Thatcham Research’s vehicle security manager James Howden and lead automotive security research engineer Steve Launchbury answer questions about the cyber security risks connected cars pose and the company’s solutions.
SMART Highways reporter Emma Greedy asked Howden and Launchbury what sort of risks there are for connected cars and hackers.
‘As with all use of connected technology, there is an amount of risk associated with it,’ said Howden. ‘The automotive industry is proactively working towards meeting the regulations and standards.’
Both Thatcham employees agreed that the risk to connected vehicles from hackers is analogous to the risk to computer networks. ‘Hackers actively target computer systems for various reasons, such as financial gain and notoriety. Although not necessarily more risky, the amount of attack-surfaces increase as vehicles become more connected,’ said Howden. ‘Examples of such include the use of a mobile-device to control the entry and start of the vehicle, Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) connectivity. Targets of the hack could be the vehicle or the back-end system.’
With computer systems posing possible risks to connected cars, would creating a completely secure car be an option? Howden responded, ‘By the nature of technology itself, there can be no guarantees that any system is completely secure. Manufacturers are proactively working towards UNECE regulations and ISO 21434 to build vehicles to a high standard.’
Thatcham Research has a new consumer Security Rating, which it says is designed to help consumers understand the theft risk of a car.
Launchbury said that the Thatcham Research Security Rating is ‘a continuation of the New Vehicle Star Ratings (NVSR) introduced in 2001.’
‘The introduction of the new Security Rating draws from the New Vehicle Security Assessment 2019 which provides a whole vehicle security assessment, covering mechanical, identification and electronic attributes. This rating reflects the resilience of a vehicle against new theft methodologies associated with Passive keyless entry/start (PKES) and via the OBD port.’
‘The emphasis on the Passive keyless test is to provide a secure means of unlocking and starting of the vehicle, whilst the OBD port is to provide a secure means of adding keys,’ added Launchbury.