|

Hyundai’s Cybersecurity Could Protect Self-Driving Cars from Hacks

The future of the connected car may come with a lot of driver data collection for the sake of personalization.

Photo of a Hyundai patent
Photo via U.S. Patent and Trademark Office

Sign up for smart news, insights, and analysis on the biggest financial stories of the day.

Hyundai wants to protect your car from more than just crashes. 

The South Korea-based automaker filed a patent application for “vehicle cyber security and attack path analysis.” Hyundai’s system aims to prevent hackers from being able to access the slew of data that its high-tech vehicles collect. 

As vehicles become more connected and autonomous, and “software complexity increases, vulnerabilities inherent in software increase, and cyber threats such as hacking to exploit them have … also rapidly increased,” Hyundai noted in the filing. “Therefore, cyber security has become a very important factor in vehicle design.”

Hyundai’s system stores what it calls “threat scenarios” for how an in-vehicle control system could be vulnerable to cyberattacks, as well as the “attack paths” a bad actor could take to complete the attacks. 

The filing identifies different threat patterns that the vehicle’s computer systems could be vulnerable to, such as spoofing, tampering, or information disclosure. Hyundai’s system also deciphers different “damage scenarios,” or the different kinds of data or functions that could be put at risk in the face of an attack.

In practice, this system would essentially run attack scenarios on different parts of the car to figure out its vulnerabilities. For example, its simulations may determine that a car’s bluetooth system is vulnerable to tampering, its cellular connection system is vulnerable to information disclosure, and your GPS is at risk of spoofing attacks. 

If patent activity from automakers has revealed anything, it’s that these companies are very interested in making their vehicles more high-tech. For example, Tesla’s vehicles are already loaded with user tracking features, and the company has sought to patent a “personalization system” to automatically adjust vehicle features to user preferences. Ford, meanwhile, has filed applications for things like biometric car keys and driver data usage for tracking test drives. 

Automakers and tech firms alike are also building up their stables of autonomous technology, which requires far more advanced tracking capabilities than the average car has traditionally come equipped with. 

Hyundai’s patent exemplifies a major issue that automakers face in developing connected cars: As these vehicles become more advanced, the amount of personal user data they collect to operate certain services grows larger. That inherently makes them more vulnerable to cyberattacks, said Bob Bilbruck, CEO of consulting firm Captjur

“All these services that are going into the car are potentially a breach point that could be hacked or taken over,” Bilbruck said. “Your information can be taken wherever it resides. And the more connected this world gets, the more risks arise.” 

Though one of the most secure ways to protect user data is simply not to collect it, in-vehicle data collection isn’t likely to stop, said Bilbruck. Automakers are walking a fine line with overcollection of personal data, he said, especially as the market for personalization features and in-vehicle AI forges ahead. 

“I don’t think there’s going to be less data coming out of those cars,” he said. “Because it’s a consumer based product, it’s going to be more rather than less.” Because of this, he said, automakers need to continue looking at ways to safeguard that data – for both the protection of consumers and protection of their brands.