Increased internet connectivity around the world and across new devices is allowing cyber-criminals to target more than just the media industry. If you read the news, you'll see the automotive industry is also at great risk. Is there a way to learn from the pay-media industry to help prevent connected car hacking?
Naturally, the automotive and media industries are very different. For the former, it's getting people from point A to point B and personal safety is paramount. For the latter, it's all about entertaining consumers while protecting copyrights and business models. On paper, they may seem worlds apart. However, when it comes to cyber-security, they have quite a lot in common.
The internet plays a pivotal role in the media industry, with OTT (over-the-top - internet delivered video) and video on demand (VOD) services becoming the norm. Digital and connected TV platforms unfortunately act as attack surfaces for hackers, and make them susceptible to attacks from cyber-criminals looking to steal – amongst other things – personal information. The rise in connected cars also provides an attack surface for hackers to prove their skills on a public stage, and steal data through remote attacks on remote connected apps. They can also hack into online systems within the vehicle while the vehicle is in motion. The implications of this are obvious, and concerning.
Over the next decade, global sales of connected passenger vehicles are projected to grow to 77 million units annually by 2022 from about 19 million in 2014. In addition, 73 percent of vehicles will be connected in some way and so it is only a matter of time before cyber-attacks such as the recent Mitsubishi and Tesla hacks become more common. Media has also had to manage an increased risk of cyber-attacks, with the number of consumers watching OTT content regularly now being more than 80 percent.
Just as the media industry has had to implement strategies such as watermarking to combat cyber-criminals hacking into systems, the automotive industry needs to consider a similar approach. As more vehicles become connected to the internet and autonomous cars become reality, there is an urgent need for reliable and secure connectivity.
Setting the wheels in motion
Vehicles can almost be seen as “computers on wheels” as they move toward an increased dependence on digital diagnostics. As the media industry experienced with its transition online, this move introduces vulnerabilities that did not exist before. In terms of automotive, it allows hackers to exploit wireless communications, Bluetooth, USB and Wi-Fi, along with the third party devices such as the entertainment systems to either steal personal information or take control of the driving functions.
The media industry has learned that with advancements in technology, pirates have also adapted. OTT (streaming) piracy has become the biggest threat facing pay TV operators and content rights holders, and this has widened the attack surface within the industry. The ease, simplicity and low cost nature of pirate OTT devices means that the industry has had to face a wave of piracy bigger than ever seen before.
In correlation, the increased likelihood of automotive cyber-attacks in the coming years has grown massively. Today's cars contain 100 million lines of code, and it is expected that the cars of the future will have more than 200 million lines of code. This huge growth in attack surfaces reveals that there are hundreds of millions more opportunities for criminals to hack into systems.
Considering the various vehicle hacks that have hit headlines recently, such as Jeep and Nissan Leaf, it is important to note the breadth and variety of attacks. From vulnerabilities in the smart app that interacts with the vehicle to external communication channels to access the vehicle through the infotainment unit, car manufacturers need to address this issue. Security systems must be implemented for both the pay-media and automotive industries to detect, analyse, investigate and counter all types of cyber-attack affecting vehicles and content platforms in real-time.
Putting the brakes on piracy
The media industry has been fighting piracy for over 20 years. Pay TV providers have become adept at evolving their defences in line with the changing pirate landscape that is constantly becoming more sophisticated. The media industry has decades of experience which can be tapped into by automotive companies and adapted for their needs.
Why reinvent the wheel when there are so many similarities and lessons learned to draw from? For some, pirating is about getting premium content for free, while for others it is about accessing premium car features. Both industries have frustrated consumers that want access to content which is not yet available in their country, or in the case of automotive, features that are not universally available. Fans want the latest content and car enthusiasts want to fine tune every detail of their vehicle. The lucrative aftermarket parts industry, as well as hackers' intent to cause mayhem, plays a part in the increase in cyber-attacks for the automotive industry. As a consequence, it is both physical safety measures, such as air bags, and cyber-security measures that the industry needs to focus on.
Learning from the media cyber-security experience, building in diversification and developing secure renewable security systems from the outset could benefit the automotive industry. It is also evident from media piracy that hackers are quicker to exploit and develop around new technology than legitimate providers. Consequently monitoring networks of hackers can give forewarning of upcoming attacks.
In both the media industry and the automotive industry the combination of technology and proactive services are needed to successfully fight piracy. Pre-empting potential security threats in both industries is hugely valuable, and allows platform builders and car manufacturers alike to take a proactive approach to prevention rather than a reactive one. Learning security practices across industries should allow developers to stay one step ahead of cyber-criminals as they secure code loopholes before they are spotted. Brand and reputation damage from hacking is hard to recover from, no matter what the industry, and securing products from cyber-attacks will go a long way to prevent this happening.
Contributed by Mark Mulready, senior director, cyber services and investigations, Irdeto