The modern automobile is a complex grid of network-connected hardware and software consisting of hundreds-of-millions of lines of code. And the evolution of automotive technology is only beginning. Connected cars will change life as we know it, and ignoring connected-car cybersecurity puts not only consumers’ private data at risk but also their lives.
Just one of many examples of connected-car exploits took place in 2015 when two security researchers hijacked an SUV by compromising its entertainment system. The researchers remotely manipulated the air conditioning, increased the stereo’s volume, activated and disabled the brakes, and even killed the vehicle’s accelerator as it drove down the freeway.
Multiple components make up a connected car -- hardware, software, mobile apps, Wi-Fi and Bluetooth connectivity, and the cloud. And each one presents a potential attack vector. Driver assistance, vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-pedestrian (V2P), vehicle-to-device (V2D), vehicle-to-grid (V2G), and autonomous vehicle technologies create a complex web of cybersecurity risk that automotive OEMs and tier one suppliers must manage as they design, develop and deploy connected-car features and services.
To keep drivers safe and protect private consumer information, carmakers and tier one suppliers need to take a risk-based approach to connected car cybersecurity. Various best practices published by industry associations call on the automotive industry to institute: governance to ensure compliance with regulations and internal policies, building security into the connected car lifecycle, security assessments that identify/remediate vulnerabilities, threat detection methods and processes, and incident response plans.
Leading automotive OEMs and tier one suppliers depend on NowSecure to ensure the security of data generated, transmitted, and stored by their connected-car offerings. Development teams integrate our mobile app security testing automation into their SDLC to find and fix security flaws prior to deployment. Red teams and ethical hackers rely on our on-premises mobile app security testing workstation to perform penetration testing of mobile apps that support connected-car functionality and services. The NowSecure services team provides automakers with third-party assessment and certification of mobile apps or augments internal security teams.
Learn more about NowSecure mobile app security solutions, and how we help the automotive industry reduce connected-car cybersecurity risk and protect vehicle-to-device communications.