From Silicon To Software

 

Protecting Automotive OTA Software Updates from Security Threats

ota vehicle software updates security

By Chris Clark, Senior Manager, Synopsys Automotive Group

Think back to the first car you ever purchased or, even better, a car that was handed down to you. For the most part, all of the parts and features in that car rolled off the assembly line with it. The scratchy eight-track player, dashboard gauges that you could not read in direct sunlight…you’d have all of these things for the life of the car, unless you or a mechanic implemented upgrades or changes along the way. Thanks to software and connectivity, these experiences may be a thing of the past. Today’s vehicles are increasingly becoming dependent on software, and the push towards software-defined vehicles that are more future proof than their predecessors are on the rise.

There is a challenge, though. How do you ensure that software responsible for so much of the operation of your new vehicle is maintained and updated regularly, properly, and, most of all, safely? The answer is over-the-air (OTA) software updates.

However, while OTA software updates and in-vehicle apps give cars fresh new capabilities and customizations year after year, not to mention the implementation of important fixes, they also present potential security vulnerabilities that must be protected against.

Fancy rims and catalytic converters filled with precious metals are tempting—and obvious—targets for thieves. But for hackers bent on causing harm, breaking into a vehicle’s network, or manipulating its software code, is just as tantalizing. In this blog post, I’ll discuss potential vulnerabilities in OTA software updates and how you can prevent these updates from turning into a threat actor’s dream.

What Makes Vehicle Software Updates Vulnerable?

OTA software updates, delivered over a cellular network, Wi-Fi, or other radio frequency- (RF-) based methods, provide vehicle manufacturers with a way to fix bugs as well as launch new or updated features and functions—without requiring a dealer visit. The current driver for OTA updates is currently related to security, but this will shift over time to support purchasing and other features.

OTA updates are relevant for all vehicles but, in particular, electric vehicles (EVs). In fact, EV manufacturers often tout their updates when they market their vehicles. According to Loup Ventures, a research-driven venture capital firm, Tesla, which in 2012 was the first car company to utilize OTA updates, stands well above legacy carmakers in its use of this technology. The firm gives Tesla an A grade for updates that impact key areas of vehicle performance, such as battery range, braking and acceleration, and autonomous systems. While Tesla has, from the very start, built into its vehicle systems its electrification, connectivity, and autonomous functions, other vehicle manufacturers are a few years behind, based on the Loup Ventures study. This kind of forward thinking allows EV makers like Tesla to tailor vehicle performance for regional markets, something that’s near impossible for a traditional vehicle.

As vehicles have evolved, carmakers employing software engineers is a fairly new trend. The automotive supply chain has always had a substantial software development requirement. To be sure, many carmakers continue to rely on off-the-shelf or third-party components and are just starting to ramp up their software staffs. A 2020 survey produced by Aurora Labs and Strategy Analytics finds that more automakers want to develop more of their software in-house. VW, for example, has a target for 60% in-house development via its Car.Software division.

Whether developed in house or within the supply chain, automotive software, as well as the channels through which software updates are made, have potentially multiple points carrying a high risk of being targeted, including:

  • Wireless communication, such as Wi-Fi, Bluetooth, and other RF technologies
  • Hardware, such as the components that manage and monitor RF communications
  • Software, from the lower layers in the communication stacks to the upper layers in the application software; this also includes non-automotive-ready, open-source software, which is often used in communication stacks
  • Custom code
  • Unintended interactions
  • Design issues or software defects in areas such as communication between the vehicle and backend support system

A cybersecurity breach might conjure images of hackers taking control of the vehicle (such as the well-documented episode involving a couple of ethical hackers and a Jeep in 2015), but that is just one aspect in a very complex solution. It’s also important to keep data privacy in mind – if a vulnerability is left unprotected, what happens with the data that is accessed? Will it get into the wrong hands? As updates are applied, can you ensure that personally identifiable information won’t get shared unintentionally?

Automotive Cybersecurity Standards and Best Practices

The automotive industry currently lacks a standardized means to verify software updates. One OEM might have more than a dozen different ways to confirm software updates for some of its components or rely on a complex supply chain for updates and delivery of said updates. As the software-driven aspect of the industry matures and the industry moves toward a more unified approach on updates, guided by the eventual emergence of industry standards, the landscape should improve.

At the moment, cybersecurity-related guidance is available from entities such as the National Highway Traffic Safety Administration (NHTSA), which earlier this year updated its Cybersecurity Best Practices for Modern Vehicles report. The report proposes a multi-layered approach to cybersecurity, focusing on a vehicle’s entry points that could be vulnerable to a cyber-attack. This layered approach is designed to reduce the chances of a successful vehicle attack while mitigating the potential impacts, providing protections for the vehicle and its ecosystem.

On the standards front, the Sustainable Transport Division of the United Nations Economic Commission for Europe (UNECE) has a World Forum for Harmonization of Vehicle Regulations (WP.29) that has developed a regulatory framework for technological innovations to make vehicles safer as well as more environmentally sound. WP.29, which applies to 58 countries including the European Union, the U.K., Japan, and South Korea, calls on carmakers to implement measures to manage cybersecurity risks and to provide safe and secure software updates. The International Organization for Standardization (ISO) is expected to release later this year ISO/SAE FDIS 21434 Road Vehicles – Cybersecurity Engineering, which conveys a cybersecurity framework for the lifecycle of road vehicles. Also, in development, is ISO/CD 24089 Road vehicles—Software update engineering. ISO 24089 will provide organizational, procedural, and technical requirements related to cybersecurity and software updates throughout the vehicle lifecycle, from development to production to after sales. Through this, the standard will propose that:

  • The vehicle can ensure its software updates come from trusted sources
  • The updates themselves will not impact the safety envelope of the vehicle
  • And the vehicle user won’t be able to delay or reject the update

Your Road to More Secure Connected Cars

Just as they download apps and software updates on their mobile phones, drivers are getting accustomed to the smartphonezation of their cars. As connected cars turn into smartphones on wheels, these software-defined vehicles will need to be safeguarded from cyber-attacks.

Risk must be managed across the software development lifecycle and the supply chain. Developing secure OTA software updates and in-vehicle apps entails a number of measures, from risk and threat modeling to communications interface testing to the implementation of encryption and authentication. Synopsys offers a portfolio of software integrity solutions designed to help you build software security and reliability into connected cars. With so much riding on vehicles, you can’t afford to skimp on security.

In Case You Missed It

Get additional insights from other posts in our automotive cybersecurity series: