As the automobile evolves from a gas-driven mechanical product to an electric-powered digital device, carmakers and car owners have become increasingly concerned with cybersecurity.
There have been scores of incidents in which hackers were able to bypass a vehicle’s security system and access vital parts of the car or even steal it. For example, in 2022 thieves stole vehicles by forcing the headlamps open, accessing the CAN bus and then simulating the signals to start the car. Less damaging was the hack of a Tesla Model 3 at the Pwn2Own hacking contest in March, by members of the Reverse Engineering Team of the French security firm Synactiv.
The development of software defined vehicles could add a plethora of security risks not only to the vehicles but also to the many components in its digital ecosystem. Theoretically, a breach in a vehicle’s systems could pose a threat to other connected devices, such as the owner’s smartphone. Also, though far less likely, vulnerabilities in those non-vehicular components could open a breach in the vehicle’s security system.
“Having software defined vehicles doesn’t mean it’s open season for hackers,” says Francesca Forestieri, Automotive Lead at digital-security technical standards organization GlobalPlatform. “But the opportunity for attacks has increased. They can come from historically relevant areas, like telematics, but also from new sources, such as vehicle owners who don’t want to pay for paid services as well as attacks via electrical charging and V2X.”
Because vehicles are becoming increasingly similar to IoT devices, the user plays an important role in the security value chain. “If the user’s data isn’t protected appropriately and proper caution isn’t exercised when downloading services and applications, the user can be a direct or indirect risk to vehicle security,” Forestieri says. “That doesn’t mean that vehicle security is the owner’s responsibility. It’s just a new element for which security has to be designed.”
This is why she believes that finding a robust security solution, saying: “(This) involves changing the paradigms that have been used in the past. So that you are looking at high security solutions that are addressing different kinds of use cases that were previously addressed.”
For example, she does not believe that automotive security approaches can still be based on a historical walled-garden approach. Instead, she expounds “the zero trust model, where everything’s untrusted and each component verifies that others are trustworthy and their interaction operates on a least privileged basis.” The Principle of Least Privilege maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task.
Forestieri also believes that certification of all components in the SDV ecosystem is essential to its security.
“Certification defines the parameters of security robustness and creates transparency. If there isn’t transparency about what the security services are and the exact level of robustness of those security services, that’s a risk,” she explains. “We’re talking about certification of components, which is something the OEM doesn’t do but the semiconductor provider does. They do it once but it’s valid for all products using that component and in all markets with the same requirements.”
One important reason Forestieri favors certification is that consumer devices generally have a lower security level rating than do automotive solutions. “Certification of components is essential also to ensuring portability of services and robust comparability of services,” she says.
She also calls for a new kind of relationship among all the parties involved in the security solution.
“Legal responsibility for cyber-security compliance lies with the automaker,” Forestieri says. “In the past, automakers said to suppliers, ‘You need to make it secure.’” This usually resulted in proprietary solutions that made it difficult to achieve comparability across products. And it created a so-called telephone system, where the automaker would talk to the Tier 1 and the Tier 1 would talk to the semiconductor manufacturers.
“But recently a lot of OEMs have been setting up direct relationships with semiconductor providers to make sure they’re on the same page,” she notes. “The fact that people are actually cooperating on security in an integrated manner is fundamental.”
Another essential part of the solution is having flexibility in what security services are applied. Past solutions provided only limited over-the-air updates, which hampered the ability to change to the more effective security services.
“Which meant that vehicles with, say, a 10- or 15-year service life had original security solutions that were outdated after four or five years,” she says. “Flexibility regarding security services is key. But you need to plan for that today to make sure that you have sufficient hardware space to accommodate those new trust anchors.”