SDVs have led to a surge in software dependencies. How can automotive manufacturers ensure resiliency?
It is nearly a decade since the infamous Jeep Cherokee cyber hack, in which two security researchers, Charlie Miller and Chris Valasek, remotely breached the vehicle’s infotainment system and disabled the accelerator pedal. The hack made global headlines and led to Fiat Chrysler recalling 1.4 million vehicles. Fast-forward to the current day, and a huge increase in connected and automated vehicles – each containing hundreds of millions of lines of code – may be leading the world into a gilded age of e-mobility. However, industry technologists say that the data-driven vehicles of today have introduced new vulnerabilities, leading to an escalating cybersecurity shortfall.
Dr Mathias Dehm, Continental’s chief product security and privacy officer, says the biggest hurdle for him and his team is the overwhelming complexity of next-gen vehicles. He notes, “There are 650 million lines of code in a modern autonomous vehicle. While that translates into fewer components, each one is a high-performance computer. That means there is an increasing number of suppliers, each one producing an individual part, which adds to the challenge.”
Dehm notes that German law “has placed restrictions on penetration testing”, and that there are also “legal challenges around IT protection”.
Dehm continues, “Paragraph 202 of German criminal law requires us to seek permission from every node of the supply chain before we can carry out such testing. In order to proceed, a lot of contractual and alignment work must be completed. For example, we have to seek active resource permission, explain what kinds of tests can be done, and disclose and define any red flags when we think that tests should be stopped.”
Threat neutralized
In terms of testing methods, Continental applies both static and dynamic code analysis, using the gamut of tools available, including network traffic analyzers, vulnerability scanners for hardware and software, laboratories for advanced chip attacks and simulation of diverse wireless systems such as mobile networks.
“The problem is that organizations can’t secure what they don’t know exists, so it’s a visibility issue.”
Chris Darvill, Kong
According to Dehm, the most common vulnerabilities from an OEM’s perspective are found in the back end – the part of the system not accessible to the user. “Increasingly we see weaknesses in the security authentication protocols, which allow cybercriminals to manipulate the odometer value. At a Tier 1 level, typical hacks might be buffer overflow attacks where cybercriminals flood a memory block with data, allowing them to overwrite the information and disable key security features.”
To find buffer overflow up front, Dehm says that one solution is to employ instrumented fuzzing during development. “This means injecting the system with random data,” he explains. “This technique helps us decipher whether or not the system has reached the point where memory can be overridden. Another method to protect against the severe consequences of a buffer overflow is scrambling the software, making it much more difficult for bad actors to identify which part of the system they can supersede to disable security functions.”
Dehm notes that if a buffer overflow attack reaches an advanced stage, Continental’s cybersecurity product line – developed by PlaxidityX, a cybersecurity company it acquired several years ago – “blocks the attack before exploitation and sends a report to a back-end system, where security analysts then pick it up”.
With cyberattacks becoming more sophisticated, OEMs must remain several steps ahead, which is far easier said than done.
“While vehicle development times are getting shorter, a vehicle often stays on the market for 15-20 years, using technology – such as chips – that was designed many years earlier,” points out Dehm. “With AI driving rapid technological advances, new attack methods have come to the fore that researchers couldn’t have predicted when the chips were originally developed.”
He believes that coverage-guided fuzzing could make a profound difference to cybersecurity testing because it identifies weaknesses or quality issues early, enhances security and prevents cyberattacks across the entire security architecture.
“Unlike interface fuzzing, coverage-guided fuzzing is able to detect system crashes caused by randomized input data across the whole system functions. By doing so, it can identify weaknesses deep into the system, while interface fuzzing is typically only able to do this on the direct functions of the interface itself.”
Code locked
Preproduction cybersecurity testing requires a holistic and systematic approach, as outlined in the European Union’s UN R155 and UN R156 regulations.
US company Integrity Security Services (ISS) develops a system called Device Lifecycle Management, which supports security infrastructure across complex supply chains. David Sequino, the company’s co-founder and CEO, believes that the core challenge OEMs face is that they bear the ultimate responsibility – liability rests with them. Yet modern manufacturers act more as system integrators than software developers.
“Over 90% [of the software] is written by Tier 1 suppliers. The question is, if you are an OEM and you haven’t written the code, how do you ensure that every line of software is safe from cyberattack? That is impossible without end-to-end embedded security.”
Sequino reports that ISS works hand in hand with its automotive partners to “ensure the bar is raised across the board”.
Its Device Lifecycle Management platform achieves end-to-end security by providing ISS partners with low-level code that they can run on the engine control units. It also includes a back-end system called DLM Trust, which enables secure OTA updates to OEMs, gateways and all engine control units within the vehicles. A Flex Embedded software line enables OEMs to separate themselves from the various hardware components, providing an added layer of consistency and security.
“If you are an OEM and you haven’t written the code, how do you ensure that every line of software is safe from cyberattack?”
David Sequino, Integrity Security Services
ISS’s product range complies with UN R155 and UN R156 – regulations that set stipulations for hardware and software products sold in the EU – and it is preparing to launch DLM Cumulus to provide more support to auto makers and suppliers in meeting these standards.
“This product enables OEMs to design and maintain a device architecture, ensuring with Tier 1 suppliers that an electronic control unit meets cybersecurity requirements,” Sequino explains. “For example, it has a secure central processing unit and a secure boot. Most importantly, DLM Cumulus ensures that OEMs can securely sign all software, guaranteeing that every layer of software in an ECU is authentic.”
With DLM Cumulus, automotive producers can achieve a higher level of robustness and visibility. Sequino believes that this will be something of a game-changer for cybersecurity as auto makers have to do more with less, and cyber teams are shrinking.
Auto armor
Instead of trying to secure everything, one approach might be to focus on protecting the most critical systems and interfaces – much like a navy safeguards key trade routes rather than the entire ocean.
Is the internet too vast to secure? Connected vehicles have given hackers more opportunities to wreak havoc, as a group of independent security researchers demonstrated last year when they discovered a flaw in the Kia web portal, which enabled them to transfer control of the internet-connected features from the owner’s phone to the hacker’s.
Tomas Bodeklint, research and business developer at RISE, highlights that electrification will greatly increase the number of attack vectors in a vehicle, as “It brings together connected vehicles and new interfaces like smart public and home charging point infrastructure.”
To tackle the threat head-on, David Sequino, CEO and founder at ISS says, a change of mentality is needed. “The industry must flip the script. For those who say that the internet is too vast to secure, I offer a navy analogy. ‘What is the navy’s charter?’ I ask. After a pause, they reply, ‘To protect the ocean.’
“But like the internet, the ocean is too big to protect. You have to select your critical ports, trade lanes, your people and the goods that navigate the globe using those trade lanes. We need to adopt exactly the same approach to secure the automotive space.”
Guard the grid
Chris Darvill, Kong’s VP of EMEA solutions engineering, says that without robust security, application programming interface (API) vulnerability “could open the door for unauthorized access or even breaches that disrupt vehicle safety or performance”.
This is a big deal. Car data APIs “are the nervous system of a vehicle as they enable all the communication between components, external systems and services, like OTA updates, navigation or telematics”.
Darvill says that shadow APIs – in other words, those that are undocumented or unmanaged – pose a major cyber threat to modern vehicles.
“They are a serious risk because they often operate outside the scope of formal security processes. In the context of vehicles, that means they could inadvertently expose critical systems, like over-the-air updates or diagnostics, to exploits. The problem is that organizations can’t secure what they don’t know exists, so it’s a visibility issue,” he emphasizes.
Darvill advises that to mitigate attacks on API infrastructure, whether it is a rogue, shadow or zombie API, companies should “adopt a zero-trust architecture, implement regular penetration testing and sanction red-team exercises to simulate attacks”.
This article was originally published in the Automotive Testing Technology International June 2025 edition. Read the original publication here
