Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > T&M

Testing for security: Crucial to automotive dev't

Posted: 16 Sep 2014     Print Version  Bookmark and Share

Keywords:electronic modules  embedded software  ISO 26262  on-board diagnostics  electronic control units 

Consumers are constantly expecting new features in their cars. Over the years the automotive industry has continuously responded to this demand, and electronics has played a key role in enabling these new features.

Today, vehicles include complex interconnected electronic modules executing a very large amount of embedded software. This growth of electronic content in vehicles is expected to continue for many years to come as the demand for functionality such as safety systems, better fuel consumption, autonomous driving, and connectivity continues to grow.

However it does not come without challenges. Safety has always been a key concern for automotive companies, and safety specifically related to electronic systems has been a strong focus for semiconductor, Tier 1, and OEM companies in the past decade. ISO 26262 represents an example of the industry's willingness to address the safety challenge.

In addition to safety concerns, electronic components have introduced a new set of concerns and challenges associated with security. Automotive cyber security has recently gained rapid attention. Networks and interfaces to access electronic modules are opening the door to vulnerabilities that could have significant consequences on the customer experience and reliability of the vehicle.

Let's explore some examples highlighted in research and industry publications.

Access to the controller area network
CAN is an internal vehicle network used for communication among multiple electronic control units (ECUs). In order to perform self-diagnostic and reporting capability, an interface to the CAN network needs to be available. This is achieved through the on-board diagnostics (OBD) systems, which give the vehicle owner or repair technician access to the status of the various vehicle sub-systems. These systems include software running on laptops that directly connect and interface with the internal vehicle CAN network and ECUs. As with any access point to the internal working of a vehicle, it represents a security vulnerability.

An example of exploiting such vulnerability has already presented itself when a disgruntled employee hacked into a vehicle's computer and remotely activated the vehicle immobilisation systems, triggering the horn and disabling the ignition systems in more than 100 vehicles.

Sensor interfaces
The ODB system is not the only example of open interfaces allowing access to vehicle information. A simple sensor interface can also be used. Tyre pressure monitors are wireless sensors used in new automobiles in the US since 2008.

A study from Rutgers University and the University of South Carolina highlights the vulnerability represented by these sensors, which can be used to track vehicles or feed corrupted data to the ECU, causing them to malfunction. Body control functionality can also provide an access point of vulnerability, such as a keyless entry system.

Simple CD or USB interface to wireless interfaces
With the growing consumer demand for consumer functionality and "infotainment," a wide range of entry points that could be used to maliciously attack or control a vehicle are also present. Just a few years ago, a study by the University of Washington and the University of California, San Diego highlighted a broad range of vehicle vulnerabilities starting from a simple CD or USB interface to wireless interfaces, including short-range wireless access via Bluetooth, RFID, or 802.11, as well as long-range wireless access for GPS, satellite radios, remote telematics systems, etc.

1 • 2 Next Page Last Page

Comment on "Testing for security: Crucial to aut..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top