Sharpening the focus on OBD-II security

  • 17-Feb-2017 01:23 EST
OBDII port 2016 Peugeot.jpg

The humble OBD-II port has moved beyond its originally designed intent as a port to check emissions and is now a potential gateway for vehicle security breaches. (PSA image)

SAE Standards News aims to update readers on the extensive activity in the SAE Global Ground Vehicle Standards development arena, by more than 800 ground vehicle committees comprised of volunteers from global industry stakeholders and SAE GVS staff who support the committee work.

 

In Fall 2016, the U.S. House Committee on Energy and Commerce reached out to the National Highway Traffic Safety Administration (NHTSA) in regards to addressing OBD-II security. The letter requested NHSTA to “convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.”

Enter SAE.

SAE International, at NHTSA’s urging, has started a working group that is ‘looking to explore ways to harden the OBD-II port’—that was their [NHTSA’s] language,” said Tim Weisenberger, SAE’s Project Manager, Technical Programs, Ground Vehicle Standards. SAE set to work by reaching out to a wide range of the industry. A working group was assembled to examine the issue with the goal of developing a set of recommendations.

“The OBD-II port has moved beyond its originally designed intent as a port to check emissions by regulators like the EPA and CARB,” Weisenberger explained. There are vehicle data access vs. vehicle security issues at hand. Many entities are requesting both legitimate and non-legitimate access to the port. The “legit” side include inspection and maintenance, workshop/service, insurance/other plug-in telematics and prognostics apps and performance tuners. On the malicious side are the hackers.

Triggering the industry

The group of approximately 40 gathered for the first workshops on December 1 and January 30 to identify common issues, needs and an approach to secure the OBD.

“The group included a couple of our experts that run various committees—Bob Gruszczynski from VW and Mark Zachos from DGTech were really the lead experts,” Weisenberger explained.

SAE staff were also present to facilitate and help to examine how the organization could move forward rapidly. They considered either standards development or expedited standards development that uses what SAE calls a Cooperative Research Project approach. This is a pathway for joint-venture research projects where two or more organizations pool their resources to study a pre-competitive technical area and share in the results.

“It was interesting that this was kind of a trigger for the industry to get together to create something that’s a little more open for the entire industry,’’ he said, “not just specific to company.”

The new OBD working group SAE has assembled is broad. It is comprised of eight automotive OEMs (BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW), a few heavy truck OEMs and suppliers (Volvo, Cummins), various associations (MEMA, ETI), as well as representation from government and regulators (California Air Resources Board, NHTSA and the National Institute of Standards and Technology).

Get to know the TEVDS20

Through this effort, a new SAE committee was born: the Data Link Connector Vehicle Security Committee (TEVDS20). It is important to note that “data link connector” is the technical term for the OBD-II port (which is really more of an industry slang term, Weisenberger told AE). With the committee’s naming as a trigger, members will begin to use the technical term moving forward.

As this issue of Automotive Engineering went to press, the group was set to meet again to define the scope of work and engage a new Task Force under the committee to develop the technical work item (J3138). From there, the committee will continue to meet periodically to examine the issue and begin new work items as needed, Weisenberger explained.

“This new work item is a very specific use case,” he said. “It is a deep dive.” The potential is there for other work down the road, but for now the group has its very specific goal to meet the House Committee’s need of hardening the OBD-II port in sight.

We’ll keep you informed of their progress.

Share
HTML for Linking to Page
Page URL
Grade
Rate It
0.00 Avg. Rating

Read More Articles On

2016-04-27
Strong global automotive market growth has sparked optimism in Taiwan’s automotive electronics market. Suppliers and government planners predict considerable growth over the next few years, with many hoping to make OEM sales a solid portion of that expansion.
2016-05-14
The Adaptive Platform set for 2017 will provide a software framework for more complex systems and help engineers increase bandwidth by implementing Ethernet.
2016-06-28
Start of production for the plug-in hybrid Chrysler Pacifica minivan begins in late 2016, marking a milestone as Fiat Chrysler Automobiles (FCA)'s first mass-produced PHEV.
2016-06-30
As new vehicles become more connected to the internet, to other cars, and to the road infrastructure, the number of potential intrusion points for hackers is growing fast.

Related Items

Training / Education
2010-03-15
Technical Paper / Journal Article
2004-11-16
Training / Education
2017-06-15
Technical Paper / Journal Article
2004-03-08
Training / Education
2007-03-01
Article
2016-07-01
Technical Paper / Journal Article
2004-03-08