The automotive industry is increasingly distributing mobile apps to their customers containing capabilities such as opening vehicle doors, GPS localization access, consumption and usage monitoring, and access to some diagnostic capabilities. But, the use of mobile applications to interact with the vehicle provides a dangerous attack vector. If the app has vulnerabilities, hackers can exploit it to gain access to user’s private information. Considering 100% of new vehicles will be connected by 2026, the number of fraud cases is only set to rise.
THE UN REGULATIONS
Cybersecurity applied to vehicles protects from hacker attacks that might interfere with safety functions.
In 2020 the United Nations formally adopted two regulations on automotive cybersecurity.
The first regulation focuses on standardizing the provisions relating to the approval of vehicles concerning Cybersecurity and Cybersecurity Management Systems (CSMS). The second regulation concerns the vehicle Software Update Process and the Software Update Management Systems(SUMS). Also, the ISO/SAE 21434 standard ensures that OEMs and all participants in the supply chain have structured processes that support a “Security by Design” process.
The UN Regulations and ISO/SAE 21434 standard provide a framework to put in place the necessary processes to identify, manage, monitor, and verify cybersecurity risks in vehicle design and its life cycle.
Therefore, the standard reemphasizes a fundamental concept, namely automotive cybersecurity must apply to:
- threats to the vehicle or its components that use vehicle interfaces as an entry point;
- threats to the ecosystem that compromise resources outside the vehicle and exploit vulnerabilities inside the vehicle.
The final goal is to manage the global cybersecurity risk, having put in place a Cyber Security Management Systems (CSMS). This is done through:
- an IT security governance and policy;
- cybersecurity activities such as threat analysis, risk assessment, vulnerability analysis, security, specific drafting, verification, and validation of the product being conceived;
- IT security testing.
Read the full regulation text.
HOW WE CAN HELP
The XTN Cognitive Security Platform® provides continuous and real-time monitoring based on behavioral-biometrics techniques and proprietary AI algorithms. It brings cutting-edge in-app protection, extending anti-fraud controls at the endpoint level for both web and mobile channels.
Our solution collects information and identifies security threats by analyzing the context, the user interaction with the device, and the environment within the application. It also provides a detailed risk evaluation for each event produced by the vehicle interacting with the mobile app. Having the risk information in real-time, the vehicles manufacturers can dynamically define the proper countermeasure.
KEY BENEFITS
- Optimize the security posture of mobile apps.
- Securely identify the legitimate user and prevent unauthorized access to the vehicle.
- Completely automate the evaluation and countermeasures flow.
- Concisely communicate specific security risks to end-users.
- Prevent data loss.
Read more:
Case study | Protecting Mobile Services in the Automotive Domain
What is Connected Car Fraud? How XTN can help!
XTN Cognitive Security Platform® lets you secure your high-value online services against Connected Car Fraud. Get started!