On Keeping Automotive Telematics Safe from Hackers
Germany-based Rohde & Schwarz Cybersecurity is set to provide automotive telematics security solutions as early as this year, says Marcel Krumbholz, head of presales. And with 62 percent of U.S. consumers doubtful they will see a world with fully autonomous cars, companies specifically addressing the security needs of the connected car market couldn’t emerge at a better time.
The connected car market is seen as one of the next big growth opportunities for satellite companies. While the role satellite will play in this particular market is still open to question, with cars needing to be fully connected at all times to receive software updates, for example, the market in theory offers a great opportunity for satellite players to be part of the communications ecosystem servicing these vehicles. Intelsat and Thuraya are two satellite companies in particular that have spoken up as this being a market to watch, and Kymeta has already made headlines for its tests with Toyota.
A growing number of automotive companies use telematics platforms to stay in contact with all of their cars outside in the world, allowing them to implement remote features like “installing updates and receiving messages about the car itself,” Krumbholz said. These platforms also track sensor data such as movement behavior and fuel consumption, information that can then be monetized in a variety of forms, ranging from Usage-Based Insurance (UBI), to fleet management, to Over-the-Air (OTA) customer services.
The opportunity for ROI is compelling for car vendors, of course, but Krumbholz pointed out that consumers also stand to benefit from more advanced telematics platforms. “For example, Volvo is testing network here in Germany. If a customer comes to the garage because they would like to repair something, the Volvo will directly connect to the Wi-Fi of the garage and they can read about errors and mistakes from this car,” he said. In other words, drivers and mechanics in the future won’t need to scratch their heads diagnosing a tricky mechanical issue; the car itself can tell you what part needs to be replaced.
Mobile operators such as Verizon are the real first-movers in this space, looking to tap new revenue potential by creating telematics platforms for automotive Original Equipment Manufacturers (OEMs). But because these platforms lack detailed security specifications and a standardized framework across the industry, they have become an attractive target for cybercriminals. Operators are thus forced to turn to expensive, personalized security solutions to protect data and ward off cyberattacks, and these are the customers Rohde & Schwarz hopes to serve.
As Krumbholz framed it, telematics platforms’ biggest vulnerability is the complicated network that comprises their architecture. “I go in the car and the Bluetooth on my phone … should connect to the entertainment system, and the entertainment system should have access to my video and audio files, and the contacts I can call,” Krumbholz said. The crux of the issue is that Bluetooth is just too easy to hack, he says, meaning cybercriminals have an easy portal to access and manipulate whatever information they want. In a worst-case scenario, a hacker could hijack a car’s telematics platform to gain control of its steering system, or “deactivate the brakes over this Bluetooth connection.”
Krumbholz highlighted two approaches to protecting these assets, one that Rohde & Schwarz is working to finalize, and another that the company is ready to implement commercially. The first approach is setting up a firewall inside the network of the car itself. Krumbholz said the biggest issue here is power consumption: the firewall gets turned on, then off, then on again along with the car, which might harm the lifetime cycles of classical firewall systems after a few months. To overcome this hurdle, Krumbholz said Rohde & Schwarz is in talks with potential partners to develop new, more sustainable hardware.
The second approach, which comprises the company’s R&S Pace 2 solution, is ensuring airtight communications between a car’s telematics platform and its data center. R&S Pace 2 is a software engine that functions somewhat like a selectively permeable membrane: operators can embed the engine into telematics platforms for more advanced Internet Protocol (IP) traffic analytics capabilities, specifically protocol validation, protocol encryption and application classification. “We are able to take a look inside and find out if this protocol is really this protocol or if there’s something behind [it],” he said, “We find out where’s the one, where’s the zero — and if [the protocol] is in the right form, we let it pass. If it is not, we block it.” Krumbholz said the company’s solution can build up a ruleset against suspicious commands and thus secure data transmissions between car and data center.
While cybersecurity technology is adapting quickly to meet the needs of the connected car market, Krumbholz believes companies that stand to benefit must push legislators to set industry standards. He expects Germany to be especially conducive due to its drive to have the number one automotive sector in the world.