Driverless vehicles could save energy, limit car accidents and improve transport infrastructure. They could, eventually, save us the time we’d typically spend concentrating at the wheel. But with great autonomy, comes great cyber-risks.
Autonomous cars are like big computers on wheels. They have many applications – from sensors to music streaming – collecting, analyzing and transferring data at a rapid rate. But they can be far more dangerous than a typical computer. One wrong decision in a driverless car could injure or kill passengers and other drivers. Fortunately, there are ways we can futureproof the industry. This was the motivation for a collaborative between Kaspersky, the global cybersecurity firm, and AVL Software and Functions GmbH (AVL SFR), the global automotive consultancy.
Cybersecurity needs to be a top priority for automotive manufacturers
Autonomous vehicles function at different levels; the higher the level, the more control the car has over important decisions, like when to slow down, speed up, stop or change direction. They use connected sensors, radars and artificial intelligence applications (the internet of things in full swing) to communicate with each other via unique SW algorithms running on a computer operating system.
Which, like the operating system of your computer, can be infiltrated.
If malicious actors took control of an autonomous vehicle, let’s say through a remote access attack, or worse, used system vulnerabilities to infiltrate all vehicle models, there could be fatal consequences, particularly for safety. Autonomous vehicle cybersecurity is crucial to our future; here’s what it could look like.
A safety focused autonomous vehicle cybersecurity partnership
As the automotive industry becomes more advanced, the amount of information autonomous vehicles generate, analyze and process will grow. Alongside this growth, evolving cyber-risks are a significant problem. We need to future-proof autonomous vehicle systems to account for cyber-risks in years to come.
At Kaspersky, we’ve been working with AVL Software and Functions GmbH (AVL SFR) to integrate KasperskyOS (Kaspersky’s operating system) into an electronic control unit (ECU) of an advanced driver-assistance system (ADAS).
Let me explain more.
Firstly, this ECU is a component of an ADAS. This system supports several functions to increase convenience as well as road safety by taking over driver activities, from additional braking to driverless functions, which have been widely demonstrated at tech EXPOs and are now used in some restricted areas.
Think of it as the brain of an autonomous vehicle. The ECU sends messages across the ADAS based on information from sensors and cameras, the latter executes safety measures like autopilot. As we move towards increased automation, involving less human interaction and decision-making, it will become essential for making safety decisions like emergency braking, pedestrian detection and front collision warnings.
But the ECU ‘brain’ could be a bounty for hackers.
ADAS ECUs are extremely sophisticated and imperative to the safe running of autonomous vehicles. They must be protected by an operating system designed to provide a layer of safety and reliability.
Dirk Geyer, Head of Product Segment Safety and Security, AVL SFR
Infiltrating an on-board operating system is easier than you might think. Like the Jeep hack in 2015. Security researchers found a way to remotely compromise several internal ECU functions through its Linux operating system, including tracking the car with GPS to stopping the vehicle.
The methods may differ, but the consequences are the same: hackers can track cars, cut brakes, shut down an engine and more. Not a situation drivers or vehicle manufacturers want.
Next-generation cyber defense for autonomous vehicles
Next-generation tech needs next-generation defenses, which is why KasperskyOS, a secure-by-design technology, is at the core of our partnership with AVL. The software monitors processes, communications between each component and the activities of the operating system.
To break it down: AVL developed the ECU (hardware and functional algorithms), KasperskyOS protects it (operating software.) Each company contributed its best practices and technologies from many decades of specialized experience in automotive technologies and cybersecurity respectively. This combination of hardware and software can safely connect cameras, radars and sensors while allowing secure communication between devices within the vehicle – crucial requirements for autonomous vehicles of the future.
But that’s just half the story.
AUTOSAR Adaptive Platform – the layer cake of autonomous vehicle security
In 2019, AVL approached Kaspersky to make a prototype of an adaptive cybersecurity platform in line with AUTOSAR – a set of standards developed by manufacturers and software companies defining future safety innovations for autonomous vehicles.
The result? Kaspersky Automotive Adaptive Platform software development kit (SDK). This allows manufacturers and software developers to create secure and reliable applications for high-performance-ECUs like ADAS, knowing that the operating system is both secure and adaptive to enable other software to be integrated into it. Using this kit, AVL can develop applications like auto-pilot features, control safety systems and vehicle health monitoring.
Think of AAP like a layer cake. The base level is the AVL hardware; the next level is the secure KasperskyOS, then the Kaspersky Automotive Adaptive Platform. On the top, the icing: ECU applications. This innovation is not only protecting the automotive industry, but could support other sectors like IoT and manufacturing. AVL SFP’s Dirk Geyer thinks this could have a significant impact on the future of cybersecurity systems:
“Future technologies will need complex and innovative cyber-protection. The combination of our ADAS ECU and Kaspersky’s secure-by-design operating system means comfort, efficiency and safety for our customers. The control unit can be customized to match many different vehicle requirements, while controllers and applications like sensors and communication channels are protected by adaptive software.”
What next for autonomous vehicle cybersecurity?
The automotive industry is on a fast-track to transformation. Soon, fully-autonomous vehicles will be on the roads. Will manufacturers sunset the production of manual cars to become the sole preserve of vintage motor enthusiasts? Will autonomous cars only ever be used for freight and deliveries? It’s too early to say. What we do know: as the industry develops, both Kaspersky and AVL SFR will be developing new technologies to keep automotive manufacturers, drivers and people safe.