Preventing outsiders from hacking into electronic systems is becoming a greater concern as wireless technologies become the norm for vehicles. Automakers are employing different techniques to reduce vulnerability, often by teaming up with partners that specialize in security.
To date, automakers have spent more time worrying about protecting data from hackers who plug into vehicle buses. But as more vehicles have on-board telematics and advanced links to smart phones, the soaring volumes are likely to attract malware developers. Companies throughout the supply chain are viewing the threat with concern.
“Ultimately wireless hacking will become the biggest threat,” said Richard Soja, Distinguished Member of the Technical Staff at Freescale Semiconductor. “There are a variety of methods for maintaining data confidentiality on the chip.”
Wireless hacking has not yet emerged as a critical threat, but several research projects have shown the potential danger and dramatically increased concern levels. Component suppliers and subsystem developers alike are devising techniques that ensure that outsiders can’t send messages over vehicle networks. These approaches must work within the limitations of vehicle networks.
“One step to protect critical systems is to digitally sign safety-critical messages that travel on the CAN bus so that the system only acts on messages that are verified as authentic,” said Bjoern Steurich, Cross Functional Team Lead at Infineon Technologies AG. “This is practical, versus trying to encrypt all CAN traffic, which cannot be done due to bandwidth issues.”
Smart phones, which have already attracted the interest of hackers, will become one of the biggest threats once they start interacting closely with vehicle infotainment systems. As more users connect their phones to the vehicles and run apps that are tightly linked to the infotainment systems, the surge in data transfer is increasing the number of potential threats to vehicle electronics.
“There has been a shift by automakers to enable the secure installation of trusted apps via an OEM-owned, cloud-based system,” said Bas Mevissen, Lead Security Software Architect at Visteon. “The use cases of trusted apps must be understood and the access rights must be clearly defined and enforced to help mitigate the security challenges.”
As automakers expand their engineering programs to include security, they’re leveraging knowledge gained in other fields. Many are linking up with security specialists from fields where security has been needed for years. For example, Visteon has worked closely with Secunet, a German information technology company that focuses on security.
“We work with a security consultancy partner that assists us in determining and assessing possible risks/threats and advises us of possible security measures that can be taken,” Mevissen said.
Some OEMs, Tier 1s, and component suppliers are altering their development teams to reduce vulnerabilities. For example, Infineon has altered some of its teams while noting that its customers are taking a similar tack.
“We are seeing that OEMs are forming dedicated teams to work on this at a system level,” Steurich said. “Where there used to be separate groups looking at security, body protection, and powertrain issues like tuning and intellectual property protection, there are now more cross-functional groups.”
Observers note that an expected increase in communications may drive expanded interest in security. Many predict that regulators will require vehicle-to-vehicle/-infrastructure communications. When cars send messages to each other and communicate with roadside beacons, there’s potential that hackers can cause accidents or jam up traffic.
“When you start getting into vehicle-to-vehicle communications, there’s a lot of concern that a malicious attack on a large basis, like someone sending out malicious emergency braking commands could gridlock an entire city,” said Gary Miller, Staff Product Marketing Manager, Body and Powertrain, Automotive Marketing Unit at Renesas. “To stay ahead of this when every car on the road is talking requires handling a lot of messages, so vehicles will need even more processing capability.”