Behind the increasing harmony between cars and phones lie serious security questions, writes Andrew Till

There’s no doubt that the global pandemic hit the automotive sector (and pretty much everyone else too) hard. However, in recent weeks projections have begun to emerge suggesting that the global automotive market is about to bounce back. The connected vehicle market is a key component of this and growth is estimated to reach 270% by 2022, further accelerated by the arrival of 5G and the penetration of connected cars in major European countries. Add to this that 96% of new vehicles shipped globally will have built-in connectivity by 2030, according to market research, and the industry is looking at a two-fold increase since 2020.

What’s driving this?

The way we select and purchase a car is changing. Traditionally driven by aesthetics and performance, consumers are increasingly being influenced by entertainment and in-vehicle services, safety, and security features. With all of the excitement around compelling new bells and whistles, often driven by enhanced convenience for users, it can often be the case that more important issues such as digital security are missed, when in fact they should be underpinning everything.

96% of new vehicles shipped globally will have built-in connectivity by 2030

Of late, there has been a steady stream of announcements of strategic partnerships being made—with car manufacturers and mobile OEMs offering phone-based digital car keys and outlining plans for the development of in-vehicle payment schemes. The advent of the 5G era is getting everyone excited and will accelerate these trends as automotive manufacturers seek to enhance the in vehicle experiences. The harsh reality, however, is that to really flourish in 2021, connected vehicle technologies must focus on providing robust cyber security to avoid any cyber mis-step that could lead to long-term or irreparable brand damage that has been a feature of other industries.

Security concerns

The news that ‘smart’ car keys are not without their security challenges has been widely acknowledged and there is now a strong focus placed on mobile app-based digital car key—promising the ability to open, start or even summon the car using a mobile phone. The main consequences that can arise from this innovation is the creation of new attack vectors that may lead to a more attractive environment for hackers, many of whom have extensive mobile experience, to penetrate vehicle systems and gain unlawful entry. While there are robust standards for the Digital Car Key experience, other mobile-to-vehicle experiences are not covered by formal cyber security requirements. This can be confusing for consumers, who will not be aware that one experience is protected while another is not.

Vehicle manufactures must therefore be very careful to balance the need to offer new compelling mobile features against the risk of leaving the door open to attack. Currently companion apps are often outsourced with security being a low-level consideration. Moving forwards, they’ll need to become central to a manufacturer’s platform and be considered as a central part of the overall cyber security architecture.

Connected vehicle technologies must focus on providing robust cyber security to avoid any cyber mis-step that could lead to long-term or irreparable brand damage that has been a feature of other industries

Another emerging security issue concerns in-vehicle payment systems. Dramatic growth is anticipated in this area with OEM innovations in partnership with the likes of Mastercard and Visa significantly improving the customer experience. This may lead to vehicles storing highly sensitive information such as payment system username and passwords or even credit card credentials. Making sure personal data and financial information remains fully secure must be a priority. A future of being able to pay tolls, fuel, parking and even for your coffee directly from your dashboard is an attractive one, but it mustn’t come at a cost.

Picking up speed

2021 will be a year of meaningful change. The combination of new industry regulation, a heightened competitive environment, and learning to live with the new reality created by COVID-19 and the impact this has on consumer requirements will help to drive a wave of new innovations.

As companies create new partnerships, deliver new services, and establish new revenue streams they must have robust cyber security built into the foundations of their platforms. Providing them with the due investment and consideration needed will be key to ensuring customers safely move forwards and leading to high levels of adoption that drives revenue growth for the industry.


The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.

Andrew Till is the General Manager, Automotive, at Trustonic

The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact [email protected]