Cyber-Physical Mobile Apps
The increasing use of mobile applications to connect to automotive features (whether infotainment or for keyless entry) requires security to become an inherent piece of mobile application development. Three documents are reviewed in this chapter. The first focuses on an existing US standard from the US NHTSA, the Federal Motor Vehicle Safety Standards for Theft Protection and Rollaway Prevention, and notably on some recent updates regarding the form factors of modern keys, which can today be on a code carrying device (i.e. a smartphone or other physical device).
The second is the OWASP Mobile Application Security Verification Standard which focuses on standardizing development practices and requirements to ensure the secure correct handling, storage, and protection of sensitive data in smartphones. This is a generic standard not specific to the automotive sector, but which is a significant recommendation carrying weight in the industry.
The last is NIST Special Publication 800-163, which is intended for use by organizations intending to disseminate applications on employee end devices. It includes standards and best practices for secure app development (in accordance with their intended use case), as well as the formulation of procedures to vet those applications. Also a generic all-market publication, it has direct relevance to the automotive industry.
