September 17, 2015 By Gavin Kenny 3 min read

A modern car is a wonderful piece of engineering. Even at its most basic, these vehicles provide levels of road holding, economy, safety and comfort that make their predecessors of only a decade ago seem like tractors in comparison.

While a modern car’s performance is miles ahead of its forebears, manufacturers know that they cannot rest on their laurels. They must continue to push the boundaries of road holding, power, performance and economy in order to survive in the highly competitive car market.

The market continues to develop, but the discerning customer always wants more. Now we want connected cars that integrate with our own personal IT infrastructure, talk to our cloud-based data stores and communicate with other systems in order to enhance the driving and ownership experience.

Connected Cars Surge in Popularity

This connectivity represents its own unique challenges, and until recently, a vehicle had been its own island: It was controlled both physically and electronically by the people inside it. The connected car is no longer an isolated node but part of a larger web of devices, sharing information about itself and its occupants. IHS Automotive estimated that by 2020 a single connected car will generate 350 MB of information every second!

Traditional component suppliers have to move quickly in order to continue development and become major players in the connected car supply chain. Already, nontraditional manufacturers such as Apple and Google are looking to move into this sector, and history tells us they have an ability to innovate and maintain a presence in new markets.

However, our own experience tells us that the mainstream software development culture is very different from its industrial brother. One is innovative, functional and changes constantly, but has had a checkered past in terms of reliability and security; the other is stable and reliable, but is based on older technology that now has a questionable security record.

Security Questions Surround Connected Cars

So what does a car manufacturer do? Customers demand the latest refinements in connectivity, so new levels of reliability and monitoring are made possible through data links. But these features leave vehicles vulnerable to attack. We cannot have a car that needs to reboot at 60 mph or that can be hacked by someone who takes over control of the brakes and steering while we’re driving.

The security challenge doesn’t stop there. As the car becomes embedded in our personal data network, it has access to vast amounts of our personal information — making it even more attractive to attackers. It is imperative that the vehicle has a security architecture that is robust, flexible and able to adapt over the life of the automobile.

To achieve this, manufacturers either need to invest large sums of money in an area completely outside their core skill set or work with a partner. But which partner should they choose? To me, the answer seems obvious. The enterprise sector has the ability to innovate while delivering the kind of reliability that is so important.

Enterprise systems process petabytes of data every day but at the same time are agile enough to adapt to constantly changing requirements. They achieve this by using proven design techniques and software frameworks that have levels of rigorous testing to ensure quality and consistency. These players need to bring their experience and expertise to the connected car market to deliver the levels of security, reliability and new functionality that will allow the connected car to reimagine our driving experience.

At IAA, IBM is demonstrating its Automotive for IoT solutions, which can transmit vehicle data, monitor vehicle health and analyze driver performance and maintenance needs. Visit us at Booth B48 in the New Mobility World or join in the @IBMAutomotive conversation using the hashtag #DrivingSecurity.

More from Software Vulnerabilities

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis

13 min read - The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and remotely. This analysis was performed in collaboration with the Randori and X-Force Adversary Services teams, by Valentina Palmiotti, Fabius Watson, and Aaron Portnoy. Research motivations…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today