I remember watching lots of bank robbery and heist movies when I was a kid. I still see a few commercials for them now and again, but it seems society is now enthralled by other crimes. Today’s audiences are captivated by things like hacking and cybercrime. These misdeeds have become much more common, and are far more public than bank robberies. Even nations fall victim to cyber attacks and keep an arsenal of digital “weapons” on hand. As vehicles become connected and more autonomous, they too are at risk of digital attack. Fortunately, there are several ways we can protect vehicles from malicious software. There are also ways to mitigate the damage of attacks if they cannot be prevented.
The Cybersecurity Problem
Digital defense is a problem for every industry connected to the Internet. Cars are quickly joining that list, as more and more automakers look towards advanced driver assistance systems (ADAS), and even full autonomy. By 2025 there will be approximately 5 million cars on the road with level 4 autonomy. This means they’ll be able to drive in virtually any situation and will need lots of sensors and bandwidth to do it. These sensors and connectivity can become points of attack for hackers. In fact, some researchers have already demonstrated how to exploit these opportunities.
Back in 2013 two white hat hackers plugged into a Ford Escape and Prius, turning off multiple features while driving. In order for that intrusion to work, they had to physically hook into the car with cables. Those same two researchers recently pulled a similar stunt, except this time they did it from their home. They hacked into a Jeep Cherokee from 10 miles away with a reporter behind the wheel. From their home, they could operate the radio, windshield wipers, and were even able to disconnect the transmission on the highway.
Maybe back in 2013 cybersecurity for cars wouldn’t have been news, but now it is. It’s clear that hacking has become a serious threat to connected devices, but is especially troublesome for cars. If someone can just turn on or off your radio, it’s not a huge deal. However, when they can apply brakes or disconnect the transmission, things become more problematic. These threats are particularly frightening when you imagine that they could be developed to affect a fleet of cars. Hackers could develop ransomware and lock down thousands of cars, demanding payment to release them. They could also crash vehicles and wreak havoc. While these hazards are difficult to address, they are not insurmountable.
In the past a hacker might have needed to plug into your car, now they can gain control remotely.
Defending Against Attacks
The first thing that can help protect cars is a culture of digital security. Many industries do not take cybersecurity seriously, which makes it quite difficult to address the problem. If you’re not thinking about security when writing a car’s software, you’ve already lost a battle, and possibly the war. Once you’ve set electronic defense squarely in your mind you should also think about securing points of entry, consolidating components, and attack detection.
It’s easier to secure your house if you have only one point of entry. The same goes for autonomous vehicles. Many vehicles have multiple “entrances.” Future cars are going to communicate with everything, using technologies such as 5G, WiFi, or a variety of other methods and combinations. The more varied your communication channels are, the more difficult it will be to secure them.
In the same way, if you use lots of disparate components it will be harder to protect them. Many cars now use up to 100 separate electronic control units (ECUs) to control their systems. As ADAS becomes more common, many manufacturers are combining far-flung ECUs into a single microcontroller unit (MCU). This is primarily to increase the processing power available but also serves a security purpose. It’s easier to defend a single MCU against attack than 100 ECUs. However, if you’re using a single MCU the consequences can be worse if it’s compromised.
It’s difficult to protect against an intrusion if you don’t know it’s there. That’s why it’s critical that your system is able to check itself for malicious code. Hackers can sometimes gain access to a sensor based system by injecting code into a data stream. If your processor can check the code it’s running against the original code you may be able to detect and interrupt an incursion.
Make sure your cars are protected.
Even with the best protection available your car will still have unknown weaknesses. That’s why it’s important to build a failsafe system to reduce the repercussions of an intrusion. Two good ways to do this are to limit cascading failures and allow for over the air patches.
Memory protection units (MPUs) are used to guard against cascading failures in MCUs. This same kind of system should be put in place to guard against cascading exploits. If an attacker gains control of a single ECU, it’s possible they could cause it to fail and trigger a chain reaction in order to affect the car. It’s a good idea to isolate systems enough that a purposeful failure in one cannot cause total system failure.
Sometimes you won’t be able to predict an attack or possibly even mitigate it. However, you should be able to fix the exploit so that it can’t happen again. In the case of the two hackers and the Jeep Cherokee, updates to the software had to be installed by USB drive. Physical installation means many users will simply not update their software. If you can push new programs over the air to your cars you can fix any cracks in the armor and avoid a recall.
Physical threats are not the only thing we have to worry about these days. Someone can rob a bank on their laptop, without ever leaving their home. They can also cause your car to brake or stop accelerating. It’s important to protect against cyber attacks by securing the vulnerable systems in vehicles. You won’t always be able to stop intrusions, so it’s also important to protect against cascading failures and be able to patch your software over the air.
Securing your car against electronic onslaughts is a daunting task, but TASKING can help. They have tools like a standalone debugger that can save you time in development that you can spend towards security. They have many other tools that can help you make a car that’s safe on the road and in cyberspace.
Have more questions about cybersecurity and cars? Call an expert at TASKING.