Harman reveals its new car hacking security system
Automotive electronics company, Harman, claims its working with a number of car makers to employ its new security system to protect connected cars from car hacking.
CAR HACKING. It’s now a thing. Although, that said, most incidents of car hacking have involved engineers and researchers showing the theory behind what’s possible. And, most attacks need a hacker to have something physically plugged in to your car’s head unit.
You can read more here:
But, as more and more car makers release new models that can connect to the internet, and by 2020 it’s predicted there will be around a quarter of a billion connected cars travelling the worlds roads, car makers are being pushed to ensure its security keeps pace.
“A few years ago the concept of automotive cyber security was largely confined to industry experts,” says Harman’s Asaf Atzmon, Director, Business Development and Marketing, Automotive Cyber Security. “Now it’s a topic that consumers are asking about. According to a recent survey, in some countries as many as 59% of buyers are actively concerned about the prospect of car hacking.”
In a short statement, Harman announced it “has devised a specially-developed 5+1 security framework which consists of a series of layers that protects the car’s head unit from being compromised and used as a portal into the in-vehicle network (something which could jeopardise safety critical systems)”.
The company claims its system is like the layers of an onion:
- “At the deepest level, a secure hardware platform provides a safe place to store cryptographic keys and execute highly-sensitive operations in a secured manner.
- Safety-critical functions are isolated from the infotainment system using what’s known as a hypervisor. This concept – originally developed for supercomputers – allows two completely separate operating systems to run off the same hardware. It makes it extremely difficult for an infection on one side of the system to spread to the other.
- The next level controls access to the memory, storage and peripherals. It essentially determines who has access to what. If, for instance, your CD player suddenly wants to control the brakes it’s a good indication that something is wrong.
- Next comes the sandbox function. This keeps newly downloaded applications separate from the core system so they can be disabled and removed if they’re found to be harmful.
- The fifth level is the network protection system. This controls the flow of information into and out of the car, looking for any signs of intrusion. Working on two levels, ECUSHIELD turns the vehicle’s ECU into an Intrusion Detection and Prevention (IDS/IPS) system and smart firewall to protect critical communications within the car. It continuously monitors the vehicle to provide real-time detection of malicious communications and prevents them from reaching the vehicle’s critical systems. Meanwhile, TCUSHIELD protects infotainment and telematics systems. Also using IDS/IPS technology, it integrates with existing telematics units and uses highly advanced algorithms to protect both internal and external networks so a vehicle can operate safely while still monitoring and reporting to an external control centre. This level has the ability to spot patterns and uncover a threat, even if the threat is attempting to disguise itself as a legitimate function such as a software update.
- The final ‘plus one’ level is the ability to install over-the-air (OTA) updates to various systems within the car such as the navigation, engine management and infotainment systems. By keeping the software up to date, it helps to ensure that the car is protected at all times.”
“Ultimately, it’s all about eliminating the risk of intrusion,” concludes Atzmon.
Question: Do you own a connected car? Are you fearful of car hacking?