A vehicle’s engine tachometer needle rapidly jumps from zero to redline, dives back to zero, then repeats again and again—without a driver behind the wheel. An external source has taken control of your car.
“It’s called SMS spoofing. The hacker uses a cell phone or other electronic device to access the vehicle through the vehicle owner’s app for car settings, like doors lock/unlock," explained Geoffrey Wood, Director of Business Development North America for Cyber Security at Harman. "Our software can prevent that vehicle intrusion.”
Vehicle gauge mayhem and other remotely instituted cyber attacks on a parked vehicle were part of a recent demonstration at Harman’s North American automotive headquarters in Novi, MI.
Distracting the driver is troublesome and potentially dangerous, and it’s an absolute security risk if a hacker takes control of a vehicle’s braking and/or steering systems.
“Although automakers have taken numerous cyber security measures, to our knowledge no vehicle from any OEM is currently equipped with an intrusion detection system,” Wood told Automotive Engineering.
That could soon change. Harman is in discussions with automakers and Wood indicated that his company's intrusion-detection system could debut on a global vehicle platform in MY2019.
Harman is the only company providing an end-to-end cyber security vehicle solution via its TCUShield and ECUShield intrusion-detection systems and its Alerts Monitor backend cyber security analysis platform, Wood claimed. The company's 2016 acquisition of the Israeli cyber-software firm TowerSec added the TCUShield, which is integrated into infotainment systems and telematics units and ECUShield, embedded in ECUs, to Harman’s 5+1 security architecture.
Several suppliers offer cyber security detection solutions. But Harman engineers believe their company's end-to-end solution is a competitive advantage."You want all of the pieces to work together," Wood said, or else vulnerabilities within the overall solution are created.
One of the challenges with cyber security for vehicles is the limited memory space available on a module’s embedded micro controller.
“Intrusion detection systems are used in network management already, but those big servers have unlimited memory space,” explained Wood, “We’ve already seen network management specialist companies not be able to overcome the automotive world’s limited-space hurdle.”
Harman claims its intrusion-detection systems have passed various cyber security tests administrated by different OEMs. They provide a vehicle and Harman embeds its product on it, then calibrates and tunes it to the specific car or truck. Engineers then launch a cyber attack. "We have no clue beforehand what the attack will be,” Wood noted.
Several cyber security specialists are vying for business from automakers.
“We’ve gone through numerous cyber security tests at several different OEMs across several vehicle platforms," he reported. "And in every instance, our intrusion detection system has been proven to be best in class over the competitors." This has shown that Harman's intrusion- detection system and its over-the-air (OTA) vulnerability fix product is stable, regardless of the OEM or the vehicle platform, he added.