The 2016 SAE Congress forum on Connectivity sounded like a meeting in a war room—peppered with terms like "notification of attack" and "assets deployed" along with talk of "new alliances" and "global risks." And in a sense, it was such a discussion.
The urgency of the cybersecurity topic has created the need for advanced approaches to defense. The auto industry has formed an overarching answer that is similar to what already has been done in aviation—an Information Sharing and Analysis Center (ISAC).
The aviation ISAC is a framework to collect for analysis, anonymously, anything that could attack all OE architectures, explained Faye Francy, executive director. The automotive equivalent, which has just become operational, also will serve as a central hub for gathering intelligence to track cyber threats and identify weaknesses in vehicle electronics that are common to more than one manufacturer.
Auto-ISAC, formed by two industry associations, has 22 members. "We're all getting attacked at some level," Francy said.
The openness of the automobile to malware intrusion was one issue addressed in different ways by the forum panelists. The threat of hackers "drives a wedge into people's trust," said Brian Murray, ZF TRW Global Director of Safety and Security Excellence.
If there's a perception that something is not safe, it doesn't matter to the public, even if there is no physical or kinetic damage to date, added Dan Massey, program manager on cybersecurity at the U.S. Department of Homeland Security (DHS). And when there is damage, the absolute numbers often aren't important, claimed Doug Britton, CEO of Kaprica Security.
"A small number is enough; you don't need 50,000," Britton noted. "You could do it with 10."
ABS service command an issue
A serious issue could be posed by so common a vulnerability as the command to disable the vehicle’s ABS (anti-lock brakes) actuator, noted Andrew Weimerskirch, cybersecurity researcher at the University of Michigan. Automotive service technicians have had to use this command for many years to permit bleeding the ABS section of the hydraulic brake system, particularly when a new brake pressure modulator valve assembly is installed, so as to purge any air and fill the circuits with brake fluid.
The ABS disabling capability is routinely built into all but the most basic scan tools, and a hacker accessing it through an OBD II gateway or an installed dongle could raise it to the level of a threat. "This command should not exist," Weimerskirch said.
However, with current ABS control configurations, isolating is not necessarily simple on many cars. And it’s just one example. The entire problem of secure service access was observed by ZF TRW's Murray. He told the attendees that electronic service decisions and trouble code modifications typically come late in the vehicle design cycle, when warranty concerns may be raised.
The present level of built-in vulnerability was raised by the DHS's Dan Massey. "Sometimes my fifth grade daughter has been able to pair her phone with another car," he reported.
Effect of Right-to-Repair laws
The effect of Right-to-Repair laws, such as the impending one in Massachusetts, means that access to problematic commands will be available to all garages, not just independent ones—effectively to anyone willing to pay the access fees. Although the dealer technician may be "more trustworthy," cybersecurity specialists including Weimerskirch have made it clear that the protection must be based on passing through packets of needed OE information without an externally-inserted ability to change it.
However, the cybersecurity specialists must deal with the issue of the commands themselves. Under Right to Repair, Volkswagen for example, would have to release the software that permits operating the electric power steering rack and shutting off the engine.
The remote key fob, an established entry point, also has become a serious vulnerability, ZF TRW's Murray said. "If you lose the keys to a car, you can effectively turn it into a 'brick,'" he told the audience.
There are many ideas to improve automotive cybersecurity, Weimerskirch told the session. But first a test platform is needed, to enable researchers to validate them. A related issue was cited by Kaprica's Britton: it's important that the flow of ideas "doesn't also translate into a big bill of materials."