Industry figures show that on average, there are between one and 25 bugs in every 1,000 lines of code. A number of these bugs will be vulnerabilities. This in turn means that within a modern vehicle, with 50 million lines of code operating over five years, there are potentially 10,000 vulnerabilities in a platform, 2,500 of which are likely to be discovered. This poses challenges for OEMs as the connected car rises to prominence.
“It’s a perfect storm,” said Joe Fabbre, Director of Platform Solutions, Green Hill Software in a presentation at Connected Car Detroit by Automotive Megatrends. Fabbre was referring to the cyber security challenge faced by the industry as it introduces multiple forms of connectivity, coupled with the amount of control that advanced driver assistance systems (ADAS) now wield over a vehicle, such as braking, throttle and steering.
“Cellular connectivity, Wi-Fi, Bluetooth and V2X provide numerous ways to remotely access the vehicle today,” he said. “Several hacks last year showed it is possible to infiltrate vehicle systems, and gain access to computers. In some cases, security was not built in from the beginning.”
Several incidents made headlines in 2015. A study released in March 2015 showed that by extracting data from the telematics unit installed in a car-sharing vehicle, one group was able to open up a large number of BMWs, Minis and Rolls-Royce models. Later that year, a Jeep Cherokee was remotely hacked on the highway by a white-hack group. Similarly in August, a Tesla was hacked.
Perhaps the major takeaway from Tesla’s case, said Fabbre, was that the OEM emerged as “the hero”. Within days, firmware over-the-air (OTA) updates had corrected the problem. Moving forward, said Fabbre, OTA will become an essential part of any overall scheme, but it will be important for OEMs not to rely too heavily on the technology.
“In a doomsday scenario, entire fleets of cars could be attacked,” he suggested, referencing the BMW hack in which an attack that started on a single vehicle became effective against multiple vehicles. “We need to make it impossible to have widespread attacks, and OTA updates are a ‘fail first, fix later’ approach.” Security, he said, needs to be built in from the beginning.
Moving forward, it will be essential to ensure adequate separation between various areas of vehicle architecture. “Critical components within the system must be identified,” said Fabbre, “and these must be separated from untrusted lines of code, and strict access control enforced.”