Automotive electronics giant HARMAN introduced new measures concerning safety of automotive cyber security systems - connected cars are becoming increasingly vulnerable, when it comes to hackers and cyber crime.
More and more drivers are enjoying the benefits of a connected car, but while it's fun and handy, one must realize that any form of wireless link, including using a separate mobile phone or tablet, creates an opportunity for a hacker attack. According to Harman, only a couple of years ago, automotive cyber security something that mainly concerned industry experts, but today it's one of the top topics consumers wish to know more about.
Research shows that in some countries as many as 59 per cent of buyers are seriously concerned about the prospect of their car being hacked. They mostly fear the car being remotely 'hijacked' whiel, for example, casually listening to the radio, or having a hacker remotely take contorl over your car and disable brakes or headlights in the middle of a motorway. Experts claim the reality is but less frightful than consumers believe it to be. Until now, there hasn't been a single instance of malicious car hacking – the only cases that made their way to the media involved engineers or researchers experimenting under controlled conditions.
Despite the reassurance, HARMAN has developed a 5+1 security framework to protect the car's head unit from being compromised and used as a portal into the in-vehicle network (something which could jeopardise safety critical systems). They say their safety system can't be breached, but time will tell.
The core of the system is a secure hardware platform that provides a safe place to store cryptographic keys and execute highly-sensitive operations in a secured manner. All the safety-critical functions are isolated from the infotainment system, as two completely separate operating systems to run off the same hardware.
The next level is the one that controls access to the memory, storage and peripherals. It basically determines who or what is able to access what kind of content. For example, if your CD player wants to control the brakes all of a sudden, that tells the system something is wrong.
After that comes another 'onion layer', called the 'sandbox'. Its funtion is to keep all newly downloaded applications separate from the core system. In case it turns out the downloads are potentially harmful or infected, they can easily be disabled without affecting the entire system.
The fifth level of protection is the network protection system that controls the flow of information into and out of the car, looking for any signs of intrusion. Working on two levels, ECUSHIELD turns the vehicle's ECU into an Intrusion Detection and Prevention (IDS/IPS) system and smart firewall to protect critical communications within the car. It continuously monitors the vehicle to provide real-time detection of malicious communications and prevents them from reaching the vehicle's critical systems. Meanwhile, TCUSHIELD protects infotainment and telematics systems.
The final level of the security system boasts the ability to keep the software constantly updated and the car protected at all times. For example, the navigation, engine management and infotainment systems can always be updated via over-the-air (OTA) updates to keep the system safe and well guarded.