The Auto Repair Shop’s Role in Connected Car Cybersecurity

Bruno Fernandez-Ruiz isn’t inflating or exaggerating when he throws out this seemingly absurd statistic:

“We collect 100 million miles of road per year,” says the co-founder and CTO of Nexar. “We can end up indexing the real world, structuring the real world the same way Google structures the web.”

Nexar will continue to build vehicle-to-vehicle (V2V) networks around the world, tracking connected cars’ movements and data. The connected car market is expected to continue to grow at a rapid rate (quadrupling by 2021, according to Statista), which means more companies like Nexar will be needed.

And as cars become more and more connected, vehicle cybersecurity concerns will increase. Given Nexar’s workload, it’s clear this is no longer a problem of the future—vehicle security is a concern right now. In turn, as advanced driver-assist systems (ADAS) and telematics technology become a daily component of repair shops’ work mix, the automotive aftermarket must become aware of and adapt to those security concerns.

That’s why the Alliance for Telecommunications Industry Solutions (ATIS)—a forum where information and communications technology (ICT) companies convene to find solutions to their most pressing shared challenges—published its report, “Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives,” in which the organization proposes a collaborative approach that could prove to complement smart cities initiatives, improve vehicle reliability and enhance overall customer experience in a new world of connected vehicles.

And it’s important for automotive repair shops to understand their place in that equation and secure their networks to protect customers, ATIS representatives state.

The Scope

As ATIS notes in its report, connected and self-driving vehicles will give consumers unprecedented new options, but the risks of cyber intrusion will only grow because of it. Dangers range from access to the owner’s, driver’s or passenger’s personal and financial information to outright loss of physical control of the vehicle.

“The network reaches into new frontiers as it provides vehicle connectivity for advanced applications and data collection,” says ATIS president and CEO Susan Miller. ”[This report] positions both the ICT industry and vehicle OEMs to work collaboratively to secure the network and block cyber attacks.”

And since independent repair shops seek to obtain OEM information, they are introduced to the cybersecurity problem, as well.

The Risk of Exposure

There’s no way around it, says Tom Gage: In order to properly repair radar systems and video sensors increasingly appearing in vehicles, automotive repair technicians will soon need to incorporate advanced driver-assist systems (ADAS) into their regular training schedules.

“Instead of a one-hour repair time for windshield that has sensors embedded, it takes another hour to make sure camera is appropriately calibrated,” says Gage, an ATIS board member who is also the CEO of Marconi Pacific. “We know the crash avoidance and automation world is increasingly appreciating and likely to increase the severity of accidents in terms of dollars because of sensors, and the increased software complexity adds another layer of demand on the whole vehicle ecosystem.”

Knowing how to calibrate vehicle systems back to original settings isn’t just a vehicle safety concern, but a cyber safety concern. Because if your shop’s network isn’t secure, it could lead to a cybersecurity breach for your customers.

“The fact [shop owners] will access the communications in these vehicles means they are part of that ecosystem that has to be considered,” says Jim McEachern, ATIS senior technology consultant. “Otherwise, servers in shop get infected by malware, and it will affect all their customers, which would be bad for the industry.”

Along with the growing presence of ADAS, Gage says to consider one of the other main concerns for auto repair shops: diagnostic reports generated from aftermarket OBD-II connectors—a huge player in the growing telematics industry. If your shop sets up an OBD-II connection with a customer, that’s another avenue for cyber attacks to occur.

A Secure Network

If you plan to perform more diagnostic work or vehicle reprogramming, or have plans to utilize telematics technology, Gage says it’s important to address these network concerns with any OEMs or third parties with which you’re working.

On top of that, it is worth having cybersecurity experts and consultants evaluate your network to ensure your shop and customers are as best protected as possible.

“If I’m an auto shop and I have to do some sort of an update to the software,” Gage says, “are all the connections I have secure? Is Wi-Fi secure? Are the servers I’m operating on secure? These are things you need to ensure to prevent the possibility of a cyber attack.”

There is, of course, “no magic key or silver bullet,” McEachern says. It’s a multi-layered problem.

But because it’s multi layered, each layer needs to do its part in ensuring cybersecurity—and that includes even the smallest of automotive repair shops.