Attackers analyze the cost (money and time spent, required know-how and equipment, risk of being caught, etc.) versus the benefit (stolen goods or data, publicity, etc.) and when the balance is right, they will strike. If an attack can be executed remotely or if it can be scaled easily to a fleet of vehicles, then there is a more attractive return on investment.
Attack methods are improving over time and becoming cheaper, making them more affordable and potentially profitable for criminals and terrorists. Automotive security must continuously evolve as well. This means that car makers must support updateable and upgradeable future-proof security (e.g. Firmware/Software Over-The-Air updates (FOTA/SOTA)) across the vehicle and beyond, together with their suppliers. New vulnerabilities may be found in the field because the race continues long after the car leaves the production line. It must be possible to apply security fixes during the lifetime of the vehicle, which is longer than the lifetime of most other consumer goods.
Many consider security a topic for researchers, which can delay action
The previously mentioned Jeep hack was quickly forgotten (studies show that only half of the people who heard about it, remembered it one year later).
On technology forums, new hacks (and solutions) are being published continuously, but it is still not common for consumers to demand information about the security of their cars at the dealerships. A commonly agreed upon framework to classify the level of security independently and objectively – as it is done for safety – doesn’t exist today.
Governments are actively raising awareness, as with the FBI's public warning on car hacking, but reaching the right level of consumer awareness for the existing threats and solutions will still take time.
Until now, successful hacks were mostly executed by researchers and industry players themselves, not by criminals or terrorists. But we – the consumers, the industry and society in general – must act now. As we pack future cars with more features and connectivity options for convenience, we must implement the matching measures to ensure security and safety in this more complex, dangerous environment.
Governments and industry players are already working solutions
Car OEMs and their suppliers are defining the security architecture of future vehicle systems and the necessary infrastructure for features like V2X (Vehicle-to-everything communication), cloud services and over-the-air updates. Security is integral part of new designs.