The risks posed by the rise of car connectivity: Automotive electronics giant HARMAN is pioneering the new field of automotive cyber security, as the prospect of cyber-attacks on vehicles becomes an increasingly serious one. More and more customers want or even demand a ‘connected car’ and, in theory at least, any form of wireless link – even via a separate mobile phone or tablet – could provide the conduit that hackers need to access the main vehicle systems like brakes or engine.
Prospect of cyber-attacks on vehicles rises with the popularity of car connectivity: “A few years ago the concept of automotive cyber security was largely confined to industry experts,” says HARMAN’s Asaf Atzmon, Director, Business Development and Marketing, Automotive Cyber Security. “Now it’s a topic that consumers are asking about. According to a recent survey, in some countries as many as 59 per cent of buyers are actively concerned about the prospect of car hacking.”
There seems to be a unique brand of fear associated with the idea of car hacking. Almost 60% of buyers concerned about possibility of car hacking. One minute you’re driving down the road, the next someone remotely hijacks your car. Brakes jammed on in the middle of the motorway; headlights disabled in the dead of night; stereo suddenly playing Justin Bieber. None of it bears thinking about.
Automotive electronics giant HARMAN pioneer in new field of automotive cyber security: HARMAN has devised a specially-developed 5+1 security framework which consists of a series of layers that protects the ‘connected car’ systems from being compromised and used to access safety critical systems such as brakes, stability control or even lighting. This framework can be thought of like the layers of an onion:
- At the deepest level, security keys are stored in hardware, and inaccessible to hackers
- Safety-critical functions like brakes are isolated from potential areas of access using a system known as a hypervisor. This concept – originally developed for supercomputers – keeps operating systems completely separate, making it extremely difficult for an attack on one side to access the other
- The next level monitors and controls access to the memory, storage and peripherals. If, for instance, your CD player suddenly wants to control the brakes, it’s a good indication that something is wrong and the security framework can step in.
- Next comes the sandbox function. This simply keeps newly downloaded apps separate from the main system so they can easily be removed if they’re malicious.
- The fifth level is network protection. This controls everything coming into and leaving the car and continuously checks for any signs of hacking.
- ECUSHIELD continuously monitors the vehicles main control unit to provide real-time detection of malicious communications and prevents them from reaching the vehicle’s critical systems.
- TCUSHIELD integrates with existing vehicle entertainment and information systems and uses highly advanced algorithms to protect both internal and external networks. This level has the ability to spot patterns and uncover a threat, even if the threat is attempting to disguise itself as a legitimate function such as a software update.
- The final ‘+1’ level is the ability to install over-the-air (OTA) updates to various systems within the car. By keeping the software up to date, it helps to ensure that the car is protected from the latest attack methods.
Combined, there is a virtually impenetrable shield around the safety-critical functions like the brakes, and also those which may contain personal data, such as credit card information. HARMAN is working with a number of car makers to employ this technology on future models.
“Ultimately, it’s all about eliminating the risk of hacking,” concludes Atzmon. “The car industry will need to reassure consumers that their connected cars are safe. By 2020 it’s expected there will be nearly a quarter of a billion of them on the world’s roads. This number will continue to grow but only if the car industry can provide the protection that those consumers have to come to expect from their phones and tablets.