Given that today’s vehicles are as smart and connected as the mobile devices you carry in your purse or pocket, it’s common for drivers and passengers to incorporate a variety of aftermarket devices into their rides. From insurance dongles to smartphones, these gadgets typically connect to the vehicle systems via interfaces provided by their manufacturers, such as Bluetooth, USB, Wi-Fi, and OBD-II port, to provide an enhanced user experience.
While the ability to “customize” your vehicle experience is desired, what if incorporating an aftermarket device into a vehicle opens the door to security vulnerabilities that threaten the car’s safe operation?
With as many as 100 electronic control units (ECUs) and around 100 million lines of code inside the newest, most advanced models on the market, today’s vehicles are wonders of electronic design. ECUs are responsible for controlling electrical systems and subsystems, such as the anti-lock braking system or the electronic fuel injection setup. The code, meanwhile, is distributed among the ECUs as well as various devices like sensors and cameras. Increasingly, cars are becoming software-defined vehicles, where software is central to popular functions like driver assistance, infotainment, and connectivity systems. This transformation also means that, left unprotected, connected cars can be as vulnerable to hacking as many IoT devices.
Every aspect of the vehicle should be designed from the start to protect against malicious attacks—and this includes applying safeguards that prevent aftermarket devices from causing harm when connected to, or incorporated into, the car. In this blog post, I’ll discuss the security considerations of aftermarket devices and what you can do to keep them from becoming security threats.