Security-by-design is key to preventing hacks on future smart cars, roadways

The F-Secure study highlights the importance of security to overcoming challenges facing intelligent transport systems.

Securing tomorrow’s driverless vehicles and smart roadways needs to begin today, according to a report from F-Secure Consulting. The report, Future Threats to ITS Networks and CAV Infrastructure, identifies numerous vulnerable areas within proposals for intelligent transport systems (ITS) and connected autonomous vehicles (CAV).

“We took a holistic view of the security of ITS and CAV networks,” said Vic Harkness, lead report author and security consultant at F-Secure Consulting. “Existing literature often focuses on a single aspect of this ecosystem and considers security out of scope. The roads that you, me, and everyone else depend on will be part of this ecosystem, so it’s important to take a look at the interoperability of the whole system to see what could go wrong.”

Harkness and her team found a wide variety of potential attack entry points within the European proposals for future ITS networks, which bear strong similarities to proposals in the US and other countries.

Based on current proposals, possible attack vectors identified in the report range from in-vehicle systems such as sensors and entertainment systems; to roadside units that collect and collate network data; to data storage hubs, transmission media, and connecting protocols that currently lack security mechanisms.

These potential attacks could involve adversaries forcing cars to take malicious actions, stealing data from a car’s internal network, manipulating or disrupting traffic patterns, or using a car as an entry point into ITS networks.

Vehicle testbeds, stretches of smart roadway used to test vehicles and technologies, would be of particular interest to attackers looking to steal intellectual property or to disrupt testing of a competing product.

Towards safer connected roadways

Besides providing recommendations for securing all facets of the ITS ecosystem, Harkness and her team call for a few overall initiatives to help ensure safer future roadways:

  • Testing of ITS and CAV technologies prior to deployment to address safety-critical issues. The creation and examination of CAV testbeds would help uncover these issues.
  • Formation of a consortium to provide overarching guidance on CAV and ITS security, establish and maintain ITS security standards, and facilitate information sharing.
  • Complex automated tamper detection, logging, and message signing at every level of the ITS network to help identify and remediate a breach by an actor.

Harkness also recommends that vendors working on CAV and ITS technologies share their new developments with security researchers early on. “We can help discover potential issues before threat actors in the real world take advantage of them,” said Harkness. “Don’t assume security will be taken care of elsewhere. Ensure security is baked into your technologies from the start.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here