Alexander Damisch, Cofounder and VP Products at BedRock Systems
In 2015, the driver of a Jeep Cherokee lost control of the vehicle in the middle of a highway. Ten miles away, two hackers had taken over, turning the air conditioning on, changing the radio station, engaging the windshield wipers and eventually cutting the transmission. Thankfully, this hack was planned and conducted by security researchers – and resulted in the recall of 1.4 million vehicles – but it exposed the vulnerabilities of many modern automotive systems.
As demonstrated by the Jeep Cherokee incident, automotive hacks have the potential to cause significant damage to a manufacturer’s brand image, including recalls, lost revenue and tarnished reputations. More so, the advent and adoption of connected vehicles poses a great risk to society as a whole if security precautions are not adequately addressed.
The fact is that vehicles are more and more becoming “smartphones on wheels”. With the customer expecting them to be up to date with the latest features, even after having been deployed to the streets. The challenge is that cars are also safety devices. They are regulated to ensure people are not harmed during use of the “machine”. At the same time it must be ensured that the “machine” in question behaves as intended and not been hacked with malicious intent.
Today’s vehicles are increasingly connected, with systems capable of navigating traffic, reporting the weather, facilitating phone calls, paying for gas, finding parking, or tuning into the latest podcast or radio show. In fact, many modern vehicles deploy around 150 electronic control units and 100 million lines of code, numbers that will only increase with consumer demand for connected technologies. At the same time, vendors are moving away from the individual ECUs to centralized domain controllers, calling it the Software Defined Vehicle. Now, consolidating all these individual functions onto even fewer, but much more powerful devices, makes the infrastructure even more vulnerable, as the physical separation has now been replaced by a virtual separation. Meaning: One function going wrong can now spread laterally through the system much more easily. The next step, happening right now, is to “serverize” the controller. This allows massively reduced cost, space and power needed for the new brain of the car.
All of these features require connectivity, typically in the form of Bluetooth or internet connections, and communicate through the vehicle’s internal computer network (CAN bus) to send commands from the software to physical components. Not only does this increase the number of endpoints requiring security, but many of these connections are on the network with little or no authentication. If one connected unit is compromised, it could be used to access and exploit other systems. To this end, the National Highway Traffic Safety Administration (NHTSA) released best practices for cybersecurity and safety of modern vehicles, recommending that automakers use a layered approach to cybersecurity that limits repercussions in the event of an attack.
The BedRock HyperVisor™ ensures automotive industry security and safety for connected and autonomous vehicles without software developers and manufacturers having to modify existing processes. The solution can be rolled out as the threat landscape evolves, as it features formal verification at scale and tools that reduce human error and minimize the time needed for verification. The BedRock HyperVisor™ is also self-contained, so all other housekeeping systems sit outside and no longer become potential attack vectors that can be used to bypass system security. It restricts functionality of the connected systems to constrain behavior to acceptable commands, granting access only to secure resources to prevent the spread of malicious code.
Unfortunately, it is no longer a matter of whether a system might be hacked, but when and how much damage will be involved. The continuing rise of autonomous, connected, electric, and shared cars will only increase opportunity for risk, making cybersecurity even more of an imperative for automotive manufacturers.
Get in touch to learn more about BedRock Systems’ cutting-edge security technology that supports innovation within the automotive industry and guarantees safety for consumers.