The recent news has acknowledged what many developers around the connected car scenario already knew: Cars are hackable, just like any IT system. But for developers in the automotive industry, this insight is more pregnant with consequences than for the average business IT developer: In vehicles, the lack of security can easily translate into a lack of safety, it can endanger health and even the life of passengers. For this reason, the security of the electronic landscape under the hood and behind the dashboard is more relevant than in most other places.
However, in the automotive value chain, IT security is a relatively new aspect. Hitherto, the electronics inside the car represented a closed world with no, or very few interfaces to the outside world. Though already in the past, security was an issue – the Autosar definition, for instance, contains security elements - the concept of the connected car has brought a paradigm shift. This manifests itself in the first place through the fact that cars now have an air interface and thus a potential gateway for malicious attacks. In the old world, attacks against the car mostly made it necessary for the hacker to have physical access to the vehicle. For instance, the OBD interface, a popular point of entrance for hackers, is located inside the vehicle and thus the attacker first had to gain access in some form, for example by stealing the car key. Or, another real-world example: A team of white-hat hackers designed a software that took control over a car through the audio CD player in the infotainment system. Again, the malicious software needed to be brought into the vehicle manually. All these attack styles have one thing in common: they do not scale, since they have to be custom-made for each and every case. For this reason, they will remain a matter of government agencies, secret services or similarly well-armed organisations.