(3) Keep all the software up to date, over the air
“Insecure” devices are often subject to viral infection because their firmware is out of date. Keeping all network elements up to date has long been the bane of ICT departments around the world. Now the domain that requires this protection extends to vehicles as well.
When updating connected car firmware, be sure to make these connections wirelessly to avoid “rootkit” infections that can enter a vehicle through a physical connection, including the OBD-II port, USB port and even the charging port for electric cars. Rootkits are particularly troublesome because they can literally take over a device, plus many rootkits cloak and/or clone themselves to prevent detection or removal.
Rootkits are not the only threat that can come with connecting a car to a physical device. Last January, a researcher from the Digital Bond Labs found three security weaknesses in Progressive Insurance’s “Snapshot” OBD-II driver monitoring device: allowing access to a vehicle’s CAN bus, no authentication of the Snapshot device to the vehicle, and no encryption of driver data before transmitting it over a cellular network.
(4) The best defense is a good offense: actively monitor the CAN bus
The virtual spinal cord of the connected car is the CAN bus. It communicates with the ECUs and relays important messages, such as alerting the ECU that controls the air bags that another ECU has reported a hard car crash. Actively monitoring the messages flowing across the CAN bus for unauthorized content, such as one ECU sending restart instructions to another, is a proactive way to protect the vehicle. Movimento’s OTA platform can identify and block unauthorized CAN messages in transit, in less than 10 milliseconds.