"Looking at what manufacturers are currently targeting in terms of in-car security, I would suggest that they have taken internet security as a good starting point and aimed at the next level. For example, implementing 256-bit encryption rather than 128-bit, which is still very popular within web security," Highton said.
Doesn't everyone encrypt?
Such "simple" encryption methods escaped BMW last year. It was forced to patch 2.2 million cars that link to its ConnectedDrive platform after hackers were able to unlock cars using their smartphones in a simple "man in the middle" attack, in which a thief sends information from a server (a mobile phone perhaps) pretending to be a BMW and fools the car into unlocking. The carmaker responded with a patch to encrypt that data, and released a statement that it said would offer security to "rival online banking".
The move raised eyebrows amongst the cyber security community, which has long considered encryption "absolutely bog-standard good practice" when using or developing software.
Remote access to cars on the road
Theft aside, the most pressing concern is an attack on a moving vehicle and the ability to take control of a car remotely. Highton says this is only possible if hackers have access to a car for several days and have a "serious amount of processing available to attempt to de-crypt the encrypted data," presuming it is encrypted.
One big assumption is that hackers could get the car, or the electronic units at the very least, up and running. Highton says that the latest version of microprocessors (which will be in the car) come with tamper detection, which will render a unit useless if it thinks it has been intercepted.
Of course, not all cars may be using the latest releases from semiconductor vendors. Rival firm NXP's chief technology officer, Lars Reger, said that ultimately, it's up to car makers and their suppliers to invest in security like encryption and intrusion detection systems.
In addition, cars need to be considered on a case-by-case basis.
He said: "The connected vehicle must be secure from hackers, and all messages must be properly authenticated. Different systems and networks within the car have different vulnerabilities and attack points and therefore will likely require different levels of security. In some cases, software security may be sufficient but other cases will require much stronger tamper proof security solutions."
Sign up for CIO Asia eNewsletters.