The modern Connected Car runs on software from various sources. According to Code Complete (by Steve McConnell; Cob and Mills, 1990), even the best coding practices produce one coding error per 10,000 lines of code. With about 100,000,000 lines of code in a modern high-end car, this works out to about 10,000 software bugs onboard!
According to Upstream Security’s Global Automotive Cybersecurity Report 2020, the number of known automotive cyber-security incidents almost doubled between 2018 and 2019. The study analyzed 367 publicly reported automotive cyber-attack incidents since 2010, 155 of which are from 2019. These latest figures equate to a 94 per cent year-on-year growth.
The more dramatic hacks and threats to personal safety often make headlines, such as white-hat carjacking with packet codes sent over the internet anywhere in the world. This exposed vulnerability heightens the fear that hackers can hijack autonomous vehicles miles way, with helpless passengers onboard.
The Connected Car is no different from our laptop or mobile phone, containing precious commodity welcomed on the dark web. Seemingly mundane information such as route preferences, credit card payment records, or the driver’s locations, can fetch high prices from seeking bidders.
A single cyber hack can cost car makers up to $1 billion, and more losses in reputation and customer trust. That’s why car makers are starting to view cybersecurity very seriously. The industry is considering cybersecurity ratings for cars – the brand or model that sports a five-shield security rating will likely bolster the brand’s value and fetch a premium.
A closer look at the sub-systems enabling vehicular communication reveals numerous points of vulnerability (see Figure 1). Hackers can launch various attack paths, ranging from cryptographic attacks at the hardware level, to over-the-air (OTA) protocol attacks. The industry is aware of the need to fortify these at-risk interfaces, there is no official automotive cybersecurity standard all this while.
As the industry awaits official standards, automotive OEMs and subsystem makers are not leaving any loophole to chance. Most of them include cybersecurity risk management in their fleet’s product life cycle (see Figure 2).
One of the ways which the automotive design and test engineers try to secure the car is by using a holistic intrusion protection strategy (see Figure 3). It combines hardware security validation, with software to stress test the potential attack interfaces against a dynamic threats library. As the aim of the automotive cybersecurity developers is to stay steps ahead of the hackers, the engineers must constantly update their test plans and run them against a “live” application and threat intelligence (ATI) library. For example, Keysight operates ATI subscription services spanning years of knowledge gained from attack information.
In the penetration test platform illustrated above, both wireless and wireline interfaces within the car can be tested to validate the robustness of safety-critical components such as ECUs, as well as communication systems for advanced driver assistance systems (ADAS), and vehicle-to-everything (V2X) applications.
A cybersecurity penetration test architecture may comprise these key components (see Figure 4):
• Connectivity gateways - allow both wired and wireless connection to the various automotive DUTs.
• Test management server – lets the white hat engineers manage their test plans, including scanning for vulnerabilities through various reconnaissance scenarios, for example port scanning, fuzz testing, and many more.
• Recon and fuzzing server – the fuzzing plus many other PEN test scenarios are run on this Linux-based server. This is where coding errors and other security loopholes are uncovered, before executing simulated cyberattacks.
• Application & threat intelligence (ATI) library – this is where all captured threats and information are stored. It provides granular application-level visibility and control, geolocation, known-bad IP address blocking, and other threat information.
• Automation – With hundreds of DUTs and thousands of testplans, an intelligent automation platform provides the sanity check for engineers to keep their pen test operations together.
A holistic penetration test platform allows the engineer to examine the plethora of cybersecurity loopholes that may put the driver, passenger, and the marque at risk. No single car maker has an exhaustive list of cybersecurity vulnerabilities. That is one reason why car makers are turning to what their IOT counterparts have been doing – subscribing to secure and dynamic threat intelligence libraries that are available 24x7.
Even as the white hats build up their arsenal of test plans in the lab, the need to have a robust security strategy is finally garnering the much-needed attention of management teams to rethink automotive cybersecurity. The industry is aware the piecemeal approach to defending the car of the future is no longer sufficient. Enterprise-level automated test platforms involving big data will become increasingly important to help car makers enhance safety and security, as the world moves towards widespread adoption of autonomous driving through ADAS and V2X technologies.
Advocates believe different segments of the automotive industry can leverage these insights to secure not just the individual vehicle, but entire traffic systems. This collective knowledge can help to forge evolving automotive cybersecurity standards to better secure the future of the internet on wheels.
Hwee Yng Yeo, Keysight Technologies