Cybersecurity in Infotainment Systems for Connected Cars

Movimento Blog

It would be disconcerting to sit in front of your brand-new entertainment system, streaming a movie on your flat screen, only to see a burglar crawl through the screen and into your house. Physically possible? — no! Figuratively possible? — certainly: a connected world offers many more vulnerabilities for hackers and cybercriminals to ‘break in’ to houses, offices, and perhaps most notably, cars.

The connected car is developing at an incredible speed. But new innovations create new vulnerabilities —  especially when it comes to the infotainment unit. The very openness of these systems, designed to receive and transmit information, make them a cybercriminal’s dream.

Infotainment systems are now the first thing most drivers examine when they are buying cars. And as consumers start to demand an increasingly immersive experience, one that syncs with the rest of their digital lifestyle, OEMs will have to balance these expectations against the need for stronger cybersecurity.

Understanding Immersive Infotainment

Until recently, the instrument cluster on the dashboard contained only a few applications – the speedometer and pedometer, the fuel indicator, and a handful of warning lights. But infotainment systems have grown in leaps and bounds, and the future will bring an even more immersive experience. Change will likely arrive in two phases. The first phase will occur during the next two levels of autonomous cars, when humans will still be doing most of the driving. Here, the infotainment system will be geared towards helping the driver make informed decisions in an increasingly relaxed, entertainment-oriented ride.

During the next phase, passengers will use fully autonomous vehicles, and infotainment systems must evolve again, as driver assistance elements become obsolete. But let us focus on the first phase for now. It is estimated that by 2020, 75% of new cars and 22% of total cars on the road will be connected. Here are how infotainment systems must change to keep up:

  • A more user-friendly display system – In the near future, drivers will want a quick glance to tell them where they are going, who is calling, and what song they are listening to — often all at the same time. Digital information consoles must have intuitive UI that drivers can manage without being distracted. Because the driver will still need to keep eyes on the road, consoles should be touch or voice-activated, with screens that can easily be cycled through and enlarged or shrunk as needed. Some Tier One suppliers are even working on gesture-based technology, which could help avoid clumsy fumbling on a screen.
  • More relevant data on the digital cluster – The screen itself is just part of the immersive experience. OEMs have already started experimenting on how to make information more visible even when drivers have their eyes on the road. Speed, directions, drive time, and warning messages can be broadcasted on the driver’s windshield, using the same technology as augmented reality. Much of this information can be pulled from increasingly sophisticated autonomous programs.
  • Driver assistance – Imagine a driver is on the highway and receives a warning that, three cars ahead; someone is slamming on their brakes. A warning light flashes on the dashboard, letting him know that the car is about to brake and that he should be prepared for it. As connections between vehicles grow more complex, human drivers will be privy to more information about upcoming road conditions and other cars. They will be immersed in the world of digital data exchange, with their own vehicle’s software instantly filtering through the most important messages.

These changes will facilitate the safety of connected and semi-autonomous cars. But with more connectivity comes more potential opportunities for hackers.

Protecting the Infotainment System

There are three main situations in which a connected car is vulnerable – when it is sharing information vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), or vehicles-to-device (V2D). An immersive system relies on all of these avenues to collect and analyze data, of course, but the connections mean that areas of vulnerability are intimately linked with the infotainment unit. Consider the potential weaknesses of:

  • The infotainment system itself, which is not only connected to the outside world, but to every other module in the car. After all, it must know everything that is going on in order to broadcast the right information to the driver. This makes it an attractive target. Hackers can break into the sound system, for example, and use that entrance to upload malware that will transmit data about the car’s internal system. It is like a burglar crawling in through your TV.
  • The OBD2 port, because the OBD2 port communicates with the infotainment system to give third-party diagnostic devices information like speed and GPS location, it must also remain open. But since the port connects to external devices, it provides one more point of entry for hackers —and it can be difficult to vet the reliability of external, third-party security systems.
  • Mobile devices for drivers, the best thing about an immersive infotainment system is that it connects to smartphones. For OEMs, the worst part is that this connection opens every car to the problem currently plaguing smartphones — that consumers are not very vigilant about security. Being able to hack into a customer’s phone now means being able to hack into their car.

All of these vulnerabilities mean that cybersecurity must become responsive and immediate. With so many points of entry, OEMs need to be able to deploy security solutions that simultaneously stop security breaches and provide proactive security patches to all other cars in the system. This will require OTA software updating capabilities so that vehicles can remain secure even after leaving the lot.

In a way, cybersecurity must mirror OTA updates to the infotainment system – with proper hardware, both systems can be updated automatically every time new software is developed. But while infotainment upgrades provide a profitable aftermarket option for OEMs, security is not optional.

Every step that we take towards a more connected, immersive experience means another potential opening for cybercrime. But the same technology that creates these ports of entrance can be deployed against cybercriminals. Constant vigilance and technological flexibility will allow us to work toward the day when drivers can, finally and completely, relax!

At Movimento, our OTA software update platform gives OEMs and Tier-1 suppliers the flexibility necessary to adapt to technological changes and also to influence them. Connect with us today to learn more.

Subscribe to our newsletter