Without trusted cyber protection, the whole connected car and autonomous vehicle (AV) industry will fail. Both carmakers, as well as consumers, will push back acceptance if they will feel unsafe. Traditional IT security mechanisms for updates, patches, and protection do not apply as is to automotive, and the industry is scrambling to catch up with the fast pace of innovation to find a security approach that will prevent attacks, secure personal data, and protect vehicle behavior to save lives.
In 2019, researchers found that if just 20 percent of autonomous vehicles were stopped remotely, a city like Manhattan would grind to a complete halt. Even at 10 percent, this model indicates that still half of Manhattan’s roads would be completely inaccessible.
Even as far back as 2015, hackers were able to remotely hijack a Jeep on the highway, causing Chrysler to recall 1.4 million vehicles. This served as an additional wakeup call for the automotive industry, but it was just the beginning of a compounding number of automotive cyber threats.
With many high-profile automotive security breaches taking place in the last few years, this trend of cybersecurity threats for connected cars is only increasing: By 2022, there are expected to be more than 125M connected vehicles, creating a world in which opportunities for attack are plentiful. Rightly, OEMs and Tier 1 suppliers are still catching up with the fast pace of connected car innovation in this ever-increasingly connected landscape and are urgently seeking new security solutions that can prevent further attacks–but few approaches are proving sufficiently robust.
There are many security issues as vehicles become data centers on wheels. Today, most connected vehicles employ dozens of electronic control units (ECUs); these ECUs connect through various network protocols, making them insecure and particularly vulnerable to attack vectors like malicious code, manipulation of software or firmware, and attack commands. In order to thwart adversaries looking to compromise automakers’ ECUs, there must be a new approach.
High-end processors or OS features can partially protect data, but attackers are experts in bypassing this and accessing the memory directly. What if we could ensure that the firmware in an automotive ECU can’t be altered in the memory itself? What if sensitive data could only be accessed by an authorized party?
Protecting the ECU flash memory
NanoLock’s solution provides a lifetime shield for the automotive ECU by embedding the trust anchor directly into the flash memory. The firmware resides in the memory, and during boot time, the firmware is fetched from the flash memory to the processor.
In partnership with memory vendors such as Micron, Cypress and Winbond, NanoLock creates a gatekeeper in the secured flash that restricts written operations to the protected memory blocks, thus, making it impossible for attackers to alter the firmware with malicious code—even in cases where the attacker gains full control of the processor / OS. All the sensitive and read-only partitions are protected without hindering performance during boot or runtime. The ECU is now protected, and, without the key, no one can modify the memory.
Embedding the trust anchor in the memory achieves processor- and operating-system-agnostic operations integrated into the flash memory; it can work with any processor–including the lowest end–to protect any required size of memory, and there is no failure mode, which prevents any possible modification. Also, NanoLock’s solution requires no computing or power resources.
The ECUs protected memory enables over-the-air (OTA) updates derived only from a trusted source, e.g. a Management of Things (MoT) platform, creating a secure, bi-directional channel that safeguards the version that is stored on the ECU’s memory.
The Lightweight, Ironclad Protection
NanoLock’s Management of Things platform (MoT) creates a secure channel with the memory device from the partner vendor and APIs to register the ECU in the network in a confidential, authorized, and private manner. The NanoLock platform is uniquely valuable in that it doesn’t require any modification to the design of the ECU, and the protected memories are always fully backwards compatible; this means that the memory can be used and accessed in the same way it was before NanoLock’s trust anchors were added. In fact, once NanoLock’s technology is activated, the modification functions are blocked, so there is no change to the physical design of the protected hardware.
This protects the ECU for its entire lifecycle – from production and supply chain to operational mode to firmware updates end-of-life, shielding the device from risk of attack even if it was compromised early in its life. Also, NanoLock’s unique cost structure is a pay-per-device cost structure that shifts the security expenses from CAPEX to OPEX, alleviating the burden of security expenditures upfront. Customers of NanoLock benefit from a reduction in cyber spending and less downtime, as they now have secure remote access for maintenance and control of edge devices.
NanoLock’s innovative approach to solving connected cars’ and autonomous vehicles’ security challenges—with solutions such as flash-level protection and secured tunnel for management services—shields automotive ECUs and, ultimately, enables greater advancement of autonomous and connected car innovation.