Connected VehicleCybersecurity

Why automotive OEMs are becoming more software savvy, explains Arynga

Consumers today demand a connected driving experience which rivals the benefits, connectivity, and ease of use provided by that of their smartphone. New vehicle design must be innovative enough to satisfy the connectivity requirements of the consumer mindset, where unplugging is not an option. Therefore, increased vehicle connectivity and user intuitive applications are becoming essential factors in a car maker’s competitive edge, defining customer satisfaction and brand loyalty.
Dr. Walter Buga, CEO | Arynga


As Don Butler of Ford said, “Ford divides connectivity into three facets: beamed in, brought in and built in.” The most basic form is content information that is beamed into the vehicle which has been around since the days of the AM radio and today is much more sophisticated with things like satellite radio, traffic and weather forecast data and services.

Brought in connectivity is leveraging the content, the communications capability, the media and the contacts on a smart phone that you bring into the vehicle. This is something Ford has been doing since 2007 when they had the foresight to understand that consumers want to stay connected even when they’re in a vehicle environment. Ford allows them to do this in a way that is safe and seamless, by leveraging voice for instance, to allow consumers to keep their hands on the wheel and eyes on the road.

The third aspect of connectivity, built in, is the vehicle as its own independent node on the network, joining the Internet of Things and having its own independent capability of transmitting and receiving information to allow customers to remotely interact with that vehicle to do things like lock, unlock and remotely start the engine.”

Still, the current number one method of in-vehicle connectivity is provided by the driver’s mobile device, however consumer demand has driven technological innovation in embedded and/or after-market connectivity solutions, which allow Original Equipment Manufacturers (OEMs) to directly engage their customers: pulling and sharing of vehicle data, branded app stores, driver profiling, and delivery of targeted applications and services.

Consequently, as the vehicle becomes increasingly connected and a central component of the Internet of Things (IoT), vehicle software complexity is sky rocketing. With more than 100 Electronic Control Units (ECUs), running tens of millions of lines of code, it’s no wonder car makers are becoming increasingly “software savvy.” They have to! So, the‘built in’ option as Butler call it, is becoming a necessity for OEMs, and in order to truly capitalize on embedded connectivity, and to provide the ability to maintain the integrity of vehicle embedded systems for the lifetime of the vehicle. With this option, in particular, cyber security is the major challenge. OEMs must implement a secure Over-the-Air (OTA) updating solution- deploying application upgrades efficiently and cost effectively, decreasing software recalls and associated warranty costs, and eliminating lengthy manual updates.

How will OTA help decrease vehicle software recalls?

Highlighting the importance of OTA,are the shortcomings of the current methods of updating vehicle software, which are often insecure, and inefficient, forcing customers in to the dealership for lengthy manual updates. Update coverage is low, with no means of ensuring customers visit the dealer to perform necessary updates. With nearly 50% of vehicle recalls attributed to software malfunctions, most if not all OEMs are already searching for, or are in the midst of implementing an OTA solution. Instead of requiring customers to visit the dealer for a manual update to vehicle software, OEMs need to be able to remotely prepare, deploy, and track updates on an as needed basis. This is increasingly important for critical recalls and security patches.

OTA updates will eliminate software recalls and associated dealer and warranty costs, deploying urgent software fixes and feature upgrades conveniently, efficiently, and cost effectively, preserving the OEM’s brand image and improving customer satisfaction.

This is exactly why Arynga, an innovator in software update management technologies, developed CarSync™, an end-to-end vehicle software, firmware, and data management system, comprising of the necessary backend infrastructure to reliably create, distribute and manage software updates while collecting vehicle data, in-vehicle client for the download, verification, and installation of updates to ECUs. Moreover, OEMs can leverage Arynga’s Proprietary Differential Tool to distribute delta file updates, enabling the smallest memory footprint and quickest patch time in the industry. CarSync provides OEMs, Tier 1s, and System integrators with ability to remotely maintain the integrity of embedded systems for the lifetime of the vehicle: both pre and post production.

How do we keep apps, content and services up-to date with software Updates? 

Pre-integrating an OTA solution such as CarSync into vehicles will allow automakers to not only remedy issues within existing software, but also roll out application upgrades. Meaning OEMs and Tier 1s can utilize OTA functionality to keep apps, content and services up-to date. This will drive competition and innovation in development of new software applications, and in effect, will increase overall customer satisfaction.

When a vehicle or group of vehicles are in need of a new software update, whether it be to fix a software malfunction, or upgrade an existing service, OEMs and/or Tier ones can upload new Electronic Images to an OTA providers backend/cloud hosted portal, and distribute updates to affected vehicles managed by the OEM. Before distributing the updates to connected vehicles, it must be verified that they in fact are the correct images for the vehicles and ECUs assigned, all SW/FW version dependencies must be verified (checking that the new updates do not in affect force other ECUs to be updated as well), updates must be encrypted, signed, and distributed through secure connection protocol.

All data distributed to/from the vehicle must be secure, which is why it is imperative for the industry to collaborate to create an end-end security solution, and for OTA providers to partner with security experts. For example, Arynga has partnered with ESCRYPT, the leading system provider for embedded security world-wide, to provide comprehensive protection of the transferred data against manipulation and unauthorized access. The solution leverages the extensive expertise of both companies to provide an end-to-end solution for efficient and secure OTA updating of large and small ECUs, protecting authenticity, integrity and IP of software on head units, telematics, powertrain controllers as well as smaller ECU’s connected and updated via CAN bus.

The embedded client component of the chosen OTA solution should receive the updates distributed, and proceed to download and validate the data packages, update files, and ECU access.New updates should then be securely installed to vehicle ECUs.

OEMs leveraging OTA will benefit by being able to remotely distributing secure updates to keep vehicle apps, content and services up to date in an efficient and cost effective manner, and in effect, they will see an increase customer satisfaction by eliminating lengthy visits to the dealer and providing the connected and up-to-date driving experience demanded by consumers today.

How do we secure the connected car while updating?

ConnectedCars_AryngaAs with any technological innovation, there is always some risk in implementation. Increased vehicle connectivity creates increased wireless entry points into the vehicle, giving hackers additional opportunities to perform remote cyber-attacks. One prime example of this, which emphasizes the security risks associated with connected vehicle networks and distributing updates to vehicles, is BMWs recent security breach.BMW’s Connected Drive offering, which allow drivers to remotely access certain vehicle controls and enables regular OTA updates to BMW navigation systems, unfortunately also allowed hackers to remotely access any feature controlled by the vehicle SIM, including remote unlock. In the end, BMW remedied the security breach by distributing and OTA software update, highlighting OTA functionality as one of the necessary defensive methods for vehicle cyber attacks and a staple of an End-End security strategy for connected vehicles.

However, the automotive industry must design an end-end security solution with vehicle wireless interfaces to include protective methods beyond OTA, which provides comprehensive protection of the transferred data against manipulation and unauthorized access.Industry players must collaborate to develop and define a security baseline, which protects the vehicle and consumers, while allowing automakers to develop additional security features above this baseline as a means to compete. In the end, we must strive to protect the consumer, vehicle software/firmware,and the data exchanged to and from the cloud to the vehicle.

 In order for OEMs to actively adopt OTA solutions, they must protect the authenticity, integrity and IP of software on head units, telematics, powertrain controllers as well as smaller ECU’s connected and updated via CAN bus. Our joint solution “Secure OTA Software Management for Automotive”, which combines Arynga’s CarSync™with ESCRYPT’s Key Management Solution Secure Software Updates, addresses end-to-end and embedded security, managing all the certificates and keys for ECUs and secure OTA communication, generating signatures before or during upload to software management backend servers and validating authorizations, while complying with the safety rules and policies of the vehicle OEMs.

Remote, OTA updating of vehicle ECUs will allow OEMs to remotely remedy software issues and deploy application upgrades, eliminating software recalls and associated warranty costs, while increasing customer satisfaction. Implementing the proper security measures will ensure the adoption of OTA updating solutions by OEMs and drivers alike.

About the author
Dr. Walter J. Buga, CEO & Chairman of Arynga, is a serial entrepreneur and strategic thinker with extensive knowledge of high-tech markets, products, and technologies. He is a telecommunications subject matter expert in both wired and wireless networks and technologies, who has designed large-scale systems that have been deployed throughout the world. Prior to Arynga, he’s held senior positions in AT&T Bell Laboratories, NetStream, ITU-T and many others.
Back to top button