Connected car security: Why identity is in the driving seat

An increasingly diverse range of connected objects has joined the Internet of Things (IoT) in recent years. According to IDATE, 420 million drivers will generate a connectivity market amounting to €9 billion by 2020.

However, with cars increasingly becoming computing platforms rather than simply a means of travelling, they are also becoming more attractive targets for hackers. This is backed up by the FBI recently publishing an advisory on car hacking, naming connected cars as one of the biggest cyber-threats of tomorrow, says Simon Moffatt, director Advanced Customer Engineering, ForgeRock.

An accelerating sector, but one lacking in

Digital transformation is having a significant impact on all industry sectors, but nowhere more so than the automotive sector. Today’s motor companies are likely to look very different in ten years time as they continue evolving from manufacturers to complex service providers.

Why? Because having the ability to record and analyse all manner of data generated by a car (such as distance travelled, speed, fuel efficiency) means manufacturers can deliver more personalised driving experiences, whilst also collecting valuable product data.

There are an estimated 40-60 million connected cars throughout the world currently. Within the next five years, Gartner predicts this will increase to over 250 million. At present, the average security level within these vehicles is equivalent to that of IT systems and computers from the ’80s, with limited encryption, data protection and identity management.

Connected cars are vulnerable

More and more evidence is coming to light that demonstrates the vulnerability of connected cars. Just recently, Nissan was forced to suspend the functions of its smart car companion app after researchers found it could be used to access control systems in its electric cars.

Perhaps more notably, last year two security researchers were able to take control of a moving Jeep via its infotainment system. Once they had gained access, they were able to control the steering, transmission and even the brakes. This served as a stark warning to both car manufacturers and owners.

Identity in the driving seat

Simon Moffatt
Simon Moffatt, director Advanced Customer Engineering, ForgeRock

Identity is becoming a critical element in the connected car journey; the identity of the user, of the car, its connectivity system, and that of the smart devices that connect with the vehicle. The problem is that there is currently no connection between the identity of the driver and the identities of the smart devices within the car.

In terms of security, this relationship must be established, so that only the vehicle’s authenticated operator can control the various on-board connected devices. If a hacker tried to take control remotely, they would simply be blocked, as their identity wouldn’t be recognised. In order to do this, an effective identity management platform must be deployed that can link together all of the relevant identities in the correct context.

Of course, a vehicle does not have to be dedicated exclusively to one person. The identity of a vehicle or device can be linked to numerous individuals interacting with it. For example, a family car’s identity could be linked to the identities of both the driving members of the family and that of the younger, non-driving members. In this case, the kids would have access to the on-board entertainment system, but no access to any of the driving controls.

The multi-layered security solution

In the future, multi-layered security approaches will almost certainly be used to protect connected cars. Indeed, various physical authentication methods such as fingerprint, voice and facial recognition are already being tested.

These would work in tandem with on-board identity management systems to increase the security of the vehicle. Manufacturers will surely continue to surprise us with more state-of-the-art features, but the end goal remains the same; protecting the legitimate owner and occupants of the vehicle.

For automotive companies, the connected car is both an exciting and a risky prospect. Consumers want to trust the technology before they put their lives in the hands of the manufacturers.

Clearly, the connected car has a long way to go – cases such as Jeep and Nissan haven’t done the industry any favours. And yet, the connected car undoubtedly represents the future of the industry, so the sooner a more robust approach to identity is adopted, the sooner we will see consumer trust increase.

The author of this blog is Simon Moffatt, director Advanced Customer Engineering, ForgeRock.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more