It was recently reported that a number of Fiat Chrysler vehicles were being recalled due to the potential for them to be hacked.
Experts at IoT security specialist INSIDE Secure have been looking at the risks and how vehicles can be made more secure in future.
Previously, access to a car's systems was only via a diagnostic port either under the hood or on the dash. But in any modern car there is a series of increasingly powerful computers on several networks. The problem is that there are now connections between information systems (SatNav, Radio head unit, etc) and control systems (ECU, Transmission) and safety systems (ABS brakes, 4WD, tyre pressure sensors, lights) which are increasingly interwoven with each other. Add in Cellular, Wi-Fi, BlueTooth NFC and other inputs and you have a car that can potentially be hacked from anywhere.
The car has pretty much become a data centre on wheels but lacks the perimeter defenses that protect traditional data centres. This means that security is often down to individual components, sometimes relying on basic hardware authentication. However, rarely has anyone thought about the interaction of thousands of lines of software code in these components.
INSIDE Secure suggests that the way to address this is via a more holistic approach. Manufacturers need to ensure that the executables for each individual component are secure. They can do this by adding cryptography to ensure that communications and authentication between software inside a device and between devices are authenticated and that the software is only allowed to run in the manner designed by the coder.
Manufacturers should also add in remote security monitoring to alert if there is a software or network breach. This means they don’t have to rely on spotting known attacks.
INSIDE Secure's VP of Business Development, Douglas Kinloch concludes, "In other words, the car network has to be treated in the way that the mobile payment folks are treating mobile phones, a potentially hostile environment, and act accordingly".
More information on INSIDE Secure’s solutions to secure chips and other system elements is available on the company's website.