According to Gartner analyst Thilo Koslowski, one in five cars on the road will be categorized as “self-aware” by 2018. Ultimately, a system of sophisticated sensors, vehicle-to-vehicle communications and computing power will lead to the design of intelligent cars capable of interacting with their owners, each-other and the larger Internet of Things (IoT).
“In the future, your car may actually tell you to stay in bed 30 minutes longer because the traffic situation isn’t as bad as it usually is,” Koslowski told Automotive News earlier this year. “Your car can talk to your alarm clock and reset it 30 minutes later so you can stay in bed without doing anything.”
The concept of connected, self-aware vehicles deftly navigating highways and city streets undoubtedly sounds appealing to most drivers. However, security researchers such as IOActive’s Charlie Miller and Chris Valasek have expressed concern over potential hackability of networked vehicle components.
“Our main takeaway is that companies should consider security before adding pieces onto an automobile, especially when those pieces have remote connectivity or cyberphysical attributes,” Valasek told Wired on the sidelines of the Black Hat security conference in Las Vegas. Indeed, the average car is currently equipped with 60 microprocessors and contains over 10 million lines of software code.
“The revelations of potential automobile vulnerabilities detailed by Miller and Valasek at Black Hat 2014 point to a changing ecosystem, where devices, systems and platforms that were previously not Internet-connected like our vehicles are now coming online,” said Pankaj Rohatgi, technical director of hardware security solutions at the Rambus Cryptography Research Division.
“Cars are equipped with standard electrical communications busses that expose unsecured functionality – an issue that begins at the hardware level. If you’re like me, you’ll likely buy a car and drive it for a substantial period of time. This means the same hardware that’s in place on day one will be there as the connected ecosystem grows and we rely on our vehicles to gather, store and communicate information.”
As Rohatgi emphasizes, taking a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of securing all embedded technology—whether in the dash of a car, smartphone or tablet.
“A software-centric security approach for vehicles will inevitably require frequent updates due to unforeseen vulnerabilities,” Rohatgi added. “What happens in ten years when an automotive company is no longer pushing out critical patches? To avoid these types of situations, automotive companies should focus on building strong hardware-based security and isolation mechanisms that offer uncompromising protection against various forms of attack.”