Connected car security: Why identity is in the driving seat

An increasingly diverse range of connected objects has joined the Internet of Things (IoT) in recent years. According to IDATE, 420 million drivers will generate a connectivity market amounting to €9 billion by 2020.

However, with cars increasingly becoming computing platforms rather than simply a means of travelling, they are also becoming more attractive targets for hackers. This is backed up by the FBI recently publishing an advisory on car hacking, naming connected cars as one of the biggest cyber-threats of tomorrow, says Simon Moffatt, director Advanced Customer Engineering, ForgeRock.

An accelerating sector, but one lacking in

Digital transformation is having a significant impact on all industry sectors, but nowhere more so than the automotive sector. Today’s motor companies are likely to look very different in ten years time as they continue evolving from manufacturers to complex service providers.

Why? Because having the ability to record and analyse all manner of data generated by a car (such as distance travelled, speed, fuel efficiency) means manufacturers can deliver more personalised driving experiences, whilst also collecting valuable product data.

There are an estimated 40-60 million connected cars throughout the world currently. Within the next five years, Gartner predicts this will increase to over 250 million. At present, the average security level within these vehicles is equivalent to that of IT systems and computers from the ’80s, with limited encryption, data protection and identity management.

Connected cars are vulnerable

More and more evidence is coming to light that demonstrates the vulnerability of connected cars. Just recently, Nissan was forced to suspend the functions of its smart car companion app after researchers found it could be used to access control systems in its electric cars.

Perhaps more notably, last year two security researchers were able to take control of a moving Jeep via its infotainment system. Once they had gained access, they were able to control the steering, transmission and even the brakes. This served as a stark warning to both car manufacturers and owners.

Identity in the driving seat

Simon Moffatt
Simon Moffatt, director Advanced Customer Engineering, ForgeRock

Identity is becoming a critical element in the connected car journey; the identity of the user, of the car, its connectivity system, and that of the smart devices that connect with the vehicle. The problem is that there is currently no connection between the identity of the driver and the identities of the smart devices within the car.

In terms of security, this relationship must be established, so that only the vehicle’s authenticated operator can control the various on-board connected devices. If a hacker tried to take control remotely, they would simply be blocked, as their identity wouldn’t be recognised. In order to do this, an effective identity management platform must be deployed that can link together all of the relevant identities in the correct context.

Of course, a vehicle does not have to be dedicated exclusively to one person. The identity of a vehicle or device can be linked to numerous individuals interacting with it. For example, a family car’s identity could be linked to the identities of both the driving members of the family and that of the younger, non-driving members. In this case, the kids would have access to the on-board entertainment system, but no access to any of the driving controls.

The multi-layered security solution

In the future, multi-layered security approaches will almost certainly be used to protect connected cars. Indeed, various physical authentication methods such as fingerprint, voice and facial recognition are already being tested.

These would work in tandem with on-board identity management systems to increase the security of the vehicle. Manufacturers will surely continue to surprise us with more state-of-the-art features, but the end goal remains the same; protecting the legitimate owner and occupants of the vehicle.

For automotive companies, the connected car is both an exciting and a risky prospect. Consumers want to trust the technology before they put their lives in the hands of the manufacturers.

Clearly, the connected car has a long way to go – cases such as Jeep and Nissan haven’t done the industry any favours. And yet, the connected car undoubtedly represents the future of the industry, so the sooner a more robust approach to identity is adopted, the sooner we will see consumer trust increase.

The author of this blog is Simon Moffatt, director Advanced Customer Engineering, ForgeRock.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


Garmin Enduro 2 ultraperformance smartwatch adds mapping, touchscreen and its longest-ever battery life

Posted on: August 11, 2022

Olathe, United States. 09 August, 2022 – Garmin International, Inc., a unit of Garmin Ltd., announced the Enduro-2 ultraperformance multisport GPS smartwatch. Purpose built for endurance athletes, the rugged yet lightweight Enduro 2 includes built-in TopoActive maps with multicontinent coverage, a superbright LED flashlight and Garmin’s exclusive SatIQ technology to help optimise battery performance. What’s more, enhanced

Read more

Newly upgraded FineShare FineCam! A smart virtual camera makes video production easier

Posted on: August 11, 2022

Los Angeles, United States. 08 August, 2022 – FineShare Co., Ltd. announced the latest version of FineShare FineCam – an AI-powered virtual camera software. To meet the expectations of customers, FineShare FineCam now is available for Mac and rolls out some brand new features including advanced adjustment, webcam overlay, branding templates, low light video booster, auto framing, etc.

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox