June 1, 2017

Securing your ride

News Security

Modern cars are basically computers on wheels. The number of electronic components in vehicles has been increasing at a steady pace, and many models built in the past three to five years have a number of cameras, sensors, and radars on board, accompanied by hardware to process and analyze signals from all that equipment. But that’s just the tip of the iceberg: Almost any major component of a modern car, such as the engine, steering, brakes, and so on is controlled by electronics and is interlinked with an onboard network. Moreover, many of those cars are connected to the Internet, and several of the most recent models can actually drive by themselves in certain conditions, without any help from the driver.

Securing your ride

So, cars and computers really are closely related. But there’s at least one significant difference: security. The computer security industry is more than 20 years old now, whereas there’s almost no such thing as automotive IT security. With cars so dependent on computers — with cars resembling computers — it’s natural to think there might be car malware and that car electronics could be hacked or exploited. Indeed they can.

Is car hacking a real threat?

Car hacking became a hot topic a couple of years ago, when security researchers Charlie Miller and Chris Valasek showcased how they hacked a Jeep Cherokee remotely, gaining full control over it. They were able to remotely control steering, acceleration, brakes, and the head unit. The thing is, when the hackers gained control, the driver lost it.

Since that time, we’ve also seen a Tesla Model S hacked and the very same Jeep hacked again — using different techniques. The fact that cars can be hacked feels even more disturbing when you think about self-driving cars, the automotive industry’s obsession for now and probably the next decade.

Automotive electronics are quite complicated, with a lot of standards, a lot of proprietary elements, and plenty of mysterious bits that no one but the manufacturer understands. Another important point is that even if some parts are tested with security in mind, the car is a combination of those parts, and the whole doesn’t usually receive the benefit of thorough security research. VW’s Dieselgate is a perfect illustration of all those issues and complications.

It’s clearly high time for someone to think about IT security in the automotive industry — someone who can actually do something about it.

A step into the world of secure connected cars

Kaspersky Lab is no stranger to the automotive world: We have partnered with Ferrari since 2013, and in 2016, we created the Kaspersky Motorsport division. So we’ve been paying attention to the automotive industry for quite some time, and now we’ve taken another step into making the automotive world a safer place.

Today AVL, the largest independent developer of powertrain systems, and Kaspersky Lab are announcing a partnership aimed at making connected cars secure and less prone to hacking.

AVL makes a lot of different car parts, and Kaspersky Lab has the missing piece — a secure operating system, Kaspersky OS. The main goal of the partnership to create a Secure Communication Unit (SCU) — a combination of software and hardware that will secure communications both between car parts and between connected cars and infrastructure, and also enable secure-by-design car software. This SCU (also known as Car Gateway) will ideally be a flexible solution that is easy to implement yet provides reliable security and does not allow hackers to mess with car electronics.

The secure communication platform will be presented this fall in Frankfurt, at the New Mobility World show. You heard it right here: We’re going to make connected cars secure.