In 1978, General Motors used a Motorola 6802
CPU in the Cadillac Seville to calculate trip information (average speed\fuel
usage\engine information). This is one of the first software controlled systems
used within an automobile. The application calculating this information consisted of less than 10,000 lines of
code. A few years later, the first software controlled engines were introduced. This software contained about 50,000 lines of code. Since the introduction of software solutions within automotive, the number as well as the size of these solutions grew exponentially.
These days, high end cars contain up to a hundred electronic control
units running about a hundred million lines of code connected by multiple
in-car computer networks. To emphasize the huge size of these solutions: the
complete package of software controlling the Joint Strike Fighter (JSF)
contains about 5.7 million lines of code (almost a factor 20 less)! This shift
from purely mechanical to electronic solutions introduced comfort and safety
increasing functions on one hand, but on the other hand it made automobiles
more complex to design, test and maintain.
What about security?
The control units running this software are connected via (unsecure)
computer networks, enabling them to send messages across and thereby adjusting each
other’s settings. Recent research has shown the vulnerability of these networks
by taking over control of the speed dial and even more important, the car's brakes. Since
these interventions require a physical connection to the network, at first this doesn’t
sound as an important security issue. But, additional research has shown several
ways to access this network. For example by adding software to a digital music
file, which while being played by the car's audio system, gets access to the
car's network. This attack still requires a user of the car to connect the file
to the audio system, but these days downloading mp3-files from the internet and
playing them in our cars is common practice.
Another way of gaining access to the network is, through the emerging
communication interfaces in a car, for example Bluetooth interfaces and internet
access enabling real time traffic information. Furthermore, there exist cars
that can be controlled by smartphone apps enabling users to remotely open doors
and start the car’s engine to preheat it before driving. These connections can
be used to gain access to the car’s network and take over control of the car.
If these vulnerabilities are exploited by malicious persons, harmful situation
could occur. It is interesting to note that these security issues not only
apply to the automotive industry, but also to for example power plants. In June
2010 Stuxnet (a computer virus) was spread, infecting PLCs of nuclear power plants.
Protection
To be able to protect our cars from similar attacks, it is important to
take security issues into account while designing the architecture of the
complete electronically system of a car. Using this approach, it will be
possible to identify weaknesses during design time and resolve them. For
example the interfaces that somehow enable remote access to the car’s network
will need to have proper authentication systems and communication needs to be
encrypted. This will help solving these security issues and thereby allowing users
to securely enjoy nowadays multifunctional cars.
This comment has been removed by the author.
ReplyDeleteTechnology is always ahead of time. Automotive software brings a lot of things to ponder on especially when it comes to the safety and security. These are great challenges of automotive software. But I guess, technology has a lot more to offer to counteract and surpass these challenges.
ReplyDeleteI can see that you're a specialist for your blog site! I will be starting a website soon, as well as your tips can be really useful for me.
ReplyDeleteThanks for sharing your interested & knowledgeable points there are some relevant beneficial points