Driverless vehicles could save energy, limit car accidents and improve transport infrastructure. They could, eventually, save us the time we’d typically spend concentrating at the wheel. But with great autonomy, comes great cyber-risk.
Autonomous cars are like big computers on wheels. They have many applications – from sensors to music streaming – collecting, analyzing and transferring data at a rapid rate. But they can be far more dangerous than a typical computer. One wrong decision in a driverless car could injure or kill passengers, other drivers, and pedestrians. Fortunately, there are ways we can futureproof the industry. This was the motivation for collaboration between Kaspersky, the global cybersecurity firm, and AVL Software and Functions GmbH (AVL SFR), the global automotive consultancy.
Cybersecurity needs to be a top priority for automotive manufacturers
Autonomous vehicles function at different levels: the higher the level, the more control the car has over important decisions, like when to slow down, speed up, stop, or change direction. They use connected sensors, radars, and artificial intelligence applications (the internet of things in full swing) to communicate with each other via unique software algorithms running on a computer operating system – which, like the operating system of your computer, can be infiltrated.
Malicious actors could take control of an autonomous vehicle through a remote access attack. Even worse, they could use system vulnerabilities to infiltrate all similar vehicle models. The results could be fatal, on a large scale. Autonomouns vehicle cybersecurity is crucial to our future. Here’s what it could look like.
A safety-focused autonomous vehicle cybersecurity partnership
As the automotive industry becomes more advanced, the amount of information autonomous vehicles generate, analyze, and process will grow. Alongside this growth, evolving cyber-risks are a significant problem. We need to future-proof autonomous vehicle systems to account for cyber-risks in the years to come.
At Kaspersky, we’ve been working with AVL Software and Functions GmbH (AVL SFR) to integrate KasperskyOS (Kaspersky’s operating system) into an electronic control unit (ECU) of an advanced driver-assistance system (ADAS).
Let me explain more.
The the ECU supports several functions to increase convenience as well as road safety. As a component of the ADAS, it can assist a driver with additional braking as well as perform driverless functions, which have been widely demonstrated at tech EXPOs and are now used in some restricted areas.
Think of it as the brain of an autonomous vehicle. The ECU sends messages across the ADAS based on information from sensors and cameras, and the ADAS executes safety measures like autopilot. As we move towards increased automation, involving less human interaction and decision-making, the ECU will become essential for making safety decisions for emergency braking, pedestrian detection, and front-collision warnings.
But the ECU ‘brain’ could be a bounty for hackers.
“ADAS ECUs are extremely sophisticated and imperative to the safe running of autonomous vehicles. They must be protected by an operating system designed to provide a layer of safety and reliability.”
Dirk Geyer, Head of Product Segment Safety and Security, AVL SFR
Infiltrating an on-board operating system is easier than you might think – like the Jeep hack in 2015. Security researchers found a way to remotely compromise several internal ECU functions through the Jeep’s Linux operating system, including tracking the car with GPS and stopping the vehicle.
The methods may differ, but the consequences are the same: hackers can track cars, cut brakes, shut down an engine, and more. It’s not a situation drivers or vehicle manufacturers want.
Next-generation cyber defense for autonomous vehicles
Next-generation tech needs next-generation defenses, which is why KasperskyOS, a secure-by-design technology, is at the core of our partnership with AVL. The software monitors processes, communications between each component, and the activities of the operating system.
To break it down: AVL developed the ECU (hardware and functional algorithms), KasperskyOS protects it (operating software.) Each company contributed its best practices and technologies from many decades of specialized experience in automotive technologies and cybersecurity, respectively. This combination of hardware and software can safely connect cameras, radars, and sensors, while allowing secure communication between devices within the vehicle – crucial requirements for autonomous vehicles of the future.
But that’s just half the story.
AUTOSAR Adaptive Platform – the layer cake of autonomous vehicle security
In 2019, AVL approached Kaspersky to make a prototype of an adaptive cybersecurity platform in line with AUTOSAR – a set of standards developed by manufacturers and software companies defining future safety innovations for autonomous vehicles.
The result? Kaspersky Automotive Adaptive Platform software development kit (SDK). This enables manufacturers and software developers to create secure and reliable applications for high-performance-ECUs like ADAS, knowing that the operating system is both secure and adaptive to enable other software to be integrated into it. Using this kit, AVL can develop applications like auto-pilot features, control safety systems, and vehicle health monitoring.
Think of AAP as a layer cake. The base level is the AVL hardware; the next level is the secure KasperskyOS; after than is the Kaspersky Automotive Adaptive Platform. On the top, the icing: ECU applications. This innovation is not only protecting the automotive industry, but could support other sectors like IoT and manufacturing. AVL SFP’s Dirk Geyer thinks it could have a significant impact on the future of cybersecurity systems:
“Future technologies will need complex and innovative cyber-protection. The combination of our ADAS ECU and Kaspersky’s secure-by-design operating system means comfort, efficiency, and safety for our customers. The control unit can be customized to match many different vehicle requirements, while controllers and applications like sensors and communication channels are protected by adaptive software.”
What next for autonomous vehicle cybersecurity?
The automotive industry is on a fast-track to transformation. Soon, fully autonomous vehicles will be on the roads. Will manufacturers sunset the production of manual cars so they become solely the preserve of vintage motor enthusiasts? Will autonomous cars only ever be used for freight and deliveries? It’s too early to say. What we do know: As the industry develops, both Kaspersky and AVL SFR will be developing new technologies to keep automotive manufacturers, drivers, and people safe.
To learn more visit here.