Services in connected vehicles: Security risks and countermeasures

Book chapter, 2021

Smart vehicles have introduced many services which can be categorized by their functionality (infotainment, comfort, ADAS, OEM services). Introducing new services increases the risk of compromising security. A mobile app used by drivers to connect the vehicle could be infected with malware and spread to the vehicle. Forging remote starting signals enables an attacker to start the vehicle without a key. Security implications of these services should be investigated and addressed thoroughly. This chapter investigates such problems and provides an overview of vulnerabilities, attacks, and mitigations related to these services along with findings including software bugs and insecure protocols. The mitigations for these attacks include strengthening the security protocol of the vehicle CAN bus and incorporating security protocols such as TLS and IPsec. It is hard to say that all connected vehicles are secured. In conclusion, security cannot be neglected, and best practices like sufficient logging (e.g., IDS), reviewing, security testing, and updating of software and hardware should be used.