Connected cars’ have existed for decades—developed to the point at which vehicles can have dozens of electronic control units (ECUs) controlling everything from in-car entertainment to route finding to engine controls systems. Each of these components that has some kind of connection outside of the vehicle needs to be secured against intrusion, leading to a complex web of overlapping security systems, some of which may have vulnerabilities.
A new paradigm is emerging in which this panoply of disconnected systems, often made by different manufacturers, is replacing the numerous ECUs with a small number of high performance computers (HPCs) that function more like a phone. These software-defined vehicles (SDVs) can carry out anything an existing connected vehicle can but represent a single system onto which software apps can be installed in a similar way to a smartphone.
When all the connected systems are in a single stack and use a single language to allow interoperability, a security vulnerability in one area could potentially affect all others
However, cyber security threats to vehicles are on the rise, with potentially fatal attacks on vehicles proven to be possible for years. While a hack of a person’s phone or computer could compromise their payment or personal information, a hack of a vehicle could disable its brakes or take over the steering. Automotive security is being taken extremely seriously; automotive manufacturers know that one serious breach could destroy a company’s reputation.
Securing SDVs
There is a clear downside to having a vehicle’s connected system spread over multiple individual ECUs: it creates a situation in which there is much more likely to be a vulnerability in one of the ECUs. The only upside of this is that it may not be possible for intruders to pass from one vulnerable system to another that might, for example, store payment information or allow access to the vehicle’s steering or braking. When all the connected systems are in a single stack and use a single language to allow interoperability, a security vulnerability in one area could potentially affect all others.
For example, in 2022 an attacker manipulated a power steering ECU by modifying its firmware and was able to brute-force the ECU authentication. Potentially this could lead to the intruder being able to control the steering of thousands of vehicles that use the same system. This is why vehicle manufacturers and OEMs must incorporate next-generation key management and other enterprise-grade cyber security systems into vehicles and the software ecosystem that supports them. It’s also why there are standards like ISO 21434 and UNECE WP.29 R155 that establish a common language for communicating and managing cyber security risk.
Key management is particularly important: components are kept up to date through firmware over the air (FOTA) updates, and these would be ideal vectors for bad actors to send spyware and malware to thousands of vehicles. Using asymmetric encryption for in-car communication significantly strengthens the vehicle’s defences against counterfeit updates.
Similarly, device attestation is a vital part of keeping a vehicle secure: put simply, it allows individual devices to show that they are authentic, something which is vital in a vehicle. A bad actor could, for example, create a virtual ‘device’ connected to a SDV and ‘say’ to the rest of the stack that the brakes are being engaged when they aren’t, or that a vehicle’s engine is at a safe temperature when it is overheating.
It is for these reasons that it’s time for vehicle manufacturers and even drivers to start taking vehicle cyber security seriously.
The opinions expressed here are those of the author and do not necessarily reflect the positions of Automotive World Ltd.
Alois Kliner is Vice President, Automotive & IoT Manufacturing, at Utimaco
The Automotive World Comment column is open to automotive industry decision makers and influencers. If you would like to contribute a Comment article, please contact editorial@automotiveworld.com
