Cybersecurity affects our everyday lives, from the small-scale phishing emails you receive in your inbox to the ransomware attack that shut down the Colonial Pipeline earlier this year and caused panic and a run on fuel.
And it’s not just fuel that can be affected by cybersecurity attacks, but also the vehicles themselves.
As cars become more connected and incorporate more “smart” capabilities, they are becoming increasingly dependent on software – software that enables features that make our vehicles safe, fun and more functional for us.
The systems and services these features rely on, such as over-the-air (OTA) software updates, infotainment systems, ECUs and communication over wireless interfaces all contribute to increased cybersecurity risks for smart and autonomous cars. Automotive manufacturers are attempting to address them.
Why Are Vehicle Software Updates Vulnerable?
OTA software updates, delivered over a cellular network, Wi-Fi or other radio frequency (RF)-based methods, allow vehicle manufacturers to fix bugs as well as launch new or updated features and functions without requiring the vehicle’s owner to visit a dealer.
However, while OTA software updates and in-vehicle apps give cars new capabilities, not to mention the implementation of important fixes, they also present potential security vulnerabilities that must be addressed.
Whether developed in-house or within the supply chain, automotive software, as well as the channels through which software updates are made, have the potential for multiple attack points carrying a high risk of being targeted, including:
- Wireless communication, such as Wi-Fi, Bluetooth and other RF technologies
- Hardware (e.g., components that updates are destined for, ECU, MCU)
- Unintended interactions due to updates
ECUs: A Hacker’s Playground
That brings us to electronic control units (ECUs), the embedded systems in automotive electronics that control the electrical systems or subsystems in vehicles. Modern vehicles typically have more than 100 ECUs running functions such as fuel injection, temperature control, braking and object detection. Traditionally, ECUs were designed so that they simply accepted commands from and shared information with any entity on the same wiring bus. However, this created a large vulnerability.
This vulnerability was demonstrated in a well-documented planned attack on a Jeep in 2015 executed by researchers Charlie Miller and Chris Valasek.
In layman’s terms, first they exploited a vulnerability in the software on a radio processor via the cellular network, then moved on to the infotainment system, and finally targeted the ECUs to affect braking and steering. That was enough to get the automotive industry to start paying more attention to cybersecurity.
Today, a common design is to have ECUs behind gateway(s), so that only those devices that ought to be talking to each other are doing so — a much better strategy than the alternative wide-open network in the vehicle.
The Exploitation of Infotainment Systems
In addition to ECUs, infotainment systems provide a plethora of ways a bad actor can access many different devices in a vehicle. These systems have access to cellular networks for activities such as firmware updates, location-based roadside assistance, remote vehicle diagnostic services and information sharing for driver safety.
What might not be immediately obvious is that infotainment systems also tend to be connected to various critical vehicle systems to provide drivers with operational data, such as engine performance information, as well as to controls, ranging from climate control and navigation systems to those that could tie into or influence driving functions.
Given all the connections that exist in the above systems and the vehicle dashboard (or what we like to now call the Digitial Cockpit) — not to mention the powerful, full-featured software on them that performs these functions — it is probable that hackers will find vulnerabilities to hack into them.
Automotive Industry’s Cybersecurity Standards
Unfortunately, the automotive industry currently lacks a standardized means of verifying software updates. One OEM might have more than a dozen ways to confirm software updates for some of its components.
However, overarching cybersecurity-related guidance is available from entities such as NHTSA, which recently updated its Cybersecurity Best Practices for Modern Vehicles report. Other standards, like ISO 26262, also provide guidance on how manufacturers can protect consumers from incidents in their vehicles by developing functionally safe components.
Additionally, President Joe Biden signed an Executive Order (EO) on “Improving the Nation’s Cybersecurity,” signaling potentially increased regulatory oversight of cybersecurity laws and regulations.
This EO provides guidance at a federal level that should influence how the automotive industry (and other mission-critical industries) should protect themselves and react to security threats.
Last, but most importantly, is the upcoming release of ISO/SAE 21434 Road vehicles – Cybersecurity engineering which provides vehicle and component providers guidance on how to address cybersecurity in their environment.
Developing secure OTA software updates and in-vehicle apps entails a number of measures, from risk and threat modeling to communications interface testing to the implementation of encryption and authentication.
Ultimately, auto manufacturers can’t afford to skimp on security and should manage risk from the very beginning of the design process and across the software development lifecycle and supply chain.
Chris Clark (pictured above, left) is senior manager of Synopsys Automotive Group, which helps develop secure OTA software updates and in-vehicle apps.