Do you actually need a security product in your car? Part 1: Prevention, Detection, Remediation

Note: This is going to be a somehow longer article which I will finish in a couple of related posts.


A security product is a program that

  1. Prevents that malware enters the system
  2. Detects if previously unknown malware is running on the system
  3. Remediates the actions of detected malware on the system

Note that it is not mentioned *how* PDR gets implemented in practice. There are many ways to implement them and it is out of the scope of this article how this gets realized.


Back to our question:

Do you actually need a security product in your car?

Today, no, you don’t. But in 1-2 years the situation will change. Remember that in the automotive industry innovations need time until they reach the end-customers.

Why? Read on…


The “Today”

Why not today?

The cars today are just beginning to become connected. It is like it was in the 80′ with the PCs:

  • have little to no attack surfaces. They are mostly closed systems or have a single encrypted connection to a backend from which they get the data they need.
  • the entry points in the car are:
    • the infotainment system
    • the ODB2 port
    • the in-car Wi-Fi network (optional in most cars)
    • the Bluetooth connection to the audio system (part of the infotainment system)
    • the navigation system (usually part of the infotainment system)
    • the Autonomous Driving Assistant Systems are just in infancy
  • there is no (known) malware for the cars
  • There is a fairly clean separation between the high level (closer to the user) parts of the car and the low level parts (closer to the CAN BUS and ECUs). I say “fairly clean” because I don’t have enough information to say contrary. However, considering the hacks that happened lately, the borders between high- and low-level systems are definitely in need of reviewing.

There is a lot of potential there, because the future will go into this direction:

  • advanced connectivity
    • Vehicle to Vehicle
    • Vehicle to Infrastructure
  • openness towards 3rd party applications
  • open source software to be integrated in the car (in various systems)
  • openness of the OBD2 interface towards 3rd party hardware in order to
    • track vehicles
    • offer advanced configuration of the car subsystems
    • consumption optimisation
    • insurance tracking (insurance companies want evidence that you drive carefully, even if you don’t produce an accident)


The “Tomorrow”

The tomorrow is happening…

Due to the fact that the auto manufacturers need to give some of the control to 3rd parties, there are many opportunities for malware authors. Yes, it sounds bad, but this is exactly what it is: where security people see danger, cyber criminals see opportunities. See the proof here “Car Hacking News Timeline“.


How could a security product prevent these?

Well, it can’t. At least, most of these hacks can’t be prevented by a security product.

It is the same situation like in the PC industry: there is no single security product that can secure a PC completely and make it completely invulnerable to attacks. However, with the proper software layer and a lot of user education, we have managed to reach a minimum level of security. But we are still in an armed race with the cybercriminals which no security company can win.

What are the worse things related to security software ?

  1. They slow down the system
  2. They produce false positives
  3. The interaction with the user is usually very bad designed (sometimes for a reason)

There is an additional factor that comes in discussion when we talk about cars: how do you inform the user that the car is … infected with malware? Or at least that it is under attack ?

This is not so easy to answer. I mean, imagine: you’re driving and the car’s’ systems start to blink and/or beep.

Simple answer:

You don’t.

Long answer: 

There is no perfect solution here. But we can find something that is user acceptable.


What kind of security product could run in the car?

I guess this is the most important question.

Well, there is no unique answer and no perfect answer…

But this is going to be another post.


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: