The challenge of securing connected vehicles

This entry was posted on Thursday, February 16th, 2017.

Jeff Dorsch of Semiconductor Engineering recently noted that connected cars and the Internet of Things (IoT) go hand in hand. Nevertheless, says Dorsch, realizing the future of autonomous vehicles will demand close attention be paid to cybersecurity, functional-safety standards and other critical factors.

As Asaf Ashkenazi, senior director of marketing for Rambus Security told the publication, there was a time when electronic devices and vehicles had only to contend with the threat of local attacks.

“Once you add Internet connectivity, even if you think the connectivity is limited, it actually eases access to anyone in the world. This makes the device very vulnerable. Unlike mobile phones and PCs in the past, these devices are actually doing physical things in the real world,” he explained.

“If it’s a car, it’s driving. You can do things that are physically affecting it. And this is true for many other IoT devices, from smart cities to home security. So, on one hand, we suddenly have the vulnerabilities that are added and the potential damages can be much bigger, because we now add cyber to the physical world. On the other hand, there is almost no security in many of these devices.”

To illustrate his point about the importance of automotive security, Ashkenazi referenced Toyota’s vehicle acceleration issue and subsequent recalls.

“The number of injuries and casualties related to that was quite low. But when you add connectivity to cars, somebody can hack into the system and control the [vehicle],” he continued. “Even if nothing [negative occurs], [an automotive hack] can have a negative effect on people, to the point where they refuse to drive connected cars. The risk of somebody doing that is quite [significant]. I know the automotive industry had a wake-up call, a little bit late, but I know they are investing a lot in preventing [security breaches].”

According to Ashkenazi, the complexity of connected vehicles presents a unique challenge for the automotive industry.

“People tend to see the car as a mechanical machine, [so] they don’t understand the amount of electronics that gets into a car these days. In the average car, there are more lines of code than in some commercial aircraft,” he observed. “The number of electronic components, the chips, that are running in a car is huge. The potential for an attack as you have more lines and more devices—what we call the attack surface—is much bigger.”

Ashkenazi also emphasized that chipmakers should embed a root-of-trust in appropriate hardware.

“[Because] in reality, there is not enough security in chipsets going into automotive [systems and components]. Nobody thought of it in advance and [that is why] we have some problems today,” he added.

Interested in reading more? The full text of “What’s New in Connected Autos,” by Jeff Dorsch is available on Semiconductor Engineering here.