Ann Steffora Mutschler of Semiconductor Engineering recently noted that malicious hacking has existed since the dawn of connected electronics. However, says Mutschler, such hacks are now occurring with increasing sophistication in the automotive sector.
“Even high-end vehicles suffer security flaws that are too costly or not worthwhile to fix,” she explained. “The result is that the automotive sector is scrambling to cover its bases and they’re starting with the parts that are highest priority.”
According to said Paul Kocher, president and chief scientist of Rambus’ Cryptography Research Division, remote exploits and tampering with safety-critical firmware are among the most current critical car security issues.
“Solutions to these problems are technologically possible, but the car industry has a long way to go,” Kocher told Semiconductor Engineering. “The security and tamper-resistance technologies required for the tiny smart card chips used in credit cards are only slowly finding their way into the chips found in cars.”
As such, says Kocher, carmakers and their suppliers will face a rather bumpy ride over the next few years, as they don’t yet have the security expertise and capabilities to manage the risks in today’s cars. Unfortunately, the industry can be expected to grapple with even more challenging security issues as the connected car paradigm evolves in complexity.
“In terms of engineering, suppliers will need to work quickly to get ahead of security risks and to ensure their chips and other components are ready from a security perspective,” Kocher added. “Chipmakers that already have significant security expertise, such as NXP and Infineon, will have a natural advantage. Carmakers will also need to play an active role because many security architecture choices will involve many components and will therefore be outside the control of any single supplier.”
Indeed, vehicles today are essentially a network of networks – equipped with a range of embedded communication methods and capabilities. In addition to CAN, these include WiFi, USB, Bluetooth, OBD II (On-Board Diagnostic System), FlexRay and automotive Ethernet. Nevertheless, most automotive network communications remain unsecured despite very real risks such as ECU (electronic control unit) tampering.
As we’ve previously discussed on Rambus Press, adopting a hardware-first approach to security and implementing the necessary functionality on the SoC level is a key element of securing embedded automotive technology. To be sure, vehicle manufacturers should focus on designing strong hardware-based security and isolation mechanisms that offer uncompromising protection against various forms of attack.