Cover Image
Market Research Report

Cyber Security in the Connected Vehicle Report 2016

Published by TU Automotive Product code 351221
Published Content info 59 Pages; 8 Figures
Delivery time: 1-2 business days
Back to Top
Cyber Security in the Connected Vehicle Report 2016
Published: February 1, 2016 Content info: 59 Pages; 8 Figures

Industry Overview

The cyber security of connected vehicles is one of the biggest issues facing manufacturers today. Three significant trends have led to this position:


“Complexity is the worst enemy of security”, and yet the past few years have seen a rapid increase in the cyber complexity of vehicles, evidenced by: (i) a massive increase in lines of code in a vehicle - approximately 100 million currently, compared to around 8 million for an F-35 joint strike fighter; (ii) an increase in Electronic Computing Units to something around 100 currently in high-end vehicles, communicating on a multiplicity of networks; and (iii) a rise in heterogeneity of in-vehicle systems - these are now responsible for a massive range of critical and luxury features within vehicles.


This complexity has been exposed to wireless networks through the development of wireless communication interfaces. These interfaces are a double-edged sword - by connecting the vehicle to the Internet of Things, they have led to dramatically extended functionality, but they have opened up the traditionally closed vehicular system, making vehicles a more accessible and more attractive target to adversaries.


Theft of personal information, leading to identity theft, is an attractive goal for cyber-criminals. Personal data is increasingly available in car networks as the cars themselves are more sophisticated, and smartphones and other devices are connected to them.

The report looks into the vital role of effective and robust cyber security practices and systems in connected vehicles and the future of the automotive industry. Through looking at the vast array of recent precedent, available market solutions and the attack surface in the vehicle, the report will provide automotive players with the most comprehensive analytical paper on cyber security in the connected vehicle available today. With interviews with experts from automakers, government, security service providers and lessons taken from other industries to provide new and critical analysis to the evolving problem of cyber security in the vehicle.

Key Areas Covered

  • Mapping the Attack surface in the Vehicle: Assessing vulnerabilities and precedent in connected vehicles today as well as tomorrows technologies
  • The Types of Hacks and the Threats They pose: Why hack a vehicle? What form do they take? How best to protect against them?
  • The Available Market solutions: What products and services are on the market and how best can they be used to protect specific areas of the vehicle
  • Standards: What standards exist? What standards are being worked on? How might the auto industry evolve best with the introduction of certain standards?
  • Lessons from Other Industries: What lessons and practiced can be applied to the automotive sectors? What can the aviation, defence and financial industries teach the automotive industry

Your Key Questions Answered On:

  • What does the cyber security landscape look like today?
  • How rapidly is this landscape changing and in what ways?
  • How are current vehicles at risk and how are vulnerabilities being exploited?
  • Why hack a vehicle? What are a hacker's motivations?
  • What are the real risks and potential consequences? How does this differ from the ‘media hype'?
  • How do you build holistic security strategies and systems and implement them successfully?
  • What are the available market solutions and who are the key players?
  • How can these solutions be effectively implemented to guarantee maximum security and ensure consumer trust?

Key Reasons To Buy The Report

  • A vital resources in assessing the global cyber threat in order to develop holistic security approaches
  • Analyse the real risks and threats in the auto industry
  • Assess the current solutions on offer and the experts providing them
  • Develop and implement robust security architectures
Table of Contents

Table of Contents

Executive Summary

1. Introduction

  • 1.1. Terms and definitions
  • 1.2. Summary of report

2. Mapping the attack surface within the vehicle

  • 2.1. Types of connectivity
  • 2.2. The Attack surface
    • 2.2.1. Infotainment
    • 2.2.2. DAB radio
    • 2.2.3. USB
    • 2.2.4. OBD-II
    • 2.2.5. Bluetooth
    • 2.2.6. Wi-Fi
    • 2.2.7. JTAG ports
    • 2.2.8. Dedicated smartphone interfaces
    • 2.2.9. Tire Pressure Monitoring System (TPMS)
    • 2.2.10. Immobilizer
    • 2.2.11. Telematics control units
    • 2.2.12. Passive Keyless Entry
    • 2.2.13. Remote Key Entry
    • 2.2.14. eCall
    • 2.2.15. DSRC (Digital Short-Range Communication)
    • 2.2.16. GM's OnStar
  • 2.3. The automotive ecosystem

3. Types of hacks and threats they pose

  • 3.1. Introduction
  • 3.2. Why hack a vehicle? Hackers and their motivations
    • 3.2.1. Tuners
    • 3.2.2. Academic security researchers
    • 3.2.3. White hat hackers
    • 3.2.4. Script kiddies
    • 3.2.5. Black hat hackers
    • 3.2.6. Gray Hat Hackers
    • 3.2.7. Vehicle theft
    • 3.2.8. Financial theft and damage
    • 3.2.9. Remote surveillance of individuals
  • 3.3. Attack anatomy
    • 3.3.1. Bridging attacks
    • 3.3.2. Infotainment
    • 3.3.3. OBD-II
    • 3.3.4. Bluetooth
    • 3.3.5. Wi-Fi
    • 3.3.6. CAN bus
    • 3.3.7. Dedicated smartphone interfaces
    • 3.3.8. Tire Pressure Monitoring System (TPMS)
    • 3.3.9. Immobilizer
    • 3.3.10. Telematics: manufacturer and after-market telematics
    • 3.3.11. Passive Keyless Entry and Start
    • 3.3.12. eCall
    • 3.3.13. Advanced Driver Assistance System (ADAS) features
    • 3.3.14. Digital Short-Range Communication (DSRC)
    • 3.3.15. Sensor networks
  • 3.4. Attack trees
  • 3.5. Hacker heat map

4. Available market solutions

  • 4.1. Technical approaches
    • 4.1.1. Identifying dependencies
    • 4.1.2. Testing for unanticipated user input
    • 4.1.3. Techniques that expose vulnerabilities
  • 4.2. Penetration testing
  • 4.3. The holistic approach
  • 4.4. Plugging the gaps
  • 4.5. Market initiatives and key players
    • 4.5.1. Cyber Security Consortium for Connected Vehicles (CCV)
    • 4.5.2. UK Department for Transport initiatives
    • 4.5.3. BT Assure
    • 4.5.4. NCC Group assurance and testing services
    • 4.5.5. SBD technical consultancy
    • 4.5.6. SBD and NCC Group strategic partnership
    • 4.5.7. Automotive Secure Development Lifecycle (ASDL)
    • 4.5.8. I Am The Cavalry's Five Star Automotive Cyber Safety Framework
    • 4.5.9. Plextek
    • 4.5.10. Intel and the Automotive Security Review Board
    • 4.5.11. The Markey Report and the SPY Car Act
    • 4.5.12. The Transport Research Laboratory
    • 4.5.13. HORIBA-MIRA
    • 4.5.14. Scarecrow Consultants
    • 4.5.15. Thatcham, UK
    • 4.5.16. TowerSec automotive cyber security
    • 4.5.17. Telefónica's M2M connectivity offering
    • 4.5.18. Elektrobit embedded solutions
    • 4.5.19. Covisint's secure platform
    • 4.5.20. HARMAN
    • 4.5.21. Visteon's OASIS cockpit
    • 4.5.22. NXP Semiconductors
    • 4.5.23. Mocana
    • 4.5.24. AIRMIKA's CYBLOK
    • 4.5.25. Sierra Wireless's Legato platform
    • 4.5.26. CAR 2 CAR Communication Consortium (C2C-CC)
    • 4.5.27. Security Innovation's high speed communications security

5. Cyber security-related standards and initiatives

  • 5.1. ISO 26262
    • 5.1.1. Limitations and extensions
  • 5.2. SAE J2980
  • 5.3. SAE J3061
  • 5.4. US initiatives
    • 5.4.1. SPY Car Act
    • 5.4.2. NHTSA work
    • 5.4.3. NIST
  • 5.5. Threat modeling
    • 5.5.1. Checkoway's threat modeling framework
    • 5.5.2. IBM Global's security model
  • 5.6. Other industry initiatives
    • 5.6.1. E-safety Vehicle Intrusion Protected Applications (EVITA)
    • 5.6.2. Trusted Platform Module (TPM)
    • 5.6.3. Secure Hardware Extensions (SHE)

6. Lessons and conclusions

  • 6.1. Lessons from aviation
  • 6.2. Conclusions



Case Studies

  • TBC
Back to Top