Hello, engineers! This is Hermes Solution. Today, we’ll be discussing the cybersecurity threats to connected cars, a new paradigm in the automotive industry. As modern vehicles are closely integrated with information and communication technology, the importance of cybersecurity standards like ISO/SAE 21434 is growing daily. Today, let’s explore the key cybersecurity threats and vulnerabilities that can arise in connected cars through the lens of ISO/SAE 21434!
Cybersecurity Threats to Connected Cars
Modern vehicles have evolved into connected cars, exposing them to a variety of cybersecurity threats. According to projections by Statista, more than 400 million connected cars will be on the road worldwide by 2025. This highlights the need to strengthen cybersecurity through ISO/SAE 21434 compliance. Connected cars have significantly increased connectivity with external systems, including wireless communication (WiFi, Bluetooth), cloud platforms, and V2X (Vehicle-to-Everything) communication, in addition to traditional systems communicating with the vehicle’s ECU. This expanded connectivity enables services like remote diagnostics, software updates, and real-time traffic information but also diversifies the attack vectors hackers can exploit, which need to be managed through ISO/SAE 21434. Cybersecurity threats are increasing, particularly with remote access through third-party apps or cloud services, wireless channel hacking, and malware infections. Attacks via these external connection channels can affect not only data security but also directly impact driving safety, making connected car cybersecurity based on ISO/SAE 21434 an even more crucial issue.
Diverse Cybersecurity Attack Scenarios
As digitalization and connectivity in cars progress, the paths for cybersecurity attacks have become more diverse. Analyzing attack types reveals that traditional attack vectors like data servers (41.1%) and keyless entry (26.3%) are prominent, as well as other access points, including ECU (12.2%), mobile apps (7.3%), infotainment systems (5.7%), ODB ports (5.4%), Wi-Fi (2.9%), and Bluetooth (2.7%). ISO/SAE 21434 emphasizes that the more new technologies like cloud services, wireless communication, and smartphone integration are applied, the more attack vectors expand. This demonstrates that not only internal vehicle systems but all external connection points can be potential cybersecurity threats under ISO/SAE 21434.
Cybersecurity Threats Related to ADAS and Autonomous Driving
The advancement of Advanced Driver Assistance Systems (ADAS) and autonomous driving technology also brings new cybersecurity threats that require ISO/SAE 21434 compliance. These systems rely heavily on software and sensors, making them prime targets for potential cybersecurity attacks. For example, attacks on sensor data or AI algorithms could lead to errors in driving decisions, posing significant risks.
Cybersecurity Risks Related to Software Updates
The frequency of Software Over-The-Air (SOTA) updates is increasing, which can introduce new cybersecurity risks. According to ISO/SAE 21434, as update frequency rises, the attack surface may expand, increasing the risk of attacks exploiting vulnerabilities in the update process or inserting malicious code into updates.
Key Attack Targets and Vulnerabilities
Data Security and Privacy
With the increase of connected cars, data collection, storage, and sharing related to vehicles raise privacy issues that are crucial to address through ISO/SAE 21434. Vehicles can collect data such as the driver’s location, driving habits, and even personal conversations, making data privacy vital. Particularly, anonymizing and securely managing this data presents significant technical and legal challenges under ISO/SAE 21434.
Conclusion and Future Challenges
Connected cars are exposed to cybersecurity risks through various paths, which need to be managed under ISO/SAE 21434. The analysis of attack types shows that data servers and keyless entry attacks hold the largest shares, with attempts also made through ECUs, mobile apps, infotainment systems, and various access points.
ISO/SAE 21434 is essential in addressing the diverse attack paths and complex threats. Security measures across each area, as well as an integrated security management framework, are needed. Collaboration among all stakeholders—automakers, regulatory bodies, suppliers, insurance companies, and consumers—is essential. By adhering to ISO/SAE 21434, the industry can develop standardized security protocols, continuous security updates, and monitoring systems. Hermes Solution is committed to leading the industry by providing advanced security solutions and expertise to meet the needs of our customers and work toward a safer automotive environment. Thank you!
