How autotech can fight off the hackers

Security becomes a key concern whenever anything is connected to a network and especially including connected and autonomous vehicles (CAVs).

Earlier in 2023, TechRadar reported that “major security flaws were found in Mercedes, Ferrari and other top luxury cars”. The seriousness of these security weaknesses could lead to hackers to steal the private data of a vehicle’s driver, track the vehicle, remotely unlock, start cars, and potentially to take control of them.

The article also claimed the other brands affected by the security flaws include BMW, Rolls Royce, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota and Genesis. This issue doesn’t just affect automakers. Automotive technology companies such as Spireon and Reviver were also affected.

SiriusXM Connected Vehicle Services were affected too. Cyber-security specialist Sam Curry discovered a flaw in this system latter in December 2022. It allowed threat actors to access connected vehicles. In the case of BWM, security flaws could have permitted potential hackers to gain access to “internal dealer portals, car VIN numbers, as well as sales documents with sensitive owner details”.

Given that the end goal is to move towards fully autonomous vehicles, with Level 5 autonomy, it’s no wonder that the security failings are being highlighted in the press. Increasing autonomation could lead to incidents whereby hackers remotely take total control of a vehicle, and it could lead to not just remotely co-ordinated theft but also potentially life-threatening incidents that could cause death.

Current threats

According to NXP Semiconductors, current threats range from “attacks on keyless entry fobs to compromising navigation systems using USB sticks”. The company says automotive industry insiders are concerned about the move to more, not less, software “in the vehicle and the risks that arise if security practices common in IT aren’t followed”.

That said, they point out that quantum computing is making significant progress. This poses the challenge of keeping data secure because NXP says researchers consider it to be only a matter of time before “these machines are powerful enough to break existing cryptography IT systems relied upon for banking, secure web access, and messaging services”.

Semiconductor specialist, NXP, says that it is actively addressing these two fronts. So, TU-Automotive spoke to two of its spokespeople, Brian Carlson and Joppe Bos, to find out how automakers, and automotive technology providers, can fight off the hackers.

Architecture weaknesses

Carlson, global marketing director of automotive processing, explains why the electronic systems in today’s vehicles so easily attacked. He said that the issue is often created by today’s automotive architectures, which have evolved over time. To add new functions, automakers have been adding more electronic control units (ECUs) which define the functions.

He adds: “In these boxes, the devices are microcontrollers that typically don’t have a full complement of security capabilities. A key aspect of that is support for public key infrastructure (PKI) which uses asymmetric cryptos. The legacy architectures evolved incrementally without end-to-end security. With software-define vehicles, end-to-end security and support for PKI is built in from the start. You can’t add the security later, you have to design it in from the beginning.”

Another part of the equation is the fact there are a several vendors with a dozen or more processor families. This is leading to inconsistencies in the way they manage security and so security gaps are opened. “One of the major OEMs showed how a car could be broken into remotely,” he says before adding that hackers can find these modules, including connections with headlights and side mirrors. These potential security gaps, he argues, create the need for end-to-end security as the foundation of software-defined vehicles. This requires new architecture to provide much improved security and scalability well over time.

To read the complete article, visit TU-Automotive.