Driving Security to Protect In-Vehicle Apps
If you look at a modern vehicle, it would seem as if nothing has really changed since their early 19th century cousins. You would find a steering wheel, windows, doors, engine, brakes, and a fuel tank, but that is where the similarities end.
Modern vehicles have 100’s of computers, complex safety systems, road monitoring, and more. You may not have a steering wheel in the future, but self-driving capabilities and more will be driven by powerful computing capabilities and complex software solutions. Culminating in a mini supercomputer on wheels that is revolutionizing the automotive industry.
Today, popular mobile phone applications can now be connected seamlessly within your car, giving you the option to watch movies, stream music, interact with you, and even control aspects of your house.
We’ve reached a point where cars are defined by the software they have and not just by the mechanical parts that hold them together. These capabilities are thanks to a technology referred to as Over-The-Air (OTA) updates, which have been a transformation in the industry. OTA allows engineers the ability to fix bugs, introduce new features, and monitor a car’s overall performance. Naturally, this brings a wealth of possibilities for partnership with third parties for more technological offerings and opening the door to new revenue opportunities for Original Equipment Manufacturers (OEMs).
Nevertheless, as with any technological system, these vehicles can be a hotbed for potential security risks, which will be a target for cybercriminals to exploit if they are not effectively secured. As OTA enables new technologies, OEMs and their suppliers explore ways to minimize critical security flaws and establish new and novel safeguards to protect vehicles and their passengers. This is especially important as the popularity of third-party providers becomes more prevalent.
The delivery of OTA’s software updates typically utilises cellular networks, Wi-Fi, and, in increasingly rare cases, USB. These are quick and efficient methods for updates to be delivered for car manufacturers, reducing costly service visits. There is a downside that OTA updates can be costly, especially if there are large and frequent software updates.
Today, there is no standard way in which the verification process of software updates is conducted in the automotive sector, and this raises the issue of risk. This must change and can begin with the establishment of uniformity in how software updates are created, deployed, and verified, particularly as software-centric features become more engrained within the automotive experience. Regulatory bodies like the National Highway Traffic Safety Administration in the U.S. and the EU’s UN Regulation WP.29 R155 provide mandates to manufacturers that require OTA capabilities in vehicles in a bid to improve this aspect of vehicle security. This is a good start, but certainly, more needs to be done.
To lay the appropriate foundations for security, a company must start with a risk assessment. This assessment outlines the components within a vehicle and the level of acceptable risk for each item and its associated software. Questions around software quality, safety, and security are raised, and responsibility and accountability are assigned.
For example, self-parking apps are becoming more popular, but these require access to the vehicle’s physical systems and data. But consider who should bear responsibility for an app’s security, ensuring that it doesn’t contain any malicious software or could be easily compromised.
The self-parking app is a clear example of utilising advancements in technology to generate new revenue avenues for car manufacturers.
Another example is using location data, traffic patterns, and purchasing habits that allow your vehicle to make suggestions about ordering a coffee when you have time or even if you have to take a different route. It could then place an order for you on your way to work at your favourite coffee shop, with payment handled through in-vehicle app purchases. These apps could even communicate together to streamline your weekly tasks. Say you needed to drop off and pick up dry-cleaning, the car with its many applications, would then plan a route for drop off and pay for the service, set a reminder, and offer to route on the day of pickup. Imagine the level of convenience this would provide, but the risks posed can be great.
These ideas are not far away, and we are seeing increased collaboration between car manufacturers, app developers, and well-known consumer brands to enhance the user experience. Sure, it may take time for consumer-level innovations to really kick-off on a large scale, but enterprise-level changes are being tested. To achieve this, having a robust risk assessment and secure development lifecycle is a high priority for manufacturers. Creating robust systems that segregate functions and only allow secure access is one step, with the next requiring suppliers to meet stringent safety and security guidelines.
Establishing secure APIs for developers aids in monitoring and access control to safety systems. With this, should an app have an issue, the vehicle will know the appropriate action to take to safeguard itself. On top of this, deploying an additional protective layer for the vehicle subsystems will enable a safer interaction between the third parties and vehicles to provide more value-added services.
From a software security perspective, security solutions can be leveraged to adequately protect in-vehicle apps and OTA updates and should include the following technologies: static application security testing, fuzz testing, and application vulnerability correlation as part of their secure software development lifecycle. These can help diagnose, manage, and remediate software risks to reduce operational costs and deliver a positive user experience.
The road ahead is paved with exciting new experiences and services that car manufacturers want to bring to enrich our lives. Naturally, OTA updates and in-car apps will certainly be a part of that development. The only hope is that the responsibility of security is taken seriously to provide a comprehensive safety net for the vehicles we use, both now and going forward.
Article by Chris Clark, automotive systems security architect at the Synopsys Software Integrity Group.