Electronics specialist explains the core parts of its system which prevents hackers taking control of connected cars.
How hackers can impede connected vehicles
A Security Framework that protects vehicles connected to external networks such as the internet from hackers has been created by Harman; the automotive electronics specialist. Much like a laptop computer, a hacker that bypasses a car's security could make it behave in a manner which is detrimental to the legitimate operator.
Harman explained that there has not been a single instance of malicious vehicle hacking, so far. There have, however, been a series of experiments – conducted by industry professionals in controlled environments – that emphasised the potential consequences. Consider a test conducted in the U.S.A., for example.
The hackers were 10 miles from the vehicle armed with a laptop computer. Having bypassed its security they: switched the ventilation system to full power, changed the radio station, turned the volume to maximum and switched on the windscreen wipers and washers. They then deactivated the transmission so the car stopped.
Car hacking a new, modern, threat
A Harman Director, Asaf Atzmon, explained: “A few years ago, the concept of automotive cyber security was largely confined to industry experts. Now it’s a topic that consumers are asking about. According to a recent survey, in some countries as many as 59% of buyers are actively concerned about the prospect of car hacking.”
Security Framework strengths
The Harman Security Framework incorporates a 5+1 structure, the electronic specialist explained.
- The secure hardware platform provides a safe environment to store cryptographic keys then to execute sensitive operations.
- Safety-critical functions are isolated from the infotainment system. This concept enables separate operating systems to run on the hardware which makes it tough for infections to spread.
- The next level of security relates to the memory, storage and peripherals and determines “who has access to what”. The Harman example is that if the “CD player suddenly wants to control the brake it is a good indication something is wrong”.
- There is a sandbox function too. Its purpose is to separate newly downloaded applications from the car's core operating system. This allows apps to be more easily removed if harmful.
- The network protection system controls the flow of information into and out of the vehicle. It scans for signs of hacking then prevents unauthorised software reaching critical systems.
- The “+ 1” element of the security system ensures it is up to date. It is then at its most secure (in theory). Updates come through a wireless connection and might relate to the engine management, satellite navigation and infotainment systems.
Mr Atzmon concluded: “Ultimately, it’s all about eliminating the risk of intrusion. The car industry will need to reassure consumers that their connected cars are safe.”