Automotive Security: Vulnerabilities and privacy risks

 

Whenever any device is connected to the Internet, we can assume it is vulnerable to malicious activity. However, assessing the scope of threat is not an easy task and can leave a potential attack surface unprotected unintentionally. Many security risks that affect devices can also be extended to vehicles, such as Malware, Trojans, buffer overflow exploits and privilege escalation. 

 

Advanced network connectivity in vehicles has enabled automakers to introduce many innovative functions.  These functions include Advanced Fleet Management, Autonomous Driving, Remote Control Capabilities, Smart Transportation (vehicle-to-infrastructure and vehicle-to-vehicle communications), Advanced Driver Assistant Systems (ADAS) – Adaptive Cruise Control, Collision Avoidance, and more. 

 

Research studies have reported:

 

  • One in five vehicles on the road worldwide will have some form of wireless network connection by 2020, amounting to more than 250 million connected vehicles.

    Estimated by Gartner Research
     

  • Fifty-five percent (55%) of corporate risk managers name cybersecurity as the greatest concern about Autonomous vehicles (AVs).

    Survey by Munich Re, the World’s Second Biggest Insurer

 

The adoption rate for connected vehicles relies on how well the automakers can assure the customers they can experience the same level of protection or greater than what that they have come to expect from their other electronic devices. The lives of drivers, passengers and other users of the road could be at risk if the security and integrity of in-vehicle data are not maintained. 

 

The automotive industry is moving toward integration and virtualization thus reducing the number of ECUs used in the vehicle but increasing the number of functions and complexity of the software in it. This makes the attack surface broad and touches many of the in-vehicle systems and includes an increasingly wide range of networks. These networks include Wi-Fi, cellular networks, toll-roads, drive-through windows, service garages, gas stations, automotive and aftermarket applications and more. Security of such complex systems requires a collaborative approach and cannot be achieved by dealing with individual components, threats or attack points/surfaces. 

 

Developing, Managing and Securely Operating In-Vehicle Applications and Connected Vehicle Services

 

We understand that as more applications, services and platforms are developed to deliver connected vehicle content and services through the cloud, it is becoming increasingly more important to manage interactions in one central location. The cloud allows the integration of various systems and processes so new business models and revenue streams can be realized in the automotive ecosystem.

 

The HARMAN Ignite Platform allows automakers, dealers and service providers to introduce, easily deploy and manage new innovative applications and services meeting the safety, convenience, information and entertainment needs of customers around the word. It is a complete, end-to-end cloud platform which enables connectivity, device management, application enablement, analytics and managed services capabilities. It also helps the above stated entities in meeting the back-end service management and operational needs of their own businesses. 

 

Addressing the security and privacy issues

 

Since 2012 HARMAN has made significant and ongoing investments in cyber security technologies, including the acquisitions of Israeli cyber security startups Redbend in 2015 and TowerSec in 2016. HARMAN delivers enterprise-grade, end-to-end cybersecurity solutions for OEMs that need no further hardware investments – ECUSHIELD and TCUSHIELD. HARMAN’s cyber security solutions include real-time intrusion detection, mitigation, reporting and software updates capabilities, and were most recently recognized as a 2017 Edison Awards Winner.

 

edison-awads-17-winner_small.png

 

To address the security and privacy issues in the next-generation vehicle, the following components and data should be protected:

 

  • Every ECU including any sensors;
  • Functions that require multi-ECU interactions and data exchange;
  • Data in/out of vehicular systems; and
  • Personal information accessed in the vehicle.

 

In addition to these, the safety, security and usability goals should be integrated. Also, they should deal with the full lifecycle of vehicular and transportation systems to evaluate any loopholes or leakage opportunities. 

 

In recent years, cybersecurity has been on the agenda of governments and industry institutions, such as the SAE International (Society of Automotive Engineers), which sets standards for the automotive, aerospace and commercial vehicle industries. The Auto-ISAC (Information Sharing and Analysis Center) is another industry body created by OEMs and Tier 1 companies, to enhance cybersecurity awareness and coordination across the global automotive industry. HARMAN is a member in both institutions.

 

The HARMAN Ignite platform has a built-in security layer. It ensures Network shielding via an array of firewalls controlling communication between infotainment systems and other ECUs, as well as between in-vehicle components and external networks. It includes “Security first” design approach to ensure high standards of security required by all automotive ecosystem actors. 

 

Advanced analytics powered by the HARMAN Ignite platform, with continuous monitoring of inbound and internal data traffic identifies potential threats and abnormal events.  It delivers real-time alerts when necessary. The platform helps to remove any redundant software components and disables or eliminates any unnecessary services thus reducing vulnerability vectors. It assures seamless coexistence of numerous in-vehicle domains with different security requirements, and minimizes exposure of mission-critical systems by Virtualization-based isolation. 

 

The platform also allows Over-the-Air (OTA) orchestration of firmware and software updates, and assists with data collection. By keeping the software up to date, it helps to ensure that the vehicle is protected always and enables rapid delivery of remedial files and software fixes following any breach of in-vehicle software systems.

 

The security considerations that need to be addressed in connected vehicle systems include operations security, privacy, software patching, communication protocols, digital identities and access management. HARMAN Ignite platform is cognizant of all the current and future security risks and hence has included elements that combine to produce an impenetrable shield around safety-critical functions and sensitive personal data. HARMAN is already working with several automakers to employ this technology on future models. Ultimately, it's all about eliminating the risk of intrusion.

 

For more information on the security aspect of the HARMAN Ignite Platform, click here now.