Imagine a drive on the highway. Suddenly the car unintentionally speeds up, the stereo system pumps up the music to its highest level, and the windshield wiper spookily starts cleaning … And you have no power to stop this madness.
In 2014, two American hackers, Charlie Miller and Chris Valasek, made this happen. They hijacked several cars, taking control of hardware and software. Their weapon: a laptop. The good thing: Miller and Valasek had just tested the vulnerabilities of modern cars. The bad thing: Their test was really successful. What Miller and Valasek made clear with their experiment was that cars might not be a safe haven for their drivers. And, furthermore, as cars get more autonomous and more connected to the IoT, increasingly more code needs protection.
“Bundles of code turn vehicles into software platforms, and the autonomous industry is figuring out how to deal with it,” said Hadi Nahari, security professional and CEO of Cognomotiv, during a panel at the NXP FTF Connects Silicon Valley.
Jeff Stewart from the Auto-ISAC added to this, stating that due to the raising sophistication of technology, the issue of security is becoming ever more complex and more difficult.
One of the central challenges the industry has to solve is connectivity. As various electronic components in vehicles are connected via an internal network, hackers could take control of all devices if they found their way into the system. Cars already have up to (or even more than) 100 electronic control units (ECUs) and up to 500 million lines of code – a massive attack surface that probably will grow with every level of autonomy.
“The more things are connected, the better they need to be protected,” summarized Lars Reger, CTO of NXP´s Automotive. A car could be compared to a house, said Reger. A house has several doors and locks, located at various places inside the house. Locks in the autonomous industry consist of hardware and software solutions located at various places in the vehicle network to protect each component (e.g. ECU) from malware and unauthorized access.
But it is not only good hardware and software that helps to protect the inner circuit from attacks, it is also a question of exchanging know-how and information about vulnerabilities within the industry. Jack Dunham, Program Manager of Automotive Cyber Security Lab was quick to agree on this, too. “All partners need to participate in the security conversation, so that everybody can benefit from peoples’ challenges and learnings.” The requirement for this exchange is trust between all players involved, said Dunham.
Hadi Nahari added that a “new perspective on security is required” in order to keep autonomous vehicles safe. Security, said Nahari, is not something static but an ongoing process that is never completed. “We have to maintain the security of the product throughout its life cycle.”
But how can this be achieved? With proper design, proper technique and an industry partners that look at security holistically. Only if and when these requirements are fulfilled, will hackers like Charlie Miller and Chris Valasek have to stay outside.
Watch this 2-minute video clip for key perspectives during the event:
You might also be interested in:
- Securing the Connected Car (Full Panel Replay)
- Highlights: NXP FTF Connects Auto in Silicon Valley 2017
- Advancing the Dialogue at NXP FTF Connect Silicon Valley
- Kurt Sievers with Delphi, HARMAN and NIO at NXP FTF Connects Silicon Valley (Full Keynote Replay)
- Algorithmic Morality: How to Solve Ethical Dilemma Involving Self-Driving Cars? (Full Talk Replay)
- Values by design: Algorithmic identity for smart cities and beyond