More than most industries, the automotive sector has seen tremendous technological advances in recent years. Consumers expect, even demand, an ever-increasing degree of interoperability between their smartphones and their cars, and similarly expect the cars themselves to offer a wide range of advanced applications.
This state of affairs has created some serious challenges for automotive manufacturers. A key example concerns the issue of security. Companies need to pursue sophisticated application development strategies without opening up themselves or their customers to the possibility of a data breach.
Writing for EE Times, industry expert Marc Serughetti recently emphasized the importance of testing to ensure cybersecurity in the automotive sector. Only thorough tests can help manufacturers ensure the integrity of their networks and vehicles.
One of the biggest sources of danger for automobile manufacturers is the emerging Internet of Things. The IoT holds tremendous promise for automobile companies, as sensors and other interconnected machines can observe and log a huge amount of useful information, which in turn can improve operations and performance in countless ways. Consequently, many automobile manufacturers now develop and implement sensor interfaces in numerous areas. Serughetti pointed out that wireless sensors for monitoring tire pressure have been fairly standard for new automobiles in the United States since 2008.
The problem is that these interfaces may be vulnerable. Serughetti noted that a study from the University of South Carolina and Rutgers University found that sensors can potentially be used by unauthorized third parties to feed corrupted data to the electronic control units or track vehicles without permission.
The same is also true of numerous other interface systems. For example, keyless entry systems and other body control-related automotive capabilities can be susceptible to external attack. Similarly, "infotainment" and related offerings are frequent targets for hackers, the source explained.
As Serughetti explained, the consequences that manufacturers face if they fail to adequately defend against these vulnerabilities can be severe. These can include relatively minor issues that compromise the user's comfort – for example, raising the volume on the radio to an unpleasant level. They can also be life-threatening in the event that a cyberattacker takes total control of the vehicle.
Such a possibility, formerly impossible, is a serious threat that automotive manufacturers now have to take seriously as they develop increasingly application-heavy cars. This is especially true as more companies begin to explore the possibilities of driverless automobiles.
Furthermore, application security lapses can hurt the manufacturers' ability to compete in this extremely difficult industry. Serughetti pointed out that these vulnerabilities could potentially allow industry rivals to download and reverse engineer control algorithms, thereby stealing the targeted company's intellectual property.
Testing as protection
In order to combat these vulnerabilities, the writer argued that a multi-pronged approach to testing is essential. Manufacturers will need to embrace new processes, embedded solutions and development tools in order to maximize the efficiency and effectiveness of their testing efforts.
Critically, Serughetti argued that testing needs to take place at early stages in the application development cycle. If companies only apply testing standards at later stages, they risk not only overlooking vulnerabilities, but may also face a significant amount of wasted time and progress.
In order to achieve these testing standards, though, automotive companies need to invest in high-quality application security solutions. Specifically, manufacturers should look into static analytics solutions. These tools can allow developers to focus on features, not flaws, while still providing an extremely high level of security, all while reducing testing costs. This leads to improved developer productivity and faster security vulnerability detection.
• See how to recognize and assess potential security flaws by watching this webinar: Catch the security breach before it’s out of reach
• Read how to identify and fix one major type of security flaw in this white paper: Defend against injection attacks