Major automakers continue to face cyber security vulnerabilities with connected cars, and it seems to be only a matter of time before the next incident will hit the headlines. Recently, Keen Security Lab conducted a security assessment of BMW Cars where they discovered several vulnerability findings with local and remote access vectors in BMW connected cars. The vulnerabilities mainly existed in the Head Unit, Telematics Control Unit (TCB), and Central Gateway Module, affecting various BMW models. Keen Security Lab was able to influence the vehicles via different kinds of attack chains by sending arbitrary diagnostic messages to electronic control units (ECUs).
Antti Korventausta, Link Motion’s Lead System Architect, points out that the attack vectors described in the research are exactly what Link Motion has kept in mind when building the Motion T carputer’s security model. Below, he answers to the security-related questions about the Motion T.
What is Motion T? How has security been taken into account in Motion T design?
Motion T is the Link Motion Carputer, combining Instrument Cluster, Infotainment and connected features into one product. A key part to understand about Motion T is that the hardware and software have been developed hand-in-hand at Link Motion to take into account both security and vehicle safety.
The Motion T system architecture has also been reviewed by our friends at Irdeto, who’ve done a comprehensive attack tree analysis of the attack paths against a connected carputer. We’ve then used the results of that attack tree analysis to further improve the security measures in place.
How could the Motion T have protected BMW Cars from cyber-attacks?
A key part of the Link Motion system architecture is splitting functionalities into separated security levels using both hardware and software isolation mechanisms.
In this way, even when infotainment or connectivity solutions are compromised, that’s only a breaching of the outermost barrier of the system security. SW isolation measures are in place between the key carputer functionalities and all of the domains with connectivity. Further, the only part of the Link Motion carputer that actually has access to the CAN is hardware isolated into a separate MCU and that part does not communicate directly with any of the domains with connectivity.
Of course, since the carputer needs to function as one seamless system, communication channels are needed between the domains. Since those selfsame communication channels then form attack vectors from lower security levels to higher ones, they have been security hardened and special care has been taken to ensure their security. A good analogy would be to think about forming chokepoints into the system, then fortifying them heavily.
Is it true that the Motion T is the most secure carputer in the world? Is it completely secure?
The brutal and honest truth is that nothing is ever completely secure. With the likes of the spectre and row hammer vulnerabilites surfacing in recent years, I think nobody has the luxury of believing themselves completely secure.
The real fight with being as secure as possible is to make an attacker’s work as difficult as possible – isolation of functionalities into separate domains, hardening interfaces and constantly staying up-to-date with fixes to vulnerabilities. And it’s not just about getting the large lines right, it’s also about being pedant with implementation of any security-intensive SW. After all, a system is only as secure as its weakest point.
Contrasting Motion T with existing products on the market, we’ve definitely tried to tackle a lot of the security issues that arise from interfacing with both vehicle systems and external networks. And in that regard, I’d say we’re more secure than almost any of the products out now. Of course, other companies have been slowly waking up to how important security has become – a development that can only be positive for the end-user.
So, what can I promise you? Unlike most other products, the Motion T has been built for security from the ground up, hand-in-hand in both HW and SW. And when it comes to defending the security of your car, Link Motion will fight attackers every step of the way.
To learn more about Link Motion’s cyber security solutions for connected cars (and other trending topics in the automotive industry), please follow our blog at link-motion.com/blog For example, you may find it interesting to read Part 1 (Through-Stack Development in Automotive Systems) and Part 2 (Bisecting Security and Safety in the Automotive Sphere) of Antti Korventausta’s blog series.