Blog

Security Vulnerability Metrics and their importance in maintaining the security of connected cars  - Irdeto Insights

Written by Juha Hytönen | May 10, 2023 10:00:00 AM

Over the last few years, the world has grown accustomed to the growing number of connected vehicles that have internet access and can interact with other devices. In 2020 alone, 30 million new connected vehicles were sold accounting for approximately 41% of new car sales worldwide. This number rose to over 50% in 2022 and is expected to reach 95% of global new vehicle sales by 2030, with about 45% having intermediate-to-advanced connectivity.

This rapid development, however, comes at an expense. The increase in potential cybersecurity risks is rapidly becoming one of the biggest challenges in the industry. What led to these risks and how can we address them? Discover more in our article!

Where do the cyber risks in connected cars come from? 

The integration of the internet has changed the automobile business in every way, including the security aspect. With the internet access and software components, the vehicle is no longer a safe and enclosed unit.

Source: TUVSUD (click to enlarge)

Initially, cars were connected through the In-Vehicle Infotainment (IVI) system, which had limited connectivity and was isolated from the major vehicle components. With the use of telematics, there is now an increasing level of connectivity and in many cases, controllers and control units (historically isolated from each other), are now connected to the outside world. Additionally, the automotive industry is constantly adopting innovative technology, driven by software components.

The software complexities amplify the security vulnerabilities and contribute to additional security issues in today’s automobiles. With ransomware and malware attacks on the rise in other industries, there is cause for concern regarding vulnerabilities in the automobile sector, where a high-end vehicle can contain up to 100 million lines of code. What if hackers discover and exploit those vulnerabilities?

How seriously do these cyber risks affect connected vehicles end users? 

As mentioned above, a connected vehicle can be accessible via an online network, or wider internet. When hackers find and exploit the vehicle’s security vulnerabilities, there is the potential for disastrous repercussions for both the vehicles and their users.

As with computers, smartphones and other connected devices, connected vehicles are vulnerable to a variety of cyber threats. Spoofing, denial of service, hacker and malware attacks, malicious mobile apps and advanced persistent threats are just a few examples.

These cyber-attacks can have a wide range of consequences for vehicle users, including:

  • Driving functions fail
  • Vehicle systems fail
  • Vehicle theft
  • Data theft
  • Commercial loss
  • Collison

How can you mitigate the risks and their consequences? 

The aforementioned consequences are tremendous and can have a direct impact on driver safety and therefore the need for identifying vulnerable components in a vehicle’s software system is crucial. This is where the Security Vulnerability Metrics (SVM) can show their importance.

SVM can help you mitigate the risks and their consequences (click to enlarge)

Basically, SVM quantifies cyber reliability, allowing for the comparison of two or more systems (or the same system as it evolves over time), in support of the cybersecurity goals. It efficiently manages the complexity of automotive systems by quantitatively measuring vulnerable components. Furthermore, in order to ensure a holistic approach, certain important factors are taken into consideration. These include code complexity, component coupling, in- and output data vulnerabilities as well as past security issues and component maturities.

With the help of SVM, automotive original equipment manufacturers and suppliers can compare the two different vehicle platform E/E architectures to highlight the differences in their security.

Try our free tool!

Irdeto’s free tool with a user-friendly interface (click to enlarge)

Do you know that you can analyze the vulnerability of your vehicle’s connected systems at zero cost? Developed based on the research performed in collaboration with Queen’s University, our free tool can help you. Contact us for access and learn more about our solutions available that keep your vehicle secure.