OnBoard Security InSights

Securing Access to Your Car’s Data

Posted by Gene Carter on Oct 15, 2018 10:22:09 AM

The Onboard Diagnostics Port (OBD) has been required for all cars sold in the US since 1996 and in Europe since 2001. Prompted by the need to simplify the diagnosis of increasingly complex emission control systems, the OBD-II improved on previous implementations by providing standardized condition codes for the auto repair and tuning markets. Standardized access to this data has helped spawn a robust aftermarket of plug-in devices to allow consumers to monitor their teen drivers, earn discounts from insurers, or gain insights into the performance and health of their vehicles. Similar devices allow fleet managers to monitor the condition, performance and behavior of their vehicles. Nearly all of these dongles offer a wireless connection for the convenience of their customers. Unfortunately, a wireless connection also provides a potential path for hackers to gain entry to the car’s internal networks. 

Secure Access - aftermarket can access car's data while protecting from hackers

To combat this risk and potential liabilities, the automakers are increasingly restricting access to the OBD-II port while the vehicle is moving and, as much as legally allowed, while the car is stopped. The OBD-II port will likely be replaced over the next few years with a better and more secure interface. 

To maintain free and open access to data for aftermarket equipment, the Auto Care Association recently announced a secure vehicle interface (SVI) that they will demonstrate at the AAPEX 2018 conference. The Secure Vehicle Interface (SVI) is based on international standards and provides for secure access to automobile data.

The SVI has been designed to give consumers more ability to specify who has access to their vehicle’s data. For example, a mechanic working on a vehicle would have access to the diagnostic data (and only that data) for a limited amount of time, while nearby mechanics, businesses and even the car manufacturer would be blocked.

Car makers should welcome the SVI as it eliminates the need for an OBD-II port, possibly the most vulnerable part of a car, and allows them to open up more data to partners for enhanced services and increased monetization. Consumers will welcome the SVI for its enhanced privacy, security and selective control of potentially sensitive data.

The SVI solution is defined by the proposed ISO 21177 standard, which was created and edited by OnBoard Security’s Chief Technology Officer, Dr. William Whyte. The standard is currently being reviewed by the relevant Technical Committees and Working Groups and expected to be approved within the next 3 months The automobile industry can expect this standard to be fully implemented before the first half of 2019.

Topics: Automotive, Privacy, Embedded Security, Autonomous Vehicles, Regulation, Cyber Security, Connected Vehicles

Learn About the Latest in IoT Security from Our Team of Experts


OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Recent Posts