Increasing number of chips in electric vehicles and what this means for cybersecurity and repairs – Repairer Driven News | CarTailz

The average electric vehicle (EV) has more than 3,000 chips, more than double that of a non-electric vehicle, and the increasing number of chips not only increases the complexity of the vehicle but also the cyber risk it poses, according to cybersecurity firm Cycuity.

Mitchell Mlinar, Cycuity’s vice president of engineering, told Repairer Driven News the solution is to add security to broader attack surfaces, i.e. the points in a software environment where an unauthorized user can attempt to enter data into an environment or Extract data from an environment. The attack surfaces have expanded with the proliferation of wireless and Bluetooth technologies.

“You now have another area of ​​exposure here that wasn’t even there, allowing someone to actually access your system while it’s actually on the go, even because that system doesn’t care if it’s at home or on the go,” Mlinar said. “They have many more opportunities to exploit vulnerabilities in the vehicle’s software or hardware.”

The large number of chips and sensors being added to cars and associated infrastructure today has resulted in a Ford Mustang that cannot be tuned by third parties, hackable electric vehicle charging stations, a higher risk of theft and a higher likelihood of recalls Cycuity.

New safety standards such as ISO21434 will be used to extend the safety of new high-tech vehicles on top of the previous ISO26262, Mlinar said. ISO26262 “addresses potential hazards caused by erroneous behavior of [electrical and/or electronic] E/E safety-related systems, including the interaction of these systems,” according to ISO, and “do not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy, and similar hazards , unless they are directly caused by malfunctions of safety-related E/E systems.”

ISO/SAE 21434 “addresses the cybersecurity perspective in the development of electrical and electronic (E/E) systems in road vehicles,” according to ISO, and “will help manufacturers keep up with changing technologies and cyber-attack methods, and defines the vocabulary, goals, requirements and policies related to cybersecurity engineering for a common understanding throughout the supply chain.”

“Here you will see the development and because there will be regulations for this stuff, but also companies want things that are safer, they will comply. For the repair, this means that costs could increase,” said Mlinar.

For example, when a module in a vehicle system that interacts with the entertainment system needs to be replaced when a software update does not fix a fault.

“Dealers or even private consumers have to get them and install them, and that takes time. This is where cybersecurity and the future could potentially increase the cost of getting your car repaired,” Mlinar said. “Because if there are these issues, these vulnerabilities that happen, an exploit that needs to be fixed, you’re going to make an effort to do that.”

OEMs, he added, pay attention to ISO standards and use tools like Cycuity’s when designing and manufacturing chips to ensure, as much as possible, that they have no vulnerabilities.

According to the National Highway Traffic Safety Administration (NHTSA), cybersecurity arose out of a need to protect these systems and the information they contain, and when applied to vehicles, “takes on an even more important role: systems and components that… Security rules must be protected from malicious attack, unauthorized access, corruption or anything else that could compromise security functions.”

“Today’s vehicles are increasingly equipped with driver assistance technologies such as forward collision warning, automatic emergency braking, and vehicle safety communications,” the NHTSA explains on its website. “In the future, the use of driver assistance technologies may lead to the complete avoidance of accidents, especially those that can be traced back to the decisions of human drivers. Given the potential security benefits these innovations enable, NHTSA is exploring the full range of its tools and resources to ensure these technologies are deployed safely, expeditiously, and effectively, and taking action to address associated challenges, including cybersecurity .”

NHTSA has adopted a “multi-pronged research approach” that leverages the National Institute of Standards and Technology’s cybersecurity framework and encourages the automotive industry to “embed practices that improve the cybersecurity of their vehicles in the United States.”

In a September publication titled “Cybersecurity Best Practices for the Safety of Modern Vehicles,” NHTSA says best practices begin with a layered approach to vehicle cybersecurity where “some vehicle systems could be compromised, reducing an attack’s likelihood of success and the consequences of unauthorized access to the vehicle system.”

Best practices include:

  • “Risk-based prioritized identification and validation of safety-critical vehicle control systems;
  • “Eliminate sources of risk to safety-critical vehicle control systems where possible and feasible;
  • “Providing timely detection and rapid on-site response to potential vehicle cybersecurity incidents;
  • “Design-in methods and processes to facilitate rapid incident recovery when they occur; and
  • “Institutionalize methods for accelerated adoption of lessons learned, such as B. Sharing vulnerabilities across the industry through effective information sharing.”

Auto industry professionals have talked about making sure customer data isn’t stolen from workshop computers and networks, but what about making sure vehicles leave workshops post-crash repair with the same cyber security they had before the collision? First of all, Collision Advice CEO Mike Anderson and Database Enhancement Gateway (DEG) Administrator Danny Gredinberg say that when it comes to VIN decoding, garages need to use scan tools to view build dates and know which machines and other options are present in every vehicle.

And Tal Ben-David, vice president of research and development and co-founder of Karamba Security, previously told RDN what’s important for accident repair workers to know is that most corrupted software-based controls, which can include cameras and sensors, disable the functions in the Manage vehicle per OEM procedures likely to require replacement rather than repair.


Photo credit: kaptnali/iStock

Share this:

Leave a Comment