We have heard of the connected car – they’ve been around for some time. However, there is a new paradigm emerging in which the many disconnected systems of modern-day vehicles, often made by different manufacturers, is replacing the numerous Electronic Control Units (ECUs) with a small number of HPC High Performance Computers that function more like a modern phone.
These ‘software-defined vehicles’ (SDVs) can carry out anything an existing connected vehicle can but being a single system onto which software ‘apps’ can be installed in a similar way to a smartphone. This is a very exciting development but it does throw up the possibility of cybersecurity threats to vehicles, with potentially fatal attacks on vehicles. While a hack of a person’s phone or computer could compromise their payment or persona information, a hack of a vehicle could disable its brakes or take over the steering.
With this in mind, it is important to assess the benefits of SDVs and how they are being made secure against the current generation of automotive cybersecurity threats.
Image source: SBD Automotive
The SDV
The move to software-defined vehicles has profound implications for how drivers interact with their vehicles and for the security of those vehicles.
Early motor vehicles were entirely mechanical but as they developed over the course of the 20th century even though they incorporated more electrical components they were chiefly defined by their hardware – bigger engines, lighter alloys, two seats instead of four.
An SDV has features that are defined by more than just its physical hardware – it can have features ‘unlocked’ by subscribing to new services. Having a vehicle’s systems built around a single interoperable stack also means that individual components can ‘talk’ to each other: the car’s navigation system can check the battery to see whether there is enough charge to make a journey, and if not what the options are for charging, for instance.
Overall, the move to the SDV era promises to make vehicles more flexible, personalised and (as we’ll cover next) secure.
The threat vectors for SDVs
There is a clear downside to having a vehicle’s connected system spread over almost a hundred individual ECUs – it creates a situation in which there is much more likely to be a vulnerability in one of the ECUs. The only upside of this is that it may not be possible for intruders to pass from one vulnerable system to another that might, for example, store payment information or allow access to the vehicle’s steering or braking. When all the connected systems are in a single stack and use a single language to allow interoperability a security vulnerability in one area could potentially affect all others.
For example, in 2022 an attacker manipulated a power steering ECU by modifying its firmware, and was able to brute-force the ECU authentication. Potentially this could lead to the intruder being able to control the steering of thousands of vehicles that use the same Original Equipment Manufacturer (OEM) component. In the same year a cybersecurity researcher exploited a vulnerability in a popular third-party app and gained access to all of the functions of 25 vehicles around the world. We are seeing a highly variable threat environment when it comes to cyber attacks on vehicles, with 4% of attacks coming from electric vehicle charging, 18% targeting wireless key fobs, and 35% targeting telematics and application servers, which could potentially spread malware to thousands of vehicles. According to research of 1100+ vehicle cyberattacks by Upstream Security the majority (31%) of incidents were data or privacy breaches, with a further 22% being vehicle thefts and break-ins.
Securing the SDV
This is why vehicle manufacturers and the OEMs are working with organisations to incorporate next-generation key management and other enterprise-grade cybersecurity systems into vehicles and the software ecosystem that supports them. It’s also why there are standards like ISO 21434 and UNECE WP.29 R155 that ‘establish a common language for communicating and managing cybersecurity risk’.
Key management is particularly important: components are kept up to date through Firmware Over The Air (FOTA) updates, and these would be ideal vectors for bad actors to send spyware and malware to thousands of vehicles. Using asymmetric encryption for in-car communication significantly strengthens the vehicle’s defenses against counterfeit updates. Similarly, device attestation is a vital part of keeping a vehicle secure: put simply, it allows individual devices to show that they are authentic, something which is vital in a vehicle. A bad actor could, for example, create a virtual ‘device’ connected to a SDV and ‘say’ to the rest of the stack that the brakes are being engaged when they aren’t, or that a vehicle’s engine is at a safe temperature when it is overheating.
These are just a few examples of the digital security systems that will be keeping vehicles secure as they increasingly become SDVs – and we have yet to mention the issues around quantum cybersecurity. Our own research has shown that 84% of consumers believe that there are major advantages to connected vehicles, but 43% registering some level of worry over criminal attacks on their vehicles. It is time for OEMs, vehicle manufacturers and even drivers to start taking vehicle cybersecurity seriously.
Author: Alois Kliner, Vice President of Automotive & IoT Manufacturing at Utimaco
