The digitalization of in-vehicle systems is driving a profound transformation of the automotive industry. The use of software to provide greater automation, shared mobility, and connectivity entails dangers from a cybersecurity perspective that can result in risks to operation, privacy, and user safety.
It is therefore important that security is a priority to ensure that vehicle occupants feel protected from cyberattacks.
We explored this topic with our colleague Giacomo D’Amico, Technical Leader and automotive expert, a reference for a Teoresi community of colleagues on cybersecurity issues.
What could be the risks of a cyberattack?
Let’s think of the breach of infotainment systems we use to access functions such as navigation, calls and music entertainment by connecting our smartphones, which can result in the loss of personal data or even information related to payment circuits. In more severe cases, an attack on the ECU could even compromise braking or driving control systems, putting people or property inside or outside the vehicle at risk.
What can the automotive supply chain do to ensure efficiency for the car and safety for users?
The automotive industry needs reliable partners and systems to protect the integrity of vehicle data and securely detect and respond to cyberattacks at all stages of vehicle development and throughout the life of the vehicle.
Carmakers can therefore request a cybersecurity assessment, aimed at evaluating the vehicle’s cybersecurity, which can include infotainment activities, verification of the security of communications between vehicle components, testing to identify vulnerabilities, and evaluation of security measures built into HW and SW systems.
How can Teoresi support carmakers?
Teoresi can support clients for everything related to ISO 21434: the international standard for automotive safety, on two basic levels: process organization and product development cycle. Indeed, we can carry out the gap analysis and outline the requirements, draft a T.A.R.A. (Threat Analysis and Risk Assessment), produce the documentation including potential vulnerabilities, risk level and the type and chance of attacks.
In addition, the automotive expertise of Teoresi can count on partnerships with major international technology players that enable us to promote qualified solutions and technologies to the market. One of these is the long-standing partnership with Intrepid Control Systems, a provider of comprehensive solutions for in-vehicle CAN network analysis, testing, simulation and automation.
What features make Intrepid tools stand out in the automotive industry?
Intrepid’s software and hardware solutions implement the ability for fuzzy testing – a software testing technique that involves feeding random inputs into the control unit starting from the normal operating data specified in the specifications, in order to detect errors and vulnerabilities.
In addition, the new neoVI-PI device, like its predecessors, enables tracing, logging, and simulation of CAN and CAN-FD messages; it’s a must-have for automakers.
It is the first device that integrates a Raspberry module, enabling it to be programmed with Python and to conduct fuzzy tests on a standalone device automatically. This allows the user to focus on other tasks, making it a valuable ally in supporting cybersecurity-related activities throughout the entire vehicle development cycle.
We will discuss this and more tomorrow during the Intrepid Tech Day, hosted at our headquarters in Turin.