Software code in connected vehicles is too often vulnerable to attack, and the auto industry isn’t doing enough to prevent potential intrusions, an expert told Design News.
“There’s typically about ten million lines of code in today’s vehicles, and a lot of it is legacy code, inherited from other projects,” said Jay Thomas, director of field engineering for LDRA, a provider of software verification systems for industry. “We know what we need to do to make that code secure, but a lot of the code in today’s vehicles doesn’t follow the right guidelines.”
Jay Thomas of LDRA: “There’s typically about 10 million lines of code in today’s vehicles, and a lot of it is legacy code, inherited from other projects.” (Source: LDRA)
The key problem is that much of today’s software code is being passed up the supply chain from applications outside the auto industry, Thomas said. Much of it contains “back doors” that allow outsiders to gain access, and possibly even manipulate the operation of a vehicle.
“A classic example is the standard library for C code,” Thomas told us. “These libraries may have ‘hooks’ in them for testing or for doing other things that are unrelated to your automotive application.” Still, the general libraries often end up in automobile applications, giving hackers an easy target for entry into the vehicle, Thomas said.
Recent high-profile automotive attacks have shown that infotainment systems are among the easiest targets for automotive hackers, Thomas added. In one such attack during 2015, a pair of hackers doing a demo for Wired magazine tapped into a vehicle and operated its radio, climate system, windshield wipers and accelerator. The hackers, who were located 10 miles away, went so far as to disable the car while it rolled down Interstate 64 in Missouri. The incident ultimately sparked a recall of more than 1.4 million Fiat Chrysler vehicles.
“Infotainment has a lot of access to other parts of the car,” Thomas told us. “At the very least, it gives access to your mirrors and turn signals. But in some cases, it even gives access to driving.”
One solution is for Tier Two suppliers to replace the general-purpose library with a safer alternative, Thomas said. “We now have chip suppliers, such as Texas Instruments, providing safe libraries that include only the functionality required for the connected vehicle.”
Thomas suggests that automakers apply a “domain” strategy, concentrating on those areas of the car that are most vulnerable to attack. Once they’ve identified the most important safety domains, he said, they can apply their resources for test, verification and validation to those areas. “It’s impossible to apply higher levels of safety throughout the entire vehicle,” he said. “So where there’s higher risk of vulnerability, you apply more checks.”
For autonomous cars, Thomas supports the idea of a distributed computing architecture, in which intelligence is placed at the so-called “edges,” usually near the sensors. “When we get to autonomous vehicles, every component will need to be verified separately,” he said. “There’s going to be a lot more code, and the only way to solve the security issue is to distribute the intelligence, distribute the parts, and verify the parts in separation.”
No matter the type of vehicle, however, the key will be for engineers to apply a reliable set of common guidelines for automotive security, Thomas said. That means more than just checking for potential errors in the development process. It means adopting a set of development practices that include methodologies for verification, validation and traceability.
“We want to push the idea that security is more than just a checklist,” he said. “It’s a process.”
Senior technical editor Chuck Murray has been writing about technology for 33 years. He joined Design News in 1987, and has covered electronics, automation, fluid power, and auto.
Code Quality Is Key to Securing the Connected Car
Join Jay Thomas, director of field engineering for LDRA, as he discusses the vulnerabilities of connected automobiles at the upcoming ARM TechCon, Oct. 24-26, 2017 in Santa Clara, CA. Thomas will describe recent hacks, and then walk audiences through the tools and techniques that can be used to protect future vehicles in a technical session, titled “Code Quality Is Key to Securing the Connected Car.” Register here for the event, hosted by Design News’ parent company UBM.