with ISO-15118 standards for V2G (Vehicle-to-Grid) communication. This will ensure that both the vehicle and charger’s certificates are verified and safely delivered, making your EV ride a secure one.

AutoCrypt PnC secures the EV and its supply equipment during the Plug&Charge process, providing secure communication and certificate management. For more information, visit our product page!