The move by many automotive companies to electronic road vehicles has fundamentally changed the industry, increasing the connectivity and smarts in cars. As they become more connected and smarter, electronic vehicles (EVs) also become more reliant on software for vehicle operations, driving more features and functionality to enhance the driving experience.
More features and functionality in road vehicles result in more complexity and more code. More code means more problems. Problems such as an increased vehicle attack surface could lead to vulnerabilities for attackers to exploit to control and take over the road vehicle. This poses serious safety issues and grave cybersecurity concerns that will hopefully revolutionize how modern cars are designed and developed.
Cybersecurity is the new safety given that software powers modern road vehicles. A standard EV runs over 100 million lines of code, depending on what additional features are equipped with it. Protecting road vehicles from cybersecurity threats is more critical than ever before. One of the major attack vectors targeted is the electronic control unit (ECU), which provides vital communication and essential capabilities for operating, monitoring, and configuring the vehicle subsystems.
ECUs are microprocessor-controlled devices that provide a wide range of vehicle essential functions including the following:
The ECUs are grouped in subsystems based on their functionality due to the time-sensitive nature of critical events. Modern road vehicles have up to 100 ECUs running vehicle functions. ECUs communicate using their connected bus, where all ECU communication is handled by a gateway to manage and validate messages sent by ECUs.
Deploying ECUs behind a gateway is intended to ensure that only devices that need to be communicating with each other are doing so. This is an improvement from traditional ECU designs that accepted commands from and shared information with any entity on the same wiring bus. This was the attack vector for many of the automotive attacks like the famous Jeep hack, which triggered many improvements around automotive cybersecurity standards.
There is enough proof of concepts, research, and actual vulnerabilities exploits that demonstrate how ECUs can be reverse-engineered and compromised. These range from the Jeep hack in 2015, Tesla hacks from 2016 and 2017, BMW hack from 2018, and many more in the wild. In all these examples, the ECU was successfully targeted and compromised to give attackers the ability to reprogram and change the behavior of vehicle functions.
Here’s a brief summary of how attackers were able to target the ECUs in road vehicles.
In a recent study presented at the Car Hacking Village Def Con 28, “Realistic Trends in Vulnerability based on Hacking into Vehicle,” researchers looked at over 40 ECUs from various manufacturers and suppliers.
Their analysis of the ECUs discovered more than 300 vulnerabilities in both ECU hardware and software with all the high-risk vulnerabilities residing in software. The study also indicated that the more complex ECUs yielded the most vulnerabilities. The Infotainment ECUs contained most of the vulnerabilities that were discovered in the study.
Building security-in from the onset is the number one goal of the new automotive cybersecurity standard, ISO 21434. There’s a running tally of vulnerabilities in ECUs that demonstrate the seriousness of cybersecurity and its impact on safety, which this standard attempts to address with requirements and recommendations that directly impact how components for road vehicles are designed and developed.
ISO 21434 seeks to integrate high-quality safety and cybersecurity measures throughout the entire product engineering lifecycle to ensure road vehicles have been designed, manufactured, and deployed with security mechanisms to protect the confidence, integrity, availability, and authenticity of vehicle functions in road vehicles.
Two core aspects of ISO 21434 focus on the following.
Software testing plays a critical role in helping manufacturers and suppliers address requirements and recommendations outlined in ISO 21434. Formalizing static code analysis as part of software verification activities is an ideal way to identify and eliminate ambiguity in code, as well as pinpoint weaknesses that could expose vulnerabilities in software used in ECU components. This helps minimize the attack surface that an attacker can exploit to compromise ECUs that control critical vehicle operations.
Specifically, ISO 21434 references and calls out static analysis in section 10.4 Requirements and Recommendations.
The requirement details section 10.4.1 for design highlights the need to select programming languages suitable for enforcing code that’s syntactically correct with valid structure and grammar. The code must logically make sense semantically and correspond to a set of rules for the language being used. Code must be able to compile cleanly to transform into a sequence of instructions.
Enforcing strong typing, the use of language subsets, and implementing defensive implementation techniques are all requirements specified in ISO 21434. Formalizing secure coding compliance practices using Parasoft MISRA C and CERT C checkers and rules will help manufacturers and suppliers adhere to ISO 21434 requirements and recommendations for mitigating potential risks in software and design.
Employing cybersecurity and safety coding practices to support software verification and validation is a best practice and essential in confirming the cybersecurity specification outlined in ISO 21434. Using Parasoft C/C++ code analysis capabilities eases the rigor of software testing associated with critical-safety software.
Automating software testing with Parasoft C/C++test is made simple with an integrated approach that incorporates static analysis, code coverage, unit testing, requirement traceability, and reporting analytics to streamline your ISO 21434 compliance requirements.
ISO 21434 section 10.4.2 provides a list of methods for software verification that can be satisfied using Parasoft’s C/C++ code analysis capabilities. Many security bugs can be detected using control and data flow analysis. Parasoft’s C/C++ code analysis engine is primed to give product engineering teams the breadth and depth into complex flow analysis like use-after-frees, double frees, and buffer overflows.
Other software verification and testing activities referenced in ISO 21434 include fuzzing, penetration testing, vulnerability scanning. They’re listed as recommendations, noted by RC-10-12. Given the complexity and size of modern software development, running additional testing techniques and tools should be required because each technique finds different types of issues.
To uncover security risks in software product engineering teams should use tools and testing techniques to cover the following scenarios.
Putting cybersecurity in the front seat of road vehicles with ISO 21434 will help the automotive industry drive better practices to reduce and mitigate cyber threats and attacks that could eventually lead to fatalities.
The connectivity and intelligence in cars has changed the way cybersecurity is contextualized and prioritized in product engineering. By formalizing ISO 21434, product engineering teams can leverage threat analysis and threat modeling activities to inform design decisions and product development throughout the entire lifecycle.
Building security-in cannot just be a catchy phrase anymore because drivers’ safety and security is at stake. Cybersecurity must be ingrained into the entire product engineering team mindset and activities so that the entire team is thinking about ways in which software should be designed and developed to prevent and mitigate cyberattacks.
ISO 21434 provides a road map to help manufacturers and suppliers navigate through safety and cybersecurity challenges in product development. This new standard serves as a building block to bolster security protection mechanisms in road vehicles that will ultimately save lives.
Parasoft’s C/C++ integrated automated testing solution is the best of breed and scales across your SDLC and product engineering efforts. Uniquely positioned with deep experience and expertise in the embedded software market, Parasoft helps you meet your safety and cybersecurity compliance needs.
A unique combination of software test automation tools, analytics, AI, and reporting provides visibility into quality and security issues from the start. This enables product engineer teams to accelerate software verification in accordance with standards and best practices required by the marketplace.
“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.
Kevin, Director of Security Solutions at Parasoft, has extensive experience and expertise in software security, cyber research and development, and DevOps. He leverages his knowledge to create meaningful solutions and technologies to improve software security practices.