What Are Connected Vehicles & their Vulnerabilities

A connected vehicle is a car, truck, bus or any other type of vehicle that can communicate bidirectionally with other external systems.

Vehicle connectivity is referred to as V2X or Vehicle to Everything. There are 7 main types of vehicle connectivity:

• Vehicle-to-Vehicle (V2V) - Communication between vehicles.
• Vehicle-to-Infrastructure (V2I) - Communication between vehicles and infrastructure, like traffic lights, road signs, or traffic management systems.
• Vehicle-to-Pedestrian (V2P) - Communication with pedestrians, cyclists, or other road users. 
• Vehicle-to-Network (V2N) - Communication between vehicles and cellular networks to provide connectivity services.
• Vehicle-to-Grid (V2G) - Bi-directional energy transfer between electric vehicles (EVs) and the power grid. 
• Vehicle-to-Device (V2D) - Communication between vehicles and any electronic device, i.e. in-car infotainment systems, smartphones, or smart home devices.
• Vehicle-to-Cloud (V2C) - Connectivity between the vehicle and cloud-based services. 

V2X communications play a vital role in the future development of autonomous vehicles and smart cities. The key challenge is ensuring that all these systems can operate together in a compatible, standardized and secure way.

The Origins of the Connected Vehicle

Computers have been in cars since 1968 when Volkswagen introduced a computer-controlled electronic fuel injection (EFI) system. In 1996, General Motors introduced the first connected cars with its OnStar audio-based system for emergency services, vehicle diagnostics, and directions. If airbags were deployed in a vehicle with OnStar, an automatic collision notification and GPS location would be sent to the OnStar call center to notify first responders.

Subsequent features to the OnStar system included stolen vehicle tracking, remote engine slowdown and more. While the initial system relied on CDMA mobile voice and data communication, in 2014 it was replaced with 4G technology. 

The Growth of the Connected Car Market

Over the past decade, we have seen very rapid growth in the number and proportion of connected vehicles on the road.. Right now, in 2023 there are over 192 million connected cars on the road and this is expected to grow to 367 million by 2027. 

According to a McKinsey study, 50% of cars sold worldwide today are connected and that will jump to 95% by 2030.

Connected Cars Create a Challenge for Data Storage

Connected cars are expected to generate over 1,000 times the present volume of data by 2025, passing 10 exabytes monthly.

This mass of data is used by OEMs for a variety of purposes, including collecting telematics data to better understand vehicle usage, improving the car and engine performance, analyzing consumer needs and improving the customer experience. This will continue to increase over time.

But with this much data, the automotive industry is facing a massive challenge of how to transmit, store and protect such an enormous volume of data. For vehicles to act as mobile data servers, a rethink of onboard data storage architecture is required. Traditional, isolated storage systems will make way for a centralized high-capacity, high-performance storage device accessible by multiple applications. 

OEMs are partnering with mobile network operators to support a communications network that can manage this flow of connected vehicle data, including secure OTA update capabilities. This need is further underscored by the need for high-quality, reliable storage solutions needed for autonomous vehicles.

Some potential strategies include planning for storage capacities that are a level or two higher than current requirements and adopting modular storage architectures. This modular approach allows for easy upgradeability and maintenance. For instance, a data storage card nearing the end of its capacity or life could be easily swapped out. Importantly, the transition towards new storage solutions requires deep collaboration between hardware and software developers to ensure that storage architectures align seamlessly with software functionalities.

Connected Cars Must Process Data Locally

When generating such large amounts of data, some of it must be processed locally on the vehicle via edge computing. Personal or confidential data (i.e. credit card information) is stripped out before being sent securely to the cloud.

However, not all vehicles are equipped with the high computing power necessary to take advantage of the additional connected services. While there are services that could be integrated into a connected vehicle, without the raw power to compute the data, they are severely limited. This creates a situation where some vehicles need additional computing power not for the vehicle to operate, but to enable additional services drivers and passengers wish to use.

Communicating Over the Cloud

In connected vehicles, many systems communicate through the cloud to provide a wide variety of functionality, including remote keyless entry (RKE), navigation, infotainment, telematics, video conferencing, accessing social media, gaming and more.

Securing these systems requires in-vehicle security, a secure encrypted, authenticated transmission channel and a secure cloud.

Cyberthreats to the Connected Vehicle

Just like ransomware and malicious vulnerabilities put networked computers and mobile phones at risk, so too are our connected vehicles. Today’s connected vehicles are like networked computers 20-30 years ago, before advanced security capabilities were standard and evolving as fast as new types of attacks. 

So what are some of the risks?

• A ransomware message demanding payment or risk losing use of the car forever
• Sudden braking or loss of steering control while driving
• Disabled sensors hiding obstacles from navigation systems
• Remote hijacking shutting off a vehicle while driving 

Unlike an infected network computer which usually puts money or data at risk, an infected or hijacked vehicle could also put you and your loved ones at risk of bodily harm.

Looking Ahead

As we continue to see advances in connectivity through IoT, EVs and autonomous vehicles, the complexities and cyber risks continue to multiply. Since vehicle functionality is becoming more dependent on increased connectivity, security is crucial to a successful automotive ecosystem. This is why we have seen the creation of UNECE R155 in recent years.

Drivers must be confident that their vehicles are safe and protected. As OEMs transition to Zonal Architecture, vehicles must be built secure by design with the ability to receive and install OTA updates without creating any vulnerabilities to vehicle hackers.