MENU

IT security becomes essential feature for cars

IT security becomes essential feature for cars

Feature articles |
By eeNews Europe



The recent news has acknowledged what many developers around the connected car scenario already knew: Cars are hackable, just like any IT system. But for developers in the automotive industry, this insight is more pregnant with consequences than for the average business IT developer: In vehicles, the lack of security can easily translate into a lack of safety, it can endanger health and even the life of passengers. For this reason, the security of the electronic landscape under the hood and behind the dashboard is more relevant than in most other places.

However, in the automotive value chain, IT security is a relatively new aspect. Hitherto, the electronics inside the car represented a closed world with no, or very few interfaces to the outside world. Though already in the past, security was an issue – the Autosar definition, for instance, contains security elements – the concept of the connected car has brought a paradigm shift. This manifests itself in the first place through the fact that cars now have an air interface and thus a potential gateway for malicious attacks. In the old world, attacks against the car mostly made it necessary for the hacker to have physical access to the vehicle. For instance, the OBD interface, a popular point of entrance for hackers, is located inside the vehicle and thus the attacker first had to gain access in some form, for example by stealing the car key. Or, another real-world example: A team of white-hat hackers designed a software that took control over a car through the audio CD player in the infotainment system. Again, the malicious software needed to be brought into the vehicle manually. All these attack styles have one thing in common: they do not scale, since they have to be custom-made for each and every case.  For this reason, they will remain a matter of government agencies, secret services or similarly well-armed organisations.

With the connected car this will probably change. The car gets integrated into cloud architectures and becomes a part of the Internet of Things. Having a radio interface makes the vehicles inherently vulnerable to large-scale attacks. This all the more so as the “business model” for the connected car calls for devices that access internal control units to read out data from the internal systems and eventually also write new content into them. While, for instance, the capability of updating the car software through this interface would enable vendors to keep this software current or avoid product recalls, it could also enable malevolent contemporaries to inject undesired software into the cars. At stake is the confidence to the safety of today’s and tomorrow’s vehicles. A car that defies the control of its driver could become the worst case for the car manufacturer.

OEMs and suppliers have become aware of the problem. Researchers at Fraunhofer institute have developed a secure computing platform for vehicles. Intel recently launched an automotive security advisory board. Everywhere along the automotive value chain, developers have started to study ways to block attacks. They are not alone in doing so, the world market for IT security is a booming business. Market researcher Gartner estimates the world market for IT security to some $75 billion. “Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things”, says Gartner research analyst Elizabeth Kim.

What can automotive electronics designers and software developers do, to protect the vehicle? A growing industry is focusing on developing protective measures and strategies for the connected car and its software. “100 percent security will never be achievable,” says, Head of Engineering and Consulting at Bosch subsidiary Escrypt GmbH.  “But it is possible to reduce the risk to an acceptable level with protective measures that however have to continuously improved. Recommendable are multi-level concepts to protect ECUs, on-board networks and external vehicle interfaces ranging from OBD to mobile radio. Available measures include, hardware security modules at the ECU level, cryptographic verification codes for the data networks, and automotive-specific firewall solutions for the separation between infotainment and safety-relevant components, to name just a few examples. But beyond these measures, the software update capability for cars is essential. Here, automotive-specific software-over-the-air (SOTA) solutions would help protecting the vehicles throughout their entire product lifecycle”.

How one looks at it, automotive cyber security is a hot topic that keeps electronics and software developers busy across the entire value chain. Industry experts will discuss the topic in detail during the Cyber Security Meeting, taking place from September 28 trough 29 in Dresden, Germany. The event will be organised by the renown British expertise provider Automotive Knowledge Asscoiates. Presentations from experts deeply involved into to security design and concepts will provide detailed insights to the members of the R&D community. The spectrum of presenters ranges from automotive software companies such as Elektrobit and Escrypt to chipmakers like NXP and to experienced IT consultancies like McKinsey and CSC.

Related articles:

Car security at IAA: No need to reinvent the wheel

Hackers take over a moving vehicle remotely

 

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News

Share:

Linked Articles
10s