Each additional line of code creates new potential for cyber attackers to find a way in to the system. Freddie Holmes finds out how a diet could be in store for automotive software as the industry cracks down on complexity
Many premium vehicles on sale today now contain more software than a commercial aircraft, in some cases exceeding 100 million lines of code. The number of electronic control units (ECUs) in modern cars has soared, bringing swathes of new functionalities to consumers. Worryingly, it has also created opportunities for hackers to tamper with critical driving functions, with potentially dire consequences.
In an effort to reverse the trend, the industry has embarked on a strategy to reduce the number of ECUs within new vehicles and cut back on unnecessary coding. It has seen automakers and suppliers alike place cyber security as a top priority moving forward. Indeed, while California-based Green Hills Software (GHS) has its roots in the aerospace and defence sectors, automotive has quickly become the company’s largest market segment.
Software currently dominates the rhetoric within automotive as the introduction of connected and automated features ramps up. ECUs have been added at will to support these technologies, but it has raised concern within the cyber security community. “Some people would say the trend was out of control,” said Joe Fabbre, Director of Platform Solutions at GHS. “In recent years, manufacturers would add another ECU every time a new function was introduced to a vehicle.”
A similar trend can be seen with connectivity. In the cockpit, digital dashes are fast becoming the norm in upmarket models—consider Audi’s Virtual Cockpit and the Peugeot i-Cockpit, for example. “There has been a rush to get systems internet-connected in order to provide additional services. At the same time, self-driving computers have also arrived,” said Fabbre. With a mix of safety-critical and entertainment-focussed software now running alongside each other, vehicles have become increasingly vulnerable. “Not enough thought has been put into the security architecture of the overall system. Luckily, we have not seen any malicious hacks in the wild, but researchers have proven that it is possible to perform remote attacks on these connected computers that now reside in cars.”