Auto Cyberattacks Becoming More Widespread

As vehicles become smarter, more complex, and increasingly connected, they also become more prone to cyberattacks. The challenge now is to keep pace with hackers, who are continually devising new and innovative ways to attack both software and hardware in vehicles.

Recent statistics bear this out. In 2022, there was a big spike in deep/dark web activity and incidents related to application programming interfaces (API), compared with the previous year, according to Upstream’s 2023 Global Automotive Cybersecurity Report. Some 63% of incidents reported last year were attributed to black-hat actors across a wide spectrum of attack vectors. Among the targets were telematics and application servers, remote keyless entry systems, ECUs, infotainment systems, mobile applications, EV charging infrastructure, and Bluetooth.

Fig. 1: The onslaught of automotive attack vectors from 2010 to 2021. Source: Upstream

This is not a new problem. Back in 2015, two security researchers demonstrated that a Jeep Cherokee could be controlled remotely and driven off the road, leading to a recall of 1.4 million vehicles by Chrysler. The researchers demonstrated that it was possible to use the cellular connection to get inside the entertainment system and then to gain access to other ECUs.

That proved to be just the beginning, though. Recently, the Progressive and State Farm insurance companies temporarily stopped issuing policies to certain models of Hyundai and Kia vehicles due to a high number of theft incidents resulting in high claim costs. One possible reason for the increased number of stolen vehicles is social media demonstrations of how the cars can be started without using the car keys. In response, on Feb. 14, 2023, Hyundai announced a free anti-theft software upgrade for more than 1 million Elantra, Sonata and Venue models.

The bottom line is that with increased software content and electronic hardware in ECUs and ADAS, vehicles are more vulnerable to hackers than ever before, and there is no place to hide.

“The industry is shifting toward decarbonization through electrification, increasingly autonomous driving, software-defined vehicles, and connectivity,” said Marcus Janke, distinguished engineer for security at Infineon Technologies. “Semiconductors are becoming essential for the future of automotive digitalization in components such as microcontrollers, sensors, discrete security modules or power components. But as vehicles become more digitized, cybersecurity for vehicles will be crucial in protecting against potential threats and to enable the safe and reliable operation of these advanced machines.”

Most of this electronic content and increased connectivity are essential to stay competitive. “Companies and industry players that proactively adopt and leverage emerging technological trends will position themselves as leaders and innovators in the future of the automotive industry,” Janke said. “By embracing new technologies, they can stay ahead of the curve, remain relevant, and create a competitive advantage in the market.”

However, all of this opens the door for remote attacks on vehicles, which currently account for 90% of the overall attacks across a variety of entry points.

“First and foremost is the keyless entry key fob,” said Thierry Kouthon, principal engineer, product management, Security IP at Rambus. “The next big target is the mobile phone, which is used to connect the infotainment system or warm up the car remotely in cold weather. The onboard diagnostic (OBD) used by the dealer or mechanics is another entry point. The Bluetooth, Wi-Fi, and the telematic networks are all accessible by hackers. And as EVs are gaining popularity, the charging port will be another target.”

Marc Witteman, CEO of Riscure, agreed. “Many sensors will use wireless interfaces to report issues (e.g. tire pressure). These sensors will be low-cost, but even they need to be secured. Think of a scenario where a roadside attacker broadcasts ‘flat tire’ alarms to wreak havoc on a road segment. We have to make sure that all communication to, but also within, vehicles use strong and verified security.”

Connectivity between components inside a vehicle provides important features, such as emergency services, but it also adds risk, particularly when vehicles are connected to the internet or some other network. “A single attack on one system can have a ripple effect on the entire vehicle,” said Rajaneesh Kini, CTO of Cyient.

Frank Schirrmeister, vice president for solutions and business development at Arteris IP, pointed to the three primary targets for hackers. “First, the communication systems, i.e., in-vehicle networks, can be vulnerable to attacks. Second, the infotainment system, which controls the audio, navigation, and other features, can be a potential entry point. Third, items like remote keyless entry systems can allow an attacker to unlock and start the vehicle without the key. Potential vulnerabilities include a lack of encryption, weak authentication, and outdated software. This is particularly important in automotive systems, where a security criticality compromised by an attack may lead to safety losses. Easy targets can be items like mobile apps, the on-board diagnostics port, and Wi-Fi and Bluetooth connections.”

A combination of hardware and software security measures can help prevent vulnerability and detect issues in real-time, such as alerting drivers to unexpected data traffic across a network-on-chip (NoC) or some I/O communications system. But that’s only part of the solution.

Supply chain challenges
Good security also requires cooperation between different companies. The need for OEMs to manage the entire supply chain to close up security holes adds complexity to the whole process.

“With every added intelligent subsystem, the attack surface for bad actors increases,” said Ellen Boehm, senior vice president of IoT strategy and operations at Keyfactor. “Knowing that the systems are connected inside the vehicle provides multiple avenues to critical systems like the engine, power steering, or brakes. A vulnerability in any connected system can be daisy-chained to other systems. This requires a close, trusted relationship between an automotive manufacturer and its Tier 1 suppliers and, in turn, their suppliers.”

Charles Eagan, CTO at BlackBerry, noted the importance of security in the software supply chain, which includes countless vendors that contribute to the software stack of the vehicles themselves, as well as third-party service providers that a company does business with and which may or may not have access to customer data.

The good news is that OEMs are taking this challenge seriously. For example, GM’s cybersecurity organization implemented a three-pillar approach based on industry and government best practices to deploy defense-in-depth, monitoring and detection, and incident response to protect GM and its customers. The company also is actively involved in industry-side efforts such as Auto ISAC, the Cyber Readiness Institute, and the Cyber Auto Challenge.

Mercedes-Benz, meanwhile, has stated publicly that with the increase of digitalization, the requirements for cyber security increase, too. Product safety has been fundamentally important, and the company is focused on proactively managing vulnerabilities and threats throughout each vehicle’s lifecycle.

How to counter ever-changing cyberthreats
Putting up cybersecurity defenses is absolutely necessary, but as cyberthreats quickly evolve, there are multiple approaches that range from securing communication protocols to building security early into the design cycle, balancing security and costs, and implementing new security standards.

“What we advocate is that each of these entry points — except maybe the OBD port, which requires physical access — needs to have a secure communication protocol with secure key management using root of trust and centralized processes,” Rambus’ Kouthon said. “In many cases, the communications between ports, such as the keyless fob, use the same data sequence every time. Once it is compromised, hackers can gain entry to the vehicle.”

To be fully secure, each communication protocol needs to be authenticated using a root of trust, which ensures that keys and confidential cryptographic data are kept secret and processed securely. “Whenever a software module is found to be compromised, the root of trust can be used to update it with a new version, where the vulnerabilities are fixed,” Kouthon said. “Whenever a hardware device is compromised, it can be re-secured using the root of trust, as well. A hardware device compromise often means that its secret keys have been leaked. Those keys can be replaced by new ones by a process assisted by the root of trust. For this purpose, a root of trust will often use secret recovery keys that have not been compromised because they are located in its hardware protected secure enclave. This way, the vehicle can recover from a cyberattack.”

Building security early in the design cycle
To be effective, security needs to be implemented early in the design cycle, preferably at the architectural level. But given the length of the design cycle, and the rapid development of new technologies along the way, that’s a big challenge.

“Even for OEMs today, it is not easy to do,” said Chris Clark, senior manager for automotive software and security at Synopsys. “So many vendors are participating in the development of the vehicles’ components that getting a unified security view of an architectural plan is challenging.”

Clark typically recommends that OEMs look at what’s already been done in other industries. “Don’t try to start from scratch. When you start from scratch, and try to come up with something that’s specific to you or your organization, it’s very expensive. That cost has to be carried back to the consumer. Leveraging existing technologies that are doing a very good job in security can help OEMs achieve better cost-effectiveness. OEMs can pull different security aspects from industrial control systems in the industrial sector, or security mechanisms from the medical space for ensuring critical components operate in the correct fashion, as well as relying on those within the automotive industry.”

Additionally, automotive security must be dealt with proactively at a system-level.

“Security is more than just the hardware on the SoCs in SDVs and modern vehicles,” noted George Wall, product marketing group director for Tensilica Xtensa processor IP at Cadence. “It is a system-level problem that touches upon the SoCs, the software, and the communication and interactions amongst the hundreds of SoCs in a software-defined vehicle. Therefore, architecting the system with security in mind and analyzing threats and vulnerabilities early in the design cycle is essential.”

“Trusted domains are a well-known component of security architectures,” Wall continued, and noted that specialized IP allows users to partition their system into secure and untrusted domains so that only trusted entities can access certain key components.

This should help OEMs regain control when there is an attack, and there are likely to be many such attacks in the future.

“Any compute unit inside a vehicle is a potential threat,” said Francis Chow, vice president and general manager for in-vehicle operating system and edge at Red Hat. “The most vulnerable areas are where physical attachments or connections can be made to an onboard device (e.g., OBD connectors), but these attacks require physical access. Numerous other threat types require understanding and mitigation. Some threats attempt to introduce malicious code during software development. Other threats try to intrude on a functionally running system through an unauthorized entry point, while some target the software update process. Despite the many threats, development teams can work to identify root issues or vulnerabilities to determine next steps.”

Balancing the cost of security
Finding a practical way to implement enough security while keeping costs to a minimum is also critical.

“It’s important to understand what hackers are looking for,” Synopsys’ Clark said. “They usually won’t spend a great deal of effort and money to attack the most vulnerable targets. They go for easy targets such as the key fob. They can reverse engineer how that key fob works in order to gain access to vehicles, and then steal the contents of the vehicle or the vehicle itself. OEMs can raise the bar on the activities that are easily accessed by a common attacker and solidify and harden those areas to make it difficult for that vehicle to be attacked in general. It may not be realistic to expect an OEM to harden the vehicle to the point that no hackers can ever access the vehicle. When that happens, a vehicle that costs $50,000 will be doubled to $100,000. Most consumers will not be willing to pay for that. Additionally, most of the ECUs and ADAS have secure SoCs with failsafe features to prevent major disasters from happening.”

Standards can help establish a good-enough baseline, and the automotive ecosystem is moving in that direction. “For example, NIST just recently selected the Ascon algorithm for lightweight crypto,” said Riscure’s Witteman. “This standard is super-efficient and could provide low-cost security to all automotive sensors. It is important to use test tooling and services to verify the security of all automotive components, and this can also help an OEM achieve ISO/SAE 21434 compliance.”

On top of that comes observability of on-chip communication and instrumentation, as well as certification, particularly for those parts directly tied into safety. “With safety and security going hand-in-hand, safety certification of the NoC IP entering the SoC development process is critical,” said Stefano Lorenzini, fellow and functional safety manager at Arteris IP. For that reason, Arteris is providing safety and resilience capabilities for its configurable NoC IP and is working closely with customers to achieve safe and secure on-chip communication, according to ISO 26262 and ISO/SAE 21434. As the industry marches quickly toward heterogeneous integration based on chiplets, a whole new set of challenges for security and safety is emerging,”

Worst case scenario
What if the best security is added into vehicles and it gets hacked, anyway? The answer is that secret keys can be used to recover the system along with a golden digital twin approach. That’s basically like turning off a computer and rebooting, but not necessarily shutting it down completely.

“Any part of a vehicle is vulnerable to cyberattacks,” said David Fritz, vice president of hybrid and virtual systems at Siemens Digital Industries Software. In a scenario when cameras are hacked; one camera sees the traffic light ‘green’ while another sees ‘red,’ the vehicle can be put in a dangerous position if a wrong decision is made. If a human driver is still in charge, the problem may be minimized. But as vehicles are becoming more and more autonomous, the scenario may have fatal consequence.”

Fritz said the solution is to implement a golden digital twin that is a digital replica of the actual vehicle. “The data stored is the original functional copy. When a cyberattack is detected in the field, the vehicle can always revert to that golden standard where anomalies are identified and vulnerabilities corrected. Additionally, updates to the software in the golden digital twin can be pushed to all the vehicles via OTA to guarantee that fleet vehicles are safe and secure. Frameworks such as SOAFEE are particularly well-suited to adopting this approach.”