Augmented Reality in Automotive, Security and Privacy Risks

Augmented reality (AR), or computer-mediated reality, is the enrichment of human sensory perception by means of information, generally manipulated and conveyed electronically, which would not be perceptible with the five senses. As for the automotive sector, augmented reality brings new opportunities at every stage of the process chain. It helps with production and inventory, assists technicians with vehicle maintenance and upgrades systems for a better driving experience. On the other hand, AR carries security and privacy risks.

The elements that increase reality can be added through a mobile device, such as a smartphone, with the use of a PC equipped with a webcam or other sensors, with vision devices (eg. projection glasses on the retina), listening (earphones) and manipulation (gloves) that add multimedia information to the reality already normally perceived. The additional information may actually also consist in a decrease in the amount of information normally perceived by the senses, again in order to present a situation that is clearer or more useful or more amusing.

The global augmented reality (AR) market was worth nearly $ 7 billion in 2020, and the market is expected to grow by more than 35% by 2030.

As for the automotive sector, augmented reality brings new opportunities at every stage of the process chain. It helps with production and inventory, assists technicians with vehicle maintenance and upgrades systems for a better driving experience.

New safety standards and an ever-increasing demand for comfort and luxury are driving the automotive market. Industry 4.0 also requires sustainability and consideration of future impact. For these reasons, vehicles are becoming more complex and sophisticated year after year. Modern cars incorporate multiple cameras, dozens of sensors, microprocessors, and about 100 million lines of code. Cloud-connected infotainment systems make today’s vehicles technological marvels on wheels.

On the other hand, AR carries security and privacy risks: AR browsers facilitate the enhancement process, but the content is created and distributed by third-party vendors and applications. This causes the unreliability of the service as AR is a relatively new domain and the mechanisms for generating and transmitting authenticated content are still evolving. Sophisticated hackers could replace a user’s AR with one of their own, deceiving people or providing false information. Furthermore, hackers can embed malicious content into AR applications and unsuspecting users can be leaded to malware-infected websites or servers. Other potential security attacks are denial of service and Man-in-the-Middle; network attackers can listen to communications between the AR browser and the AR provider, AR channel owners, and third-party servers. Finally, hackers can access a user’s augmented reality device and record their behavior and interactions in the AR environment. Subsequently, they may threaten to publicly release these recordings unless the user pays a ransom.

During PHOENIX project, three components have been developed to reduce aforementioned risks: Privacy Protection Enforcement (PPE), Situation Awareness, Perception and Comprehension (SAPC) and Incidents Mitigation and Enforcement Countermeasures (IMEC). Six electric vehicles and three charging stations have been exploited at Terni pilot site to test the PHOENIX components with the aim to improve smart mobility cyber security.