Like the fictional Dr Jekyll, who by day navigated polite Victorian society, digital connectivity has established order, control and convenience. But by night, the Mr Hydes of this connected world exploit the vulnerabilities created by too much trust.

It’s more than 10 years since the seminal Comprehensive Experimental Analyses of Automotive Attack Surfaces was presented at 20th USENIX Security Symposium. A result of a two-year collaboration between teams from University of Washington and University of California San Diego, it is credited with starting Charlie Miller and Chris Valasek on their car hacking adventures, who's 2015 jeep hack in turn inspired a new generation of car hackers.

A dangerous intersection

While hackers and academics had long shown an interest in cars before this (see inset), the stakes changed in the late 2000's with the introduction of drive by wire technology and active safety systems including Emergency Automatic Braking and Lane Keeping Assistance, all making it possible to directly affect vehicle behaviour with dangerous consequences.

Vehicles also gained new communications channels, making them even more accessible to the curious. Diagnostics and USB ports, Wi-Fi, Bluetooth, and even Tyre Pressure Management Systems and Digital Broadcast Radio receivers were successfully exploited as avenues of attack.

Accelerating risk

This combination of an expanding variety of communications channels with increasingly dire consequences, has made connected vehicles an attractive target for hackers of all shades. These exposures will only increase with the addition of new features and radio  protocols such as V2X. The ongoing shift to modularization of systems will also add to this trend with integration of these new systems accelerating the complexity and usage of communications channels.

With such an expanding attack surface, it's tempting to control the risk by limiting connectivity, as argued in Consumer Watchdog's "Kill Switch" Report. Yet this is the cybersecurity equivalent of cutting off one’s nose to spite one’s face. It is good practice to remove redundant and low value interfaces, but generally limiting connectivity also limits agility and kills features that depend on diverse and flexible communications channels.

The challenging road to a secure future

Today's connected vehicles present many opportunities both for hackers and security researchers, and still more challenges for cybersecurity engineers. The technique for addressing these challenges hasn’t changed: careful identification of potential targets and the possible methods of attack, and then systematic risk-based design of appropriate mitigations to prevent the attacks.

What has changed is the extent and complexity of the systems that need to be secured. If the threat modeling and risk analysis process does not scale or is under resourced, then cybersecurity engineers can only consider mitigation strategies at too high a level and produce cybersecurity requirements which are too coarse and therefore limit functionality, or too expensive and get rejected or even just ignored.

These trends will place even more pressure on automotive cybersecurity in the next decade. Automotive manufacturers who master this challenge - embracing complexity without compromising on trust - they alone will deliver the dream of connected, convenient mobility beyond the reach of dark actors and their nightmarish attacks on our privacy and safety.