New study reveals major concerns over the security of connected cars

New research has revealed that half of British drivers (49%) are concerned about the safety of the connected car, with automotive manufacturers also admitting there could be a security lag of up to three years before systems catch up with cyber threats.

The report – commissioned by Veracode and carried out by the International Data Corporation (IDC) – revealed half of drivers are concerned about the security of driver-aid applications, such as adaptive cruise control, self-parking, and collision avoidance systems, reflecting an equal level of concern with the safety of the entire vehicle.

Connected cars will revolutionise the automotive sector

As the ability for drivers to download applications to navigate, park, communicate, conserve fuel, self-park or other driver enhancements will revolutionise the automotive sector, IDC projects the total market for automotive-related Internet of Things in 2016 is worth US$140.3 billion.

Yet exposing a car to the Internet makes it vulnerable to cyberattacks which could render the car unstable or dangerous, such as the 2015 demonstration where a Jeep Cherokee was totally taken over by security researches while driving at more than 70 mph on a US freeway. The security implications impact vehicle manufacturers, component manufacturers as well as independent software vendors (ISVs), all of whom are racing to keep up with driver demand.

concerns over security in connected cars

Concerns over safety and cybersecurity in connected cars

As applications continue to drive greater functionality across connected devices, concerns over safety and cybersecurity become paramount for manufacturers. The research highlights several cybersecurity approaches being taken by manufacturers to reduce risk across a number of application-driven connected car systems, including performance, dashboard and smartphone connectivity, as well as driver aids.

Key findings of the recent research include:

  • Driver downloaded applications pose security challenge. All manufacturers interviewed reported concerns around the security of critical systems being exposed to applications they did not develop, creating situations where the safety of the vehicle would ‘leave the control of the manufacturer’.
  • Manufacturers should be liable for safety of the connected car. 87% of drivers polled believe all aspects of safety – including resiliency of applications to cyberattacks – rests with manufacturers, regardless of whether an in-car application was developed by a software company or the car manufacturers themselves.
  • Manufacturers do not feel they need to worry about driver data privacy. However, 46% of drivers are concerned about this issue, particularly as applications continue to integrate. For example, as navigation system evolve to find, reserve and pay for parking automatically, the potential for leaking credit card information and other personal data arises.

“What we’re seeing happen in the auto industry is a microcosm of what’s happening in financial services, healthcare and virtually every other sector – applications are not created with security in mind, creating a major area of risk,” said Chris Wysopal, CTO, Veracode.

“Exposing a car to the Internet makes it vulnerable to cyberattack due to poorly written software, which could render the car unstable or dangerous. Building a secure application development programme is a significant challenge for manufacturers, which is compounded by the need to do so under the microscope of government regulated safety standards and liability concerns,” Wysopal added.

“Cybercrime is increasing at an alarming rate.  It is essential that public safety is uppermost in the minds of innovators and that risk is reduced to the minimum level possible,” former Defence Secretary Dr Liam Fox MP said.

Market for connected car apps is large

The positive implication from the research is that the market for downloadable apps is large, spanning the entire market of drivers of all ages and genders.

connected car security

“Manufacturers are, we think, correct in focusing on apps that enhance car functionality, such as the many driving aid apps currently being developed,” the report states.

Manufacturers are advised to continue to leave the infotainment segment to the strong players in that sector: predominantly Google and Apple. But they cannot abdicate security to these third parties.


Edited from press release by Cecilia Rehn.