Connected Cars, 5G, the Cloud: Opportunities and Risks
We discuss the opportunities and risks brought about by technologies that connected cars use, such as 5G connectivity and the cloud. This entry highlights the findings from our paper “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud, and Other Connected Technologies."
Connected cars and the technologies that propel them continue to evolve. This brings a host of opportunities to boost vehicle efficiency and safety. However, at the same time, cybercriminals continue to come up with ways to put connected cars and the technologies they use at risk. In our paper “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud, and Other Connected Technologies,” we add some substantial information to our research from last year in order to further explore the threats that could jeopardise connected cars.
This time, we included opportunities and risks brought about by technologies that connected cars can use, such as 5G connectivity and the cloud.
Connected Cars and 5G
Opportunities provided by 5G for connected cars
Gartner revealed that in 2023, the automotive industry will become the largest market for 5G Internet of Things (IoT) solutions. The said industry will comprise 53% of the entire 5G IoT endpoint opportunity, out of which 39% of opportunities will come from connected cars — a significant climb from the 11% predicted for 2020.
This paints a picture of connected cars’ growing reliance on 5G — and with good reason. A connected car comprises of two main components: the car itself and its means of connectivity. The quality of connection defines what a connected car can do. Connected cars that use 4G might require more involvement from the person driving the car to ensure safety and control, especially while driving at potentially dangerous speeds and in crowded areas. On the other hand, 5G has the potential to be a vital part of the future of autonomous vehicles.
5G is said to be a hundred times faster than 4G; while a two-hour film can be downloaded within around seven minutes on 4G, it typically takes more or less 10 seconds for 5G. The high speed and high quality of 5G help provide reliable connection in connected cars.
Cellular Vehicle to Everything (C-V2X)
One of the beneficial features of connected vehicles is their ability to collect information from devices around them and use this data to maintain the safety of both drivers and pedestrians, provide convenience, improve traffic management, and many other functions. One of the ways to make this possible is through cellular vehicle to everything (C-V2X), which intends to make 5G-capable vehicles receptive and reactive to their environment and the events that happen in it. C-V2X also functions for 4G-connected vehicles, although its primary purpose in this setup is to provide traffic alerts and similar functions. In 5G, the benefits of C-V2X are fully realised due to the improved speed and quality that the connection provides.
There are several subsets of C-V2X, some of which are discussed here:
- Vehicle to Cellular Network (V2N)
- Vehicle to Device (V2D)
- Vehicle to Vehicle (V2V)
Vehicle to Network (V2N)
V2N connects vehicles with the back-end mobile carrier infrastructure. It also makes receiving firmware and SIM card updates over-the-air (OTA) and managing the vehicle’s digital assets (such as subscriptions) easier. V2N helps provide cooperative coordination when needed, especially during heavy traffic. As a result, emergency vehicles like ambulances and fire lorries can be given priority road space when they need to rush to their respective destinations.
Vehicle to Device (V2D)
V2D provides a way to connect vehicles to pedestrians carrying their personal devices, such as cellphones. One of the main benefits of V2D is avoiding vehicle-pedestrian collisions, as through 5G, the location of the pedestrians (and their devices) can be relayed to the connected vehicles. This information is vital, especially in low-visibility areas or in cases where there is sudden movement from either the pedestrian or the vehicle.
Vehicle to Vehicle (V2V)
Like V2N and V2D, V2V contributes to safety by promoting collision avoidance: As vehicles approach each other, they communicate by exchanging certificates directly through public key infrastructure (PKI), making them aware of each other’s presence and helping them avoid crashing into each other. V2V also helps in the day-to-day activities of drivers, such as changing lanes or looking for parking spots.
Connected Cars and the Cloud
Cloud-Based Car E/E Architecture
5G makes an ultra-low latency network possible. This development presents another exciting opportunity: moving the vehicle’s electronic control unit (ECU) to the cloud. Some of the benefits of this move would be simplifying the electrical/electronic (E/E) architecture, expanding processing capabilities, and enhancing road situational awareness. It also improves fuel, battery, emissions, and operational efficiency.
We identified what types of ECUs could be moved to the cloud in a cloud-based E/E architecture. For this, we hypothesise moving data- or processor-intensive ECUs. The move needs a low-latency, high-availability network, which 5G provides. Processor-intensive and overly complex tasks such as image processing and road condition observation should also be moved to the cloud. There should be localised processors to handle these tasks in case the network is disconnected, but otherwise, most of the processing can be done by cloud-based servers.
Safety systems should be left in the car to ensure that they work even without a network connection. However, a cloud backup can still be developed. Compared to the vehicle alone, the cloud sees all traffic all the time, helping the safety system of cars by offering full road situational awareness. Overall, cloud-based ECUs create exciting possibilities but also new challenges. Some of the mainstream cloud attacks that original equipment manufacturers (OEMs), suppliers, and drivers need to worry about include:
- Denial of service (DoS)
- Man-in-the-middle (MitM) attack
- Hijacking of services
- Latency issues
- Data privacy
- Authentication and management issues
- Incorrect data
- Misconfiguration issues
- Cloud supply chain issues
Luxury car manufacturers are doing away with physical buttons and switching to fully digital cockpits that can run third-party applications, such as in the case of the Tesla Model 3 and 2021 Mercedes-Benz S-Class. Indeed, the modern connected car is becoming a giant smartphone-on-wheels where cloud-connected applications can be accessed for the convenience of drivers and passengers, powered by a cloud-connected ecosystem.
The above diagram shows what we envision this cloud-connected ecosystem will look like.
The head unit runs applications, while a middleware layer abstracts the E/E details of the car and makes it easier for developers to build car-based applications. This layer can also communicate with the gateway ECU, which will then grant API access to applications that need to send messages to the ECUs.
The bus switch routes the packets to the target ECUs. The apps communicate with either the OEM cloud or third-party clouds of the apps. This is done via a tethered cellular connection from the mobile phone or via the built-in eSIM.
Depending on the E/E architecture of the car, the gateway ECU can also directly communicate with cloud services. As connected vehicles evolve, car-specific apps — including the T1, T2, and OEM versions of these — will emerge. OEM apps will probably not need middleware to access the gateway ECU and might even be able to connect to the bus switch directly.
Middleware APIs will create a rich ecosystem for cars with digital cockpits, but they will also present new opportunities for cybercriminals by giving them easy API access to the vehicle’s E/E architecture and ECUs. This could give rise to a whole host of architecture-agnostic malware such as phishing attacks on cars that install an architecture-agnostic remote access trojan (RAT), ransomware, or a botnet, amongst others.
We explore more opportunities for connected vehicles brought about by 5G and the cloud, as well as fleet management and traditional IT in our paper, “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud, and Other Connected Technologies.”