Automotive & Transportation

Automotive Security and the Paradox of Connected Cars

07 November 2016

The connected car is apparently at a crossroads after multiple car hackings. It was a buzzword just before autonomous vehicles, so why has it gone so quiet? The CAN bus’s security issues could be one reason.

Masayoshi Son, CEO of Softbank—now ARM's parent company—reminded the audience at his opening keynote address at the recent ARM TechCon that vehicles without security can be easily hacked. In fact most connected systems can be hacked. Later Simon Segars, ARM's CEO, suggested outright that makers of any connected system should hire hackers to test their systems, including automotive infotainment and control.

And to make the point, ARM invited the famed car hacker Charlie Miller to its annual design event in Silicon Valley to put things in perspective. Miller is currently working as a security engineer at Uber.

He became a technology celebrity in 2015 when he and fellow hacker Chris Valasek disabled the accelerator of a Jeep Cherokee cruising on I-64 in Missouri while using a laptop 10 miles away from the highway. That eventually led to a recall of 1.4 million Fiat Chrysler vehicles. Miller and Valasek were able to access the vehicle’s radio, climate system and windshield wipers during this car-hacking demonstration.

In his keynote speech at ARM TechCon, Miller traced the origin of automotive security woes to the advent of the CAN bus standard that significantly reduced the amount and weight of wires inside cars. That, in turn, led to cost- and fuel-efficiency gains.

The consensus at ARM TechCon: there is a critical need to get the security right while cars are getting connected. The consensus at ARM TechCon: there is a critical need to get the security right while cars are getting connected.

However CAN buses, sets of wires, not only talked to each other but also began connecting cars to the outside world. "There are 40 to 50 computers inside the car that are continuously talking to each other," Miller said. "The head-unit is the main compute system inside the vehicle, where most of the data comes from the outside world, and it took me five minutes to find the vulnerability in the head-unit via the navigation system."

Miller mentioned Bluetooth for linking car electronics to smartphones and cellular modems on telematics units like OnStar as the key communication windows that allow hackers to access cars for malicious intentions. His advice to automotive design engineers: pay special attention to the connected car features, especially the ones that access the CAN bus, because they can potentially enable access to steering, brakes and other critical control units.

Miller pointed out that security breaches taking place via mobile applications and infotainment unit hacks are not usually very dangerous. However they are still a security concern and can go beyond simple hacks like changing radio stations.

"Cars have always been insecure, but it didn't matter because they were not connected to the outside world," Miller added. "But as soon as we connected them with the outside world, it opened up the security risk." He also called for more transparency in the car design ecosystem and knowledge of what kind of malicious attacks car OEMs contemplate.

A View from Automotive Roundtable

In a roundtable discussion about the latest trends in automotive technologies held at the ARM TechCon, ARM's VP of segment marketing, Charlene Marini, acknowledged Miller's take on how the connected car movement is evolving amid vehicle security concerns. "Advanced driver assistance systems (ADAS) are moving to the mainstream due to strong consumer demand, and the ADAS features are clearly safety-oriented," said Marini.

On the other hand, according to Marini, the autonomous cars as well as hybrid and fully electrical vehicles are mostly based on industry-driven initiatives. Likewise vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) initiatives are still at an early stage and are most likely to reinvigorate the telematics market, she added.

ARM's Charlene Marini: ADAS take-off underlines the crucial importance of automotive security. ARM's Charlene Marini: ADAS take-off underlines the crucial importance of automotive security.

Soshun Arai, embedded segment manager at ARM, said the automotive industry is in the midst of a transformation. "Vehicles are moving from isolated systems to full-fledged compute platforms," Arai said. "So it's imperative that software algorithms running critical technologies like sensor fusion are in good shape."

He also said that overall compute power is continuously increasing, adding new layers of processing with the addition of sensors such as cameras and lidars. Regarding whether MCUs will remain predominant in the automotive scene or powerful new system-on-chips (SoCs) will be required in the connected car environment, Arai said that MCUs will continue to serve audio and radar applications.

However, for cameras and lidars, a new breed of SoC devices are crucial for efficiently running the algorithms for computer vision, sensor fusion and so forth. It is worth noting that most of the automotive chipmakers, especially MCU suppliers, are ARM customers.

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets