In-Vehicle Security

Protecting in-vehicle systems from cyberattacks
featured image

The fundamental cybersecurity measure to protect vehicles from hackers.

Cyberattacks on in-vehicle systems can be silent yet catastrophic. By gaining access to the Automotive Emergency Braking (AEB) system, hackers can delete or change outgoing messages from the network, ultimately taking control of the vehicle.

In-vehicle security is the most fundamental security measure required for vehicle type approval, as regulated by WP.29.

AUTOCRYPT provides complete security for the internal systems of the vehicle, using its Intrusion Detection System (IDS) for monitoring malicious activities and Advanced Firewall for blocking attack attempts.

Highlights

All You Need to Know About In-Vehicle Security

and stay prepared with AUTOCRYPT

In-Vehicle Structure

A vehicle’s internal system consists of over 100 electronic control units (ECU), which control a number of electrical subsystems responsible all functionalities of the vehicle, from handling to connectivity.

page image

The network protocols that enable the ECUs are largely categorized into the Controller Area Network (CAN) and MOST (Media Oriented System Transport) systems.

The CAN bus manages a vehicle’s internal communications for controlling power, direction, brakes, etc. MOST manages the systems for transmitting in-vehicle audio, video, and data via fiber-optic cables. Other network protocols like FlexRay and Ethernet govern high-capacity on-board computing.

page image

Need for Security

The CAN (Control Area Network) bus is designed to allow microcontrollers and in-vehicle systems to communicate without a host computer.

However, they are not built with the intention of tracking where the communicated messages come from, making the systems vulnerable to external threat actors.

page image

If an attacker were to take over an ECU, for example through exploiting vulnerabilities in the infotainment system, the attacker would then be able to send any message they want, thereby controlling, extracting, and manipulating data. They would be able to access sensitive information, as well as send malicious code into the vehicle.

Hackers may attempt to establish a foothold in the vehicle’s various systems by executing attacks through making changes to the memory disk, damaging the ECU functions, or infiltrating the core data storage units of the vehicle.

page image
Ensuring the security of a vehicle’s internal structure is of utmost importance.
If the security of the network is compromised, it becomes the ideal environment for hackers to seize control of the vehicle’s core functions like steering, braking, data collection, and network communication.
Network Infiltration Attack Cases
2010. 08    |   Message fabrication from tire-pressure monitoring system (TPMS) resulting in false activation of warning lights and announcing falsesystem failure in ECU systems
2013. 10     |   Demonstration of potential attack on vehicle’s CAN bus by sending random malicious CAN packets, resulting in the yield of complete control of the vehicle’s display, acceleration, and brake settings. 
2015. 02    |    Allegemeiner Deutscher Automobil-Club (ADAC) confirmed the vulnerability of BMW’s ConnectedDrive by demonstrating that it is possibleto open and close vehicle doors by sending a simple SMS text.
2015. 07    |   Vehicles with GM’s OnStar system were found vulnerable regarding security of door locks and jumpstarting
2019. 03    |   Toyota had a security breach that leaked sensitive information. More than 3.1 million people were affected. Additionally, unauthorized attempts to enter the systems of Toyota’s subsidiaries were detected. 

Our In-Vehicle Security Solution

AUTOCRYPT provides complete security for the internal systems of the car.

Not only does AUTOCRYPT’s in-vehicle security solution block malicious threats from outside the vehicle, but it also monitors communications within the vehicle, responding to any abnormal or malicious activity. With its Intrusion Detection System (IDS) and Advanced Firewall, AUTOCRYPT provides a complete, secure ECU security module for the vehicle.

page image