Current embedded flash solutions pose significant security risks to vehicles.
The Internet of things (IoT) is driving new capabilities that are transforming how we live, work and play. However, as our lives become more connected, the risk from hackers and other security breaches increases with every new IoT device. While most of us are pretty well versed in why we need to keep our most trusted devices secure – such as cell phones and laptops – we often don’t think about the connected intelligence that is now powering our cars. The truth is, these systems are ripe for security breaches. Just look at the Telsa Model 3, which is one of the most intelligent cars on the market. Back in March 2019, hackers targeted this car’s infotainment system and by using a JIT bug in the renderer, they were able to take control of the system. Granted, this was part of a hacking event so it posed no risks to the owner, but it did expose a gaping hole in the security of automotive electronic systems. If autos are going to continue to become more intelligent and connected to the world’s growing IoT infrastructure, this weakness must be addressed and solved.
Automobile electronic systems are steadily becoming more intelligent. As the figure below illustrates, advanced electronic functionality is being added throughout the vehicle such as ADAS, Gateway, Power Train, Infotainment, V2V, and V2X. These new capabilities are driving the need for increased security and safety, particularly around the flash memory that has become a key component of these systems. Flash memory has been around for decades and it has evolved to now serve the automotive market. The problem, however, is that current embedded flash solutions pose significant security risks because they are based on legacy technology and architectures that don’t have the proper certification to guarantee both security and safety.
In automotive systems, safety and security are fundamental requirements to guarantee a tolerable level of risk, as defined by the ISO 26262 standard. These risks are managed by car manufacturers and subsystem providers, but with an increasing complexity of vehicle electronics, the functional safety is now also the responsibility of IC manufacturers including the flash memory that stores critical code and data.
Security in automobiles is all about hiding the information and encrypting everything to prevent leakages via sophisticated mechanisms such as side channel. Data stored in a flash array must be mixed and encrypted and the communication channel must be strongly encrypted. Likewise, safety in automobile systems is about 100% observability, error detection and maximum disclosure of information. Data should be validated and testing should guarantee very high quality level at ~0 DPPM. In addition, defect analysis should allow quality improvement and fault root-cause detection.
It is imperative that automobile manufacturers and makers of auto electronic systems ask the tough questions now – and not after a security breach has occurred in a real-life situation. Auto manufacturers have a choice in the type of flash technology they adopt and that decision will play a key role in protecting or exposing the vehicle once it’s on the road and in the hands of consumers. Thus, before you decide which flash product to trust for your security and safety, ask these following key questions:
Clearly, a more modern approach to flash memory is needed in automobile systems for all the reasons highlighted above, and more. Unlike some of the older flash technology on the market, new technology is needed that can enable code and data to be transferred between a secured area and the SoC or MCU over a cryptographically secured standard SPI bus. In the future, it is likely that these more secure flash solutions will become a requirement for meeting security guidelines and standards, particularly since cyberattacks are becoming more pervasive and sophisticated. Regulations are likely to also become more stringent, which will further elevate the importance of security and functional safety in automotive applications.
Electronics play a vital role in almost every part of the vehicle today, from the body to the powertrain to the infotainment system. As consumers demand more innovation in advanced safety, security, infotainment, comfort, and convenience features and federal fuel economy standards keep increasing, next generation vehicles will have an even greater number of electronic components. This will make it increasingly important that the core technology such as the flash memory meets the highest level of security and safety standards. Threats from hackers have become increasingly sophisticated and this is going to require semiconductor manufacturers to develop more modern approaches that can thwart these attacks quickly and effectively. When it comes to your automobile, safety and security is definitely not something you want to skimp on.
Leave a Reply