Exploring whether cybersecurity winds are set fair for over-the-air updates

Last year, cybersecurity was thrust into the spotlight when two major hacks exposed key weaknesses for automakers. The first was Fiat Chrysler Automobiles (FCA), who famously fell victim to an attack by a pair of white hat hackers who exposed vulnerability in the manufacturer’s latest infotainment system. This manifested in the hackers being able to take control over a Jeep Cherokee while driving at speed, as well as use several of the controls such as the air conditioning and stereo.

The other example was Tesla, who’s Model S was successfully hacked into by security researchers after they discovered how to connect to the brands virtual private network. They demonstrated this by controlling the car at low speeds via a laptop. Despite the hack proving difficult for the researchers to complete it did prove that no modern car is completely safe from a cyberattack.

It was really interesting to see how the two companies reacted to this threat. FCA displayed a lack of cybersecurity understanding by choosing to recall 1.4M cars as well as mailing drivers a USB stick to patch the system (potentially exposing another security risk if malware was inserted into the USB), whereas Tesla worked with the security researchers and within a few weeks had issued an efficient over-the-air (OTA) fix to Model S owners.

Benefit vs threat

The benefits of OTA, which will be discussed comprehensively at TU-Automotive Cyber Security USA 2016,  are many: faster and more reactionary updates; a method for updating security; cost efficiency and an increase in comfort. However, with OTA also comes disadvantages because the system has the capability to be an attack surface in itself.

However, this may not be a specific OTA problem as Robert Gee, head of product management, SW & Connected Solutions, Continental explains: “With any update mechanism, this provides yet another entry point to the vehicle system that must be adequately protected.”

Many manufacturers already add features and upgrade functionality via OTA for their infotainment systems but only select brands such as Tesla are delving into both core and security updating. The brands most recent updates have changed suspension settings, offered more engine power and added additional safety features such as lane collision warning systems.

All experts we spoke to agreed that eventually large carmakers will implement full OTA technology after carefully evaluating and managing the risk element.

The most popular alternative to OTA updating is still on-board diagnostics. This delivers software updates manually via a dealership and has the disadvantage of being costly and slow. Scott J. McCormick, president of the Connected Vehicle Trade Association, predicts this technology will be transitioned out of the vehicle in the next five years. Another alternative, as suggested by Gee, is to provide the consumer with a simple mechanism to update their vehicle, such as sending them a USB stick but he says “many people may not complete this simple step”. Again, this may also be vulnerable to security hacks.

Andre Weimerskirch, associate research scientist, cybersecurity, UMTRI, believes that secure software updates are a proper security mechanism, regardless of method: “Control units should not be reprogrammable with any software that is not legitimated by the carmaker. I feel that the benefit of software OTA will outweigh the risk and that the risk will be manageable.”

The future of security

OTA has opened up a can of worms for the automaker as they now expose themselves to potential vulnerability. Considered implementation will be essential to avoid endangering the public, as well as the introduction of new structures regarding software and configuration.

Intentional attacks are only a small part of the problem, explains McCormick: “For software, 5% of the problem is malicious attack (we have yet to see one in the wild – everything that has been demonstrated has been by academics, white hat hackers and companies wanting to get their security solutions into automotive), 25% of the problem is software collisions, and 70% of the problem is code bugs (about 1 for every 4,000 lines of code).”

To ensure the secure running of updates, he suggests that “a valid handshake with an authorised updating entity is needed, ensuring the delivered code is fully and quickly loaded, and exactly replacing what it should, as well as working correctly with all the other programs”.

As a result of these challenges automakers have started to take cybersecurity very seriously. Brands such as BMW and Tesla actively work with security researchers and white hat hackers in an attempt to keep ahead of any potential security flaws. A BMW spokesperson explained that the brand also have their own in-house team working on potential attack scenarios.

Gee agrees that OTA updates provide a mechanism for the automotive industry to better keep up with hackers but safety must be the top priority. “As vehicles become ever more connected, and advanced driving assistance systems and highly automated cars increase, it will become important to treat each vehicle as a connected node on the network – a node that benefits from its connectivity, yet must also be protected to maintain its primary functions. For automotive, security is akin to safety: the primary goal of a vehicle is to transport a person from point A to point B safely, quickly, and comfortable, in that priority order. Cybersecurity attacks have the potential to affect those goals, and it would never be acceptable to allow safety to be compromised.”

The future and implementation

The landscape is looking good for OTA with most major vehicle manufacturers expected to introduce the technology in the near future, bolstered by the successes of brands such as Tesla. Many brands such as Volvo and VW are currently working on the architecture to implement this technology, aided by the discoveries of researchers and hackers who help to provide advanced notice of key issues that can arise.

There are challenges ahead but it seems the advantages of OTA will motivate car companies to invest in the technology. “With new threats from bad code, bugs, collisions and cyberattacks, being able to push out a fix ubiquitously and immediately has huge benefits,” says McCormick.

All of the experts we spoke to agreed that OTA will be implemented across major carmakers in the next five years. As new engine control unitsare created and vehicle architecture adapted to support software updating, an update system will have to be introduced.

McCormick believes this will start at local dealerships: “At least initially, the dealers will have to have the ability to connect wirelessly to the car, deploy the update, validate it, and record the versioning in the vehicle record.” Managing this system will be the most difficult aspect, he says. “An OEM with multiple makes and models, with customers keeping cars for 11+ years, and soon you will have thousands of make/model/update profiles to keep track of unless you set up a scheme to update all of a specific make model at once.”

Once this system is implemented then technologies such as vehicle-to-vehicle can be fully utilised, notes Weimerskirch, as well as new security systems. “I believe we will at some point see a system where automotive intrusion detection systems monitor the in-vehicle electronics and report suspicious activities to a cloud server. The cloud server runs forensics and will detect abnormal behaviour, including attacks. The cloud will then react, eg by investigating utilised exploits and updating firmware, and then push out the updates to all cars via secure software update procedure.”

Cybersecurity will only grow in importance as technologies such as OTA become more commonplace in vehicles. OTA has already fundamentally changed automotive security and will continue to raise both benefits and challenges as the industry works collectively to ensure the smooth running of software implementation. Given its competitive nature this remains the biggest challenge of all. After all, it is how carmakers react to these security challenges that will determine how the public perceives them.