Testing for security: Crucial to automotive dev't
Keywords:electronic modules embedded software ISO 26262 on-board diagnostics electronic control units
Today, vehicles include complex interconnected electronic modules executing a very large amount of embedded software. This growth of electronic content in vehicles is expected to continue for many years to come as the demand for functionality such as safety systems, better fuel consumption, autonomous driving, and connectivity continues to grow.
However it does not come without challenges. Safety has always been a key concern for automotive companies, and safety specifically related to electronic systems has been a strong focus for semiconductor, Tier 1, and OEM companies in the past decade. ISO 26262 represents an example of the industry's willingness to address the safety challenge.
In addition to safety concerns, electronic components have introduced a new set of concerns and challenges associated with security. Automotive cyber security has recently gained rapid attention. Networks and interfaces to access electronic modules are opening the door to vulnerabilities that could have significant consequences on the customer experience and reliability of the vehicle.
Let's explore some examples highlighted in research and industry publications.
Access to the controller area network
CAN is an internal vehicle network used for communication among multiple electronic control units (ECUs). In order to perform self-diagnostic and reporting capability, an interface to the CAN network needs to be available. This is achieved through the on-board diagnostics (OBD) systems, which give the vehicle owner or repair technician access to the status of the various vehicle sub-systems. These systems include software running on laptops that directly connect and interface with the internal vehicle CAN network and ECUs. As with any access point to the internal working of a vehicle, it represents a security vulnerability.
An example of exploiting such vulnerability has already presented itself when a disgruntled employee hacked into a vehicle's computer and remotely activated the vehicle immobilisation systems, triggering the horn and disabling the ignition systems in more than 100 vehicles.
Sensor interfaces
The ODB system is not the only example of open interfaces allowing access to vehicle information. A simple sensor interface can also be used. Tyre pressure monitors are wireless sensors used in new automobiles in the US since 2008.
A study from Rutgers University and the University of South Carolina highlights the vulnerability represented by these sensors, which can be used to track vehicles or feed corrupted data to the ECU, causing them to malfunction. Body control functionality can also provide an access point of vulnerability, such as a keyless entry system.
Simple CD or USB interface to wireless interfaces
With the growing consumer demand for consumer functionality and "infotainment," a wide range of entry points that could be used to maliciously attack or control a vehicle are also present. Just a few years ago, a study by the University of Washington and the University of California, San Diego highlighted a broad range of vehicle vulnerabilities starting from a simple CD or USB interface to wireless interfaces, including short-range wireless access via Bluetooth, RFID, or 802.11, as well as long-range wireless access for GPS, satellite radios, remote telematics systems, etc.
Visit Asia Webinars to learn about the latest in technology and get practical design tips.
All rights reserved.Reproduction in whole or in part in any form or medium without the express written permission of UBM Asia Ltd. is prohibited.