New Delhi: In the last few years we have witnessed a slew of recalls due to faulty parts, causing massive losses to the manufacturers. While as the technology is taking a new leap, cybersecurity has become a big threat with connected and autonomous vehicles on the way to becoming mainstream. So, what is responsible for this? According to a report by SAE & SYNOPSYS, about 63 per cent of vehicle makers don’t test their half the components.
The study that sampled 15,900 IT security practitioners and engineers in the automotive industry, reveals that nearly 63 per cent of all the vehicle manufacturers doesn’t test half of the software, hardware and other automotive technologies that go onboard their vehicles.
Vehicle hacking is not just a theory, but a real threat. Back in 2016, Nissan shut its app NissanConnected EV for the Leaf hatchback, when the Japanese automaker found that hackers could access the car’s climate control and other features to drain batteries. Similarly, FCA recalled around 1.4 million vehicles after a demonstration revealed Jeep Grand Cherokee can be wirelessly hacked.
Also, just a few months back, an Israeli technology startup claimed they hacked Tesla Model 3’s Autopilot system remotely. The global automotive industry was rocked by Takata airbag recall and VW cheat device in the last few years.
The non-critical systems and connectivity solutions like Wi-Fi, Bluetooth that are available in almost all the vehicles, are the low-hanging fruits for security threats. The study says these areas should be focused first.
Nearly 30 per cent of the companies in the automotive sector does not have a proper cybersecurity team to handle these technologies and security infrastructure, leave apart securing smart cars.SAE & Synopsis study
Nearly 30 per cent of the companies in the automotive sector does not have a proper cybersecurity team to handle these technologies and security infrastructure, leave apart securing smart cars. Even, the automotive companies shy away from engaging a third-party vendor to develop software for connected vehicles, reveals the study.
Both the automobile OEMs and their suppliers are struggling to secure the technologies in their products. 84 per cent of respondents of the research has acknowledged that cybersecurity practices are not keeping pace with the ever-evolving security concerns of automotive software revolving around connected cars and autonomous cars.
The software vulnerabilities are majorly attributed to the reasons including high pressure to meet deadlines, accidental coding errors, lack of education on secure coding practices along with late testing for software errors.
A major source of threat for automotive software is the supply chain of the OEMs. While most of the automakers produce some original equipment, their true strength lies in R&D, designing and marketing vehicles, managing parts supply chain and assembling the final product. Around 73 per cent of the manufacturers expressed concern about the security threat that could originate from the supply chain.
Late testing and detection of software vulnerabilities is a big concern the OEMs should focus. The study suggests the companies should integrate security into product development, in the early phases like designing. This will reduce the risks and threats as they can be identified early leaving more time to fix.