Hyderabad: Cars are getting more and more interactive by exploiting the power of the Internet. However, the new connectedness also brings with it several vulnerabilities. If hackers could get access to your vehicle, they could play havoc with it.
Jay Turla, principal security researcher at Japan-based automotive cybersecurity company VicOne, a subsidiary of Trend Micro, discusses the vulnerabilities of the connected cars in an interview with Deccan Chronicle.
Excerpts:
Q. So what kind of vulnerabilities do you think the modern connected cars have?
Connected cars have a module called Telematics. It is run by a telematics control unit (TCU), which allows the car to be connected. It is a module where you can plug in your SIM and get connected to the cyberworld. If there are some missing authentication mechanisms in the web application or the cloud data where the TCU connects to, a hacker could actually control features of the car, such as opening the car.
There are some cars which can be opened using your mobile phone because of the telematics module. Now imagine if someone is able to bypass the authentication mechanism of your mobile phone, he can open your car from anywhere in the world. So someone sitting in Japan can apply brakes on a running car in Europe or can spy on your travel. In fact, as part of Trend Micro Zero Day initiative, we invited researchers and hackers to hack for us and find vulnerabilities for OEMs and EV chargers.
Q. If I have a connected car, can I install your security systems? Or do I need to route it through the car manufacturer only?
You can get it installed if you know its configuration as we need to unlock some features for it. So we will try to collaborate with OEMs and install our system.
Q. You said TCU gets connected using SIM embedded in the car. If we do not renew mobile connection, then will it still be a connected car?
If there is no mobile coverage, the car won't be connected. Yet it could face another kind of threat through radio frequency. Now most cars have key fobs for opening or locking. These key fobs are run based on radio frequency. So someone can open a car using the car, if not remotely, from a closer distance. So there's been a lot of attacks right now. Our solutions could actually prevent those because we constantly conduct research into these kinds of attacks.
Q. Are you in talks with any original equipment manufacturers (OEMs) in India to install your security systems?
Yeah. Yesterday we talked with one of the top three Indian OEMs and presented our research to them. They are interested in our cybersecurity solutions, which alerts you.
Q. Are you in talks with any other companies like any OEMs like in the US?
In the span of two years, we've achieved a proven track record. We had talks with the Foxconn led EV platform. We also partnered with Delta, Hitachi and Panasonic Automotive.
Q. The Indian government has been concerned about cyber attacks, especially emanating from China. Have you spoken to the government to make a cybersecurity solution in a connected car mandatory?
We are not in talks with the Indian government. But there is a possibility of talking to Indian OEMs, who could make a proposal to the government.
Q. Are there any other countries, which have cybersecurity solutions mandatory in the cars?
Yes. It is mandatory in Japan to have cybersecurity solutions in the connected cars. The US actually is trying to make it mandatory for government officials.
