Why Automotive Cybersecurity Is Important

The move by many automotive companies to electronic road vehicles has fundamentally changed the industry, increasing the connectivity and smarts in cars. As they become more connected and smarter, electronic vehicles (EVs) also become more reliant on software for vehicle operations, driving more features and functionality to enhance the driving experience.

More features and functionality in road vehicles result in more complexity and more code. More code means more problems. Problems such as an increased vehicle attack surface could lead to vulnerabilities for attackers to exploit to control and take over the road vehicle. This poses serious safety issues and grave cybersecurity concerns that will hopefully revolutionize how modern cars are designed and developed.

Cybersecurity is the new safety given that software powers modern road vehicles. A standard EV runs over 100 million lines of code, depending on what additional features are equipped with it. Protecting road vehicles from cybersecurity threats is more critical than ever before. One of the major attack vectors targeted is the electronic control unit (ECU), which provides vital communication and essential capabilities for operating, monitoring, and configuring the vehicle subsystems.

What Is an Electronic Control Unit (ECU)?

ECUs are microprocessor-controlled devices that provide a wide range of vehicle essential functions including the following:

• Engine and power steering
• Fuel injection
• Comfort aspects like power windows and seats
• Temperature control
• Security functions like keyless entry and door locks

The ECUs are grouped in subsystems based on their functionality due to the time-sensitive nature of critical events. Modern road vehicles have up to 100 ECUs running vehicle functions. ECUs communicate using their connected bus, where all ECU communication is handled by a gateway to manage and validate messages sent by ECUs.

Deploying ECUs behind a gateway is intended to ensure that only devices that need to be communicating with each other are doing so. This is an improvement from traditional ECU designs that accepted commands from and shared information with any entity on the same wiring bus. This was the attack vector for many of the automotive attacks like the famous Jeep hack, which triggered many improvements around automotive cybersecurity standards.

ECUs Are Likely Cyberattack Targets

There is enough proof of concepts, research, and actual vulnerabilities exploits that demonstrate how ECUs can be reverse-engineered and compromised. These range from the Jeep hack in 2015, Tesla hacks from 2016 and 2017, BMW hack from 2018, and many more in the wild. In all these examples, the ECU was successfully targeted and compromised to give attackers the ability to reprogram and change the behavior of vehicle functions.

Here’s a brief summary of how attackers were able to target the ECUs in road vehicles.

• Sending altered CAN messages to ECUs to appear as legitimate messages to kill engine, brakes, and turn steering wheel.
• Reprogramming and in some instances reflash firmware on ECUs to obtain unlocking seeds to perform privilege operations like read/write memory.
• Resetting and deactivating legitimate ECUs, which prevented receiving and sending CAN messages.
• Sniffing of CAN messages allowed attackers to extract sensitive information being sent from and to ECUs.

In a recent study presented at the Car Hacking Village Def Con 28, “Realistic Trends in Vulnerability based on Hacking into Vehicle,” researchers looked at over 40 ECUs from various manufacturers and suppliers.

Their analysis of the ECUs discovered more than 300 vulnerabilities in both ECU hardware and software with all the high-risk vulnerabilities residing in software. The study also indicated that the more complex ECUs yielded the most vulnerabilities. The Infotainment ECUs contained most of the vulnerabilities that were discovered in the study.

Secure by Design

Building security-in from the onset is the number one goal of the new automotive cybersecurity standard, ISO 21434. There’s a running tally of vulnerabilities in ECUs that demonstrate the seriousness of cybersecurity and its impact on safety, which this standard attempts to address with requirements and recommendations that directly impact how components for road vehicles are designed and developed.

ISO 21434 seeks to integrate high-quality safety and cybersecurity measures throughout the entire product engineering lifecycle to ensure road vehicles have been designed, manufactured, and deployed with security mechanisms to protect the confidence, integrity, availability, and authenticity of vehicle functions in road vehicles.

Two core aspects of ISO 21434 focus on the following.

1. Conducting Threat Analysis and Risk Assessment (TARA) activities that focus on the likely threat scenarios and attack vectors, and how these conditions can impact the safety and cybersecurity of road vehicles. Using TARA and understanding likely attack vectors against components is the ideal way to codify cybersecurity into design and architecture to mitigate cyberattacks. Product teams should leverage the TARA to guide and inform security testing.
2. Ensuring product development addresses cybersecurity in all phases of the product engineering life cycle from concept (design) to decommissioning. ISO 21434 encourages alignment with the system engineering V-model to guide vehicle manufacturers and suppliers in following sound architectural design requirements for cybersecurity. This calls for software verification and validation as part of product testing.

ISO 21434 Calls for Software Verification Activities

Software testing plays a critical role in helping manufacturers and suppliers address requirements and recommendations outlined in ISO 21434. Formalizing static code analysis as part of software verification activities is an ideal way to identify and eliminate ambiguity in code, as well as pinpoint weaknesses that could expose vulnerabilities in software used in ECU components. This helps minimize the attack surface that an attacker can exploit to compromise ECUs that control critical vehicle operations.

Specifically, ISO 21434 references and calls out static analysis in section 10.4 Requirements and Recommendations.

Section 10.4.1 Design

The requirement details section 10.4.1 for design highlights the need to select programming languages suitable for enforcing code that’s syntactically correct with valid structure and grammar. The code must logically make sense semantically and correspond to a set of rules for the language being used. Code must be able to compile cleanly to transform into a sequence of instructions.

Enforcing strong typing, the use of language subsets, and implementing defensive implementation techniques are all requirements specified in ISO 21434. Formalizing secure coding compliance practices using Parasoft MISRA C and CERT C checkers and rules will help manufacturers and suppliers adhere to ISO 21434 requirements and recommendations for mitigating potential risks in software and design.

Employing cybersecurity and safety coding practices to support software verification and validation is a best practice and essential in confirming the cybersecurity specification outlined in ISO 21434. Using Parasoft C/C++ code analysis capabilities eases the rigor of software testing associated with critical-safety software.

Automating software testing with Parasoft C/C++test is made simple with an integrated approach that incorporates static analysis, code coverage, unit testing, requirement traceability, and reporting analytics to streamline your ISO 21434 compliance requirements.

Section 10.4.2 Integration and Verification

ISO 21434 section 10.4.2 provides a list of methods for software verification that can be satisfied using Parasoft’s C/C++ code analysis capabilities. Many security bugs can be detected using control and data flow analysis. Parasoft’s C/C++ code analysis engine is primed to give product engineering teams the breadth and depth into complex flow analysis like use-after-frees, double frees, and buffer overflows.

RC-10-12

Other software verification and testing activities referenced in ISO 21434 include fuzzing, penetration testing, vulnerability scanning. They’re listed as recommendations, noted by RC-10-12. Given the complexity and size of modern software development, running additional testing techniques and tools should be required because each technique finds different types of issues.

To uncover security risks in software product engineering teams should use tools and testing techniques to cover the following scenarios.

• Known Known. Tests to identify software with known/identifiable CVEs. This would include testing capabilities like software composition analysis (SCA) tools that flag known CVEs in software components.
• Known Unknown. Tests to identify CWEs that could be exploitable and expose vulnerabilities (CVEs) in software. This would include testing capabilities like static and dynamic analysis.
• Unknown Unknown. Tests to identify software with unidentified risks/issues, there is no known CWE or CVE associated with it. This would include testing capabilities like fuzzing.

Cybersecurity: The Front Seat Driver

Putting cybersecurity in the front seat of road vehicles with ISO 21434 will help the automotive industry drive better practices to reduce and mitigate cyber threats and attacks that could eventually lead to fatalities.

The connectivity and intelligence in cars has changed the way cybersecurity is contextualized and prioritized in product engineering. By formalizing ISO 21434, product engineering teams can leverage threat analysis and threat modeling activities to inform design decisions and product development throughout the entire lifecycle.

Building security-in cannot just be a catchy phrase anymore because drivers’ safety and security is at stake. Cybersecurity must be ingrained into the entire product engineering team mindset and activities so that the entire team is thinking about ways in which software should be designed and developed to prevent and mitigate cyberattacks.

ISO 21434 provides a road map to help manufacturers and suppliers navigate through safety and cybersecurity challenges in product development. This new standard serves as a building block to bolster security protection mechanisms in road vehicles that will ultimately save lives.

Parasoft: The Road to Automotive Cybersecurity

Parasoft’s C/C++ integrated automated testing solution is the best of breed and scales across your SDLC and product engineering efforts. Uniquely positioned with deep experience and expertise in the embedded software market, Parasoft helps you meet your safety and cybersecurity compliance needs.

A unique combination of software test automation tools, analytics, AI, and reporting provides visibility into quality and security issues from the start. This enables product engineer teams to accelerate software verification in accordance with standards and best practices required by the marketplace.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.