Author: 吳心予

With the increasing popularity of electric and smart vehicles, the introduction of advanced self-driving functions, and the use of car networking and OTA updates, hackers have more opportunities to attack automotive systems. A successful hack can result in the compromise of personal information and even control over the vehicle, putting the safety of drivers and passengers at risk. To combat this, international regulations have been strengthened, with the WP.29 R155 standard set to become mandatory in 2024. This has prompted automotive suppliers to keep pace with information security requirements by adhering to the ISO 21434 standard.

Information Security is the Foundation of Automotive Safety

In the past, the automotive industry primarily focused on functional safety, using specifications such as ISO 26262 to ensure the proper operation of software and hardware. However, with the increased use of connected and intelligent vehicles, the industry must now consider information security as the foundation of automotive safety. This is because even if a vehicle's software and hardware are functioning normally, it can still be vulnerable to hacking and loss of control. Kevin Huang, Manager Functional Safety/Cyber Security at DEKRA, stresses that as the trend towards software-defined vehicles evolves, it is critical for the automotive supply chain to prioritize information security to safeguard functional safety. Without it, even if a vehicle's hardware and software are confirmed to be functioning properly, hackers could still exploit vulnerabilities, causing the vehicle's systems to fail, putting drivers at serious risk.

Four Main Automotive Security Threats

The information security risks associated with vehicles can be divided into four key areas: the car's own networking and control system, mobile phone control, back-end cloud services, and the supply chain management of automakers. Ziv, Vice President of VicOne's Automotive Cyber Threat Research Lab, explains that the first security threat comes from the car's networking and keyless functions. This vulnerability can be exploited by hackers who gain access to the car system during the connection process or remotely monitor, replay, or forge the car key, enabling them to control the car or steal the owner's personal information.

The second security threat is the connection between the mobile phone and the vehicle, or the app used to control the vehicle's functions. For instance, if a mobile phone is hacked during internet access, the hacker could control the vehicle through the phone or the app used to control the vehicle, impacting the door, window, engine, and automatic driving functions.

The third risk is related to back-end cloud services. If there is a security vulnerability in the app's back-end provided by the car manufacturer, the hacker could gain access and directly instruct the vehicle supplier, which would then be transmitted to the customer's vehicle. This could result in the hacker controlling the vehicle through the cloud service or stealing the owner's personal data. The fourth and final threat is from the supply chain, where production line/product data may be leaked in the supply chain of the vehicle manufacturer, potentially leading to the exposure of the owner's personal information.

Ensuring Information Security is Key for Personal Safety

The strategy for protecting automotive information security must start with identifying vulnerabilities early on and fixing them promptly. Edward Tsai, Vice President of Strategic Partnership at VicOne, states that personal safety is the top priority for information security protection in vehicles. While in the past, international automotive regulations focused on functional safety, it has become clear that automotive safety affects functional safety, leading to the inclusion of new information safety-related specifications in the regulations. The goal of vehicle information security protection is, after personal safety, to ensure the vehicle operates normally and protect the owner's personal information.

VicOne monitors the vehicle system through the cloud to detect potential security vulnerabilities ahead of hackers and quickly patches any abnormal information connections. If the vehicle has already been hacked, VicOne's Virtual Patch technology is used to resolve the attack, and relevant information is then provided to the vehicle manufacturer to fix the information security vulnerability.

Edward Tsai, Vice President of Strategic Partnership at VicOne

Ziv said that in the future, the need for automotive security will continue to grow, and the information security function of software has the potential to develop into a single chip. There are already hardware security modules (HSMs) for vehicles available on the market, used for authentication, keys, storage, and other tasks. In the long run, VicOne may develop exclusive automotive security chips designed to meet all automotive cybersecurity needs.

Ensuring the Security of OTA Updates with Encrypted Packets

With the increasing number of automotive features updated through over-the-air (OTA) technology, the risk of security attacks targeting the OTA update process has become a concern. To maintain the security of vehicles, it is crucial to ensure the security of OTA updates. According to Paul Wu, CEO of Carota, the complexity of software in consumer electronics and smart cars varies greatly. The code of a mobile phone has about 10 million lines, while self-driving software at Level 2+ has about 150 million to 200 million lines, and the code for Level 3 self-driving software can reach up to 300 million lines, which is 20 to 30 times more than a mobile phone. Hence, securing automotive OTA updates is much more challenging compared to securing consumer electronics.

To ensure the security of automotive OTA updates, Carota uses encryption to secure the transmission between the cloud and the vehicle. This ensures that the public and private keys match, allowing for the update package to be unlocked. The differential upgrade process compares the new and old versions of the file before upgrading, only changing the parts that are different. Carota also compresses the content to be updated by 20-30 times, speeding up the overall download and upgrade time, increasing the success rate of the new version download, and reducing transmission costs for the owner.

Challenges in Meeting Security Regulations

In addition to the need for comprehensive security for the automotive supply chain, Taiwan's automotive suppliers face challenges due to a lack of familiarity with automotive standards and changes in the automotive product supply model. Kevin Huang notes that European automakers will require suppliers to meet R155 specifications starting in 2024. However, some automotive component suppliers in Taiwan, who were originally supplying consumer electronics, are not familiar with automotive safety standards. These manufacturers may have passed ASPICE and ISO 26262 but not ISO 27001 and TISAX, and they may not be familiar with the V Model development project for automobiles. Even if the suppliers meet the above specifications, ISO 21434 is a new standard for product information security, making it difficult for car manufacturers to implement in practice.

Kevin Huang further explains that in traditional product supply, suppliers develop products for vehicle manufacturers, checking requirements, architecture, code, and testing/verification to ensure the products can be used in the vehicle system. However, in the automotive information security standard, the V Model adds an extended process, requiring suppliers to monitor product application in the vehicle after development. This monitoring is necessary because the product is vulnerable to hacking after it is used, and suppliers need to continuously monitor the product even after it is sold.

Original article: https://www.mem.com.tw/系統漏洞不可輕忽%E3%80%80資安軟體強化車輛防駭/