In recent years, vehicles have evolved from offering simple audio playback to offering seamless and unparalleled experience in comfort and entertainment. The growth in cellular connectivity coupled with the continual reducing cost of associated hardware has resulted in a sophisticated feature-rich vehicle, also referred by some as an “iPhone on wheels”. The vehicle of today contains miles of cables, tens to hundreds of ECUs (Electronic Control Units) and multiple networks (LIN/CAN/MOST/FlexRay/Ethernet) catering to different features and functions. These vehicles are now capable of connecting to the Internet and thus unlocking a plethora of opportunities and challenges.
Connectivity opens up an exciting avenue for automotive manufacturers (“OEMs”) by empowering them with the ability to offer Over The Air (OTA) updates from their cloud servers to the numerous connected components within a vehicle. OTA updates are essential to keep a vehicle up to date with the latest security patches and to quickly remediate a software issue or a security vulnerability. It is being used by OEMs as a cost effective tool for recalls that can be reduced or even eliminated with remote software updates.
Software OTA is projected to grow at a CAGR of 18.2% from 2017 potentially reaching US$3.89 billion by 2022 [Source: RNR Market Research, 2017]. Software OTA updates are going to play a critical role for the OEMs and consumers when dealing with safety, cybersecurity and vehicle malfunction issues.
The idea of having a deeply networked vehicle, wherein the components can seamlessly communicate with each other, and with the vehicle open to the Internet is indeed alarming. If a fraudulent user gains access to the Cloud system responsible for SOTA/FOTA (Software OTA/Firmware OTA) update, they could potentially inflict harm to the vehicle and its occupants. If a bad actor can successfully stage a Man In The Middle attack, they can send fraudulent software to a vehicle resulting in undesired software updates which can severely compromise a vehicle’s security posture.
It is therefore imperative that maximum care is taken when dealing with OTA updates. It is not just the cloud that offers these software updates that needs to be protected, but end to end transmission, communication, reception and the update process must be secured in a manner that thwarts and discourages tampering and also is smart enough to take appropriate corrective actions when an anomalous behavior is observed.
An end to end secure OTA update ensures that the desired outcome is achieved without compromising or risking the vehicle’s or its occupants’ safety. Some critical things to consider are:
Excelfore’s approach to Over The Air updates, while offering the ability to update every updatable component in the vehicle using minimum bandwidth coupled with faster updates using its patented adaptive delta technology, ensures that a layered security infrastructure is in place to ensure safe and secure transmission and application of software updates.