Electronics giant Harman says the prospect of cyberattacks on vehicles is becoming increasingly serious, with any form of wireless link, including a separate mobile phone or tablet, providing the conduit hackers need.
Harman’s Asaf Atzmon, director of business development and marketing for automotive cybersecurity, says the concept of automotive cybersecurity largely was confined to industry experts a few years ago.
“Now it’s a topic that consumers are asking about,” Atzmon says in a statement. “According to a recent survey, in some countries as many as 59% of buyers are actively concerned about the prospect of car hacking.”
He says there seems to be a unique brand of fear associated with the idea of car hacking.
“One minute you’re driving down the road merrily listening to (British Broadcasting Corp.) Radio 4, and the next someone remotely hijacks your car,” he says. “Brakes jammed on in the middle of the motorway, headlights disabled in the dead of night, stereo suddenly playing Justin Bieber.
“None of it bears thinking about.”
The reality, Atzmon says, is rather different.
To date, there hasn’t been a single instance of malicious car hacking. The examples that have made headlines all involved engineers or researchers experimenting under controlled conditions. In most cases hacking also required a cable to be physically plugged into the car.
Harman has devised a security framework consisting of a series of layers that protects the car’s head unit from being compromised and used as a portal into the in-vehicle network.
At the deepest level, a secure hardware platform provides a safe place to store cryptographic keys and securely execute highly sensitive operations.
Shared Hardware Fends off Viruses
Safety-critical functions are isolated from the infotainment system using what’s known as a hypervisor. This concept, originally developed for supercomputers, allows two completely separate operating systems to run off the same hardware. It makes it extremely difficult for an infection on one side of the system to spread to the other.
The next level controls access to computer memory, storage and peripherals. It essentially determines who has access to what. If, for instance, your compact-disc player suddenly wants to control the brakes, it’s a good indication something is wrong.
Next comes the sandbox function. This keeps newly downloaded applications separate from the core system so they can be disabled and removed if they’re found to be harmful.
The fifth level is the network-protection system. This controls the flow of information into and out of the car, looking for any signs of intrusion. Working on two levels, Harman’s Ecushield turns the vehicle’s electronic-control unit into an intrusion-detection and -prevention system and smart firewall to protect critical communications within the car.
It continuously monitors the vehicle to provide real-time detection of malicious communications and prevents them from reaching the vehicle’s critical systems.
Ecushield also protects infotainment and telematics systems. Also using intrusion- and detection technology, it integrates with existing telematics units and uses advanced algorithms to protect both internal and external networks so a vehicle can operate safely while still monitoring and reporting to an external control center.
This level is able to spot patterns and uncover a threat, even if the threat is attempting to disguise itself as a legitimate function such as a software update, Harman says.
The system also has the ability to install over-the-air updates to various systems within the car such as the navigation, engine-management and infotainment systems. By keeping the software up to date, it helps ensure the car is protected at all times.
Atzmon says all these elements combine to produce a virtually impenetrable shield around the car’s safety-critical functions and those which may contain personal data, such as credit-card information.
He says Harman is working with a number of automakers to employ this technology on future models.
“Ultimately, it’s all about eliminating the risk of intrusion,” he says, “The car industry will need to reassure consumers that their connected cars are safe.”
By 2020, Atzmon says, it’s expected nearly a quarter of a billion connected cars will travel the world’s roads.
“This number will continue to grow, but only if the car industry can provide the protection that those consumers have to come to expect from their other electronic devices.”