Car designers stress security at developers meeting

October 21, 2016 // By Christoph Hammerschmidt
After numerous hacking attempts and successful hacks on cars, the German automotive industry appears to have realized that it is worthwhile to invest time, money and creativity into this topic. When the A-list of automotive design engineers met this week at the VDI Electronics conference in Baden-Baden, security was an overarching topic.

“Security has become such an important topic for automotive electronics, that it is unavoidable to discuss it publicly”, said Wolfgang Runge, chairman of the program committee and something like an elder statesman of automotive electronics in Germany. The event therefore started with a live hack demonstration – not of a car but of such a ubiquitous everyday object like a radio remote control for PCs, used to switch a projector forth and back. Security consultant Gerhard Klostermeier demonstrated how easy it is to manipulate the RF remote controller by a device that transmits malicious instructions, forcing the PC to download ransomware. “The more complex the communications between a car and its surroundings, the more attack vectors it offers”, Klostermeier said. “IT Security is an aspect that needs to be considered in any device that communicates with the outside world”, he said.  

Also Lars Reger, CTO Automotive of NXP semiconductors, discussed the topic. “With vehicles being connected to the cloud or to some kind of backend IT infrastructure, attacks not only against single cars but instead against vehicle fleets are becoming possible”, Reger said. ”Everything connected to the internet can be hacked – and today everything is connected to the Internet.”

To fend off hacking attempts against vehicles, experts at the meeting – including Reger –suggest a layered security approach for the vehicle’s electronic guts. Elements are secure interfaces, a secure gateway inside the car that monitors and controls all internal communication processes, a secure network with authentication and distributed intrusion detection and security at the processing level, for instance by means of secure boot mechanisms.

Referring to numerous cases where thieves stole high end cars using replay attacks of radio-controlled keyless entry systems, Reger announced the development of key systems that make use of the ultra-wide band radio technology. This technology allows acquiring the time-of-flight of a radio signal and therefore the distance between key and car, blocking the