Car News

Harman reveals its new car hacking security system

Automotive electronics company, Harman, claims its working with a number of car makers to employ its new security system to protect connected cars from car hacking.

CAR HACKING. It’s now a thing. Although, that said, most incidents of car hacking have involved engineers and researchers showing the theory behind what’s possible. And, most attacks need a hacker to have something physically plugged in to your car’s head unit.

You can read more here:

Car Hacking explained;

Can your keyless car be hacked?

But, as more and more car makers release new models that can connect to the internet, and by 2020 it’s predicted there will be around a quarter of a billion connected cars travelling the worlds roads, car makers are being pushed to ensure its security keeps pace.

“A few years ago the concept of automotive cyber security was largely confined to industry experts,” says Harman’s Asaf Atzmon, Director, Business Development and Marketing, Automotive Cyber Security. “Now it’s a topic that consumers are asking about. According to a recent survey, in some countries as many as 59% of buyers are actively concerned about the prospect of car hacking.”

In a short statement, Harman announced it “has devised a specially-developed 5+1 security framework which consists of a series of layers that protects the car’s head unit from being compromised and used as a portal into the in-vehicle network (something which could jeopardise safety critical systems)”.

The company claims its system is like the layers of an onion:

  • “At the deepest level, a secure hardware platform provides a safe place to store cryptographic keys and execute highly-sensitive operations in a secured manner.
  • Safety-critical functions are isolated from the infotainment system using what’s known as a hypervisor. This concept – originally developed for supercomputers – allows two completely separate operating systems to run off the same hardware. It makes it extremely difficult for an infection on one side of the system to spread to the other.
  • The next level controls access to the memory, storage and peripherals. It essentially determines who has access to what. If, for instance, your CD player suddenly wants to control the brakes it’s a good indication that something is wrong.
  • Next comes the sandbox function. This keeps newly downloaded applications separate from the core system so they can be disabled and removed if they’re found to be harmful.
  • The fifth level is the network protection system. This controls the flow of information into and out of the car, looking for any signs of intrusion. Working on two levels, ECUSHIELD turns the vehicle’s ECU into an Intrusion Detection and Prevention (IDS/IPS) system and smart firewall to protect critical communications within the car. It continuously monitors the vehicle to provide real-time detection of malicious communications and prevents them from reaching the vehicle’s critical systems. Meanwhile, TCUSHIELD protects infotainment and telematics systems. Also using IDS/IPS technology, it integrates with existing telematics units and uses highly advanced algorithms to protect both internal and external networks so a vehicle can operate safely while still monitoring and reporting to an external control centre. This level has the ability to spot patterns and uncover a threat, even if the threat is attempting to disguise itself as a legitimate function such as a software update.
  • The final ‘plus one’ level is the ability to install over-the-air (OTA) updates to various systems within the car such as the navigation, engine management and infotainment systems. By keeping the software up to date, it helps to ensure that the car is protected at all times.”

 “Ultimately, it’s all about eliminating the risk of intrusion,” concludes Atzmon.

Question: Do you own a connected car? Are you fearful of car hacking?


Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Andrew Riles
Andrew Riles
4 years ago

Hi Isaac,

I don’t own a connected car, but certainly have my concerns about car hacking…

That said, my IT background means I have a reasonable grasp of existing online security measures, so realise that many of my concerns can be mitigated with appropriate security measures….one of the tricks it seems is finding the balance between security and usability….

I like the ideas presented here, as the system is not only trying to prevent intrusions, but also trying to detect intrusion like activity….that said, protection against dodgy email attachments and websites is also a must, as in some cases this can replace the need for hackers to have physical access to install any software they might need….

PracticalMotoring
4 years ago
Reply to  Andrew Riles

Absolutely. And there seem to be more and more email-based scams going around. I must receive about 5 emails each day asking me to pay an invoice for a service I did order via a company I’ve never heard of. In the same way we lock our doors and tell the kids not to talk to strangers, clicking an email attachment from a person you don’t know is a no-no. And it’s surprising how many people, or maybe not, who think that because they’re on their computer in the relative safety and comfort of home that nothing bad can happen.
It’s great to have connected cars for safety and traffic congestion, etc, but security has to be a number one priority. – Isaac

Isaac Bober

Isaac Bober