Software code in connected vehicles is too often vulnerable to attack, and the auto industry isn’t doing enough to prevent potential intrusions, an expert told Design News .
“There’s typically about ten million lines of code in today’s vehicles, and a lot of it is legacy code, inherited from other projects,” said Jay Thomas, director of field engineering for LDRA, a provider of software verification systems for industry. “We know what we need to do to make that code secure, but a lot of the code in today’s vehicles doesn’t follow the right guidelines.”
Jay Thomas of LDRA: “There’s typically about 10 million lines of code in today’s vehicles, and a lot of it is legacy code, inherited from other projects.” (Source: LDRA)
The key problem is that much of today’s software code is being passed up the supply chain from applications outside the auto industry, Thomas said. Much of it contains “back doors” that allow outsiders to gain access, and possibly even manipulate the operation of a vehicle.
“A classic example is the standard library for C code,” Thomas told us. “These libraries may have ‘hooks’ in them for testing or for doing other things that are unrelated to your automotive application.” Still, the general libraries often end up in automobile applications, giving hackers an easy target for entry into the vehicle, Thomas said.
Recent high-profile automotive attacks have shown that infotainment systems are among the easiest targets for automotive hackers, Thomas added. In one such attack during 2015, a pair of hackers doing a demo for Wired magazine tapped into a vehicle and operated its radio, climate system, windshield wipers and accelerator. The hackers, who were located 10 miles away, went so far as to disable the car while it rolled down Interstate 64 in Missouri. The incident ultimately sparked a recall of more than 1.4 million Fiat Chrysler vehicles.
“Infotainment has a lot of access to other parts of the car,” Thomas told us. “At the very least, it gives access to your mirrors and turn signals. But in some cases, it even gives access to driving.”
One solution is for Tier Two suppliers to replace the general-purpose library with a safer alternative, Thomas said. “We now have chip suppliers, such as Texas Instruments, providing safe libraries that include only the functionality required for the connected vehicle.”
Thomas suggests that automakers apply a “domain” strategy, concentrating on those areas of the car that are most vulnerable to attack. Once they’ve identified the most important safety domains, he said, they can apply their resources for test, verification and validation to those areas. “It’s impossible to apply higher levels of safety throughout the entire vehicle,” he said. “So where there’s higher risk of vulnerability, you apply more checks.”
For autonomous cars, Thomas supports the idea of a distributed computing architecture, in which intelligence is placed at the so-called “edges,” usually near the sensors. “When we get to autonomous vehicles, every component will need to be verified separately,” he said. “There’s going to be a lot more code, and the only