With increased connectivity on vehicles for safety, comfort, repair notifications and more, keeping the information secure, and the vehicle safe is a top focus of those interested in telematics.
Fitting, then, that the Technology Telematics Forum at NACE | CARS 2016 kicked off Friday morning with a panel conversation around vehicle security and hacking. The growing concern is: How do you keep (or get) the repair shops in and the bad guys out?
It definitely is an issue, as Mahbubul Alam, a panelist with Movimento Group, describes the vehicle as a hamburger: There are parts on top of each other similar to a patty of meat, toppings and sauces, but when the parts were put together to create the vehicle, they were not done so with security in mind.
“Security is just an afterthought that came along,” he states, adding that it now is important to design everything from the ground up to be secure. It is covered as the five C’s: the chipset that goes into the electronics, client (Software security), connectivity, cloud and content.
It is important to make sure the architecture of the vehicle is compartmentalized, so when someone tries to hack the vehicle in ways Smith outlined, for example going after the TPMS, they cannot get through the whole system. Alam related it to going from one key for your house to having a separate key to enter each individual room in the house.
“We have to make sure each door has a separate key. If you enter through your garage, you should not be able to get into the house. If you enter through your living room, you should not be able to get into the bedroom,” Alam says. “It means you don’t allow it to spread.”
Moving to these compartments allows over-the-air updates to fix these attacks.
As these technologies come along, fellow panelist Craig Smith with Theia Labs, says it will be a process to be aware of and vocal about OEs allowing access to firmware. While they want to protect the firmware from the “bad guys,” technicians will need to be able to work with these systems and repair future vehicles.
“The OE gets to pick and choose who gets these keys and they can set the pricing,” Smith says of technology like scan tools that would need updated for these services. “Only the people who are currently playing the game are going to be able to continue and they will block out others. That’s my concern.”
