Securing automotive over-the-air updates

Daniel Mckenna, Systems and Applications
engineer at NXP Semiconductor

In-the-field software updates to cars save manufacturers money, enable critical bugs to be patched immediately and allow new features to be added to the vehicle at any time during its lifecycle.

Few vehicles today can receive updates, says Daniel Mckenna, a Systems and Applications engineer at NXP Semiconductor. Even the cars that do support Over-The-Air (OTA) updates are only designed to update the infotainment or telematics systems. If an original equipment manufacturer (OEM) discovers a fault in the firmware that controls a critical function such as the brakes or an airbag – typically driven by Electronic Control Units (ECUs) – then the vehicle must be returned to the dealership.

There are two challenges facing OTA updates. First, car owners will not tolerate vehicle downtime for updates. Therefore, they must take place seamlessly and invisibly in the background. Additionally, the ability to remotely update vehicle firmware introduces a new attack vector for hackers. The two main motivations for hackers will be to use the OTA mechanism to reprogramme critical ECUs to ultimately take control of the vehicle or to steal OEM firmware.

To prevent reprogramming, the authenticity and integrity of the firmware needs to be protected. This ensures that the firmware originates from a trusted source and that it has not been modified. There are several methods of implementing such protection (e.g. HMAC, CMAC, or a digital signature).

 

Checking the authenticity of firmware guarantees that only trusted firmware is used in an update process but a hacker may still be able to read the plaintext (i.e. source binary) firmware to reverse engineer the source code, or steal data, which may lead to IP theft and/or privacy issues. Encryption of the firmware (for example, using AES) can prevent this.

With integrity checking, the communication channel over which the firmware images are received will be protected to prevent the common “man-in-the-middle” attack.

Finally, the in-vehicle OTA update manager should be protected against manipulation.

In summary, the following countermeasures should be applied:

    • Protect the authenticity and integrity of firmware to prevent a hacker from running modified code
    • Encrypt the firmware to prevent a hacker from accessing code (IP) and data
    • Establish secure end-to-end communication between the vehicle and OEM servers to prevent man-in-the-middle attacks.
    • Ensure a secure, trusted location for the OTA Manager application

Security implementation:

Typically, the connection to the OEM server will be setup by the Telematics Unit. This unit can use Transport Layer Security (TLS), a proven standard used in online banking, to secure the communication over the mobile network.

The (secured) update file is then received by the OTA Manager which will have a table listing each Electronic Control Unit (ECU) present in the vehicle along with the serial number and current firmware version number. This allows it to verify that the update is valid for the vehicle.

If the ECU to be updated supports firmware decryption and authentication, then the file can be sent as is, from the OTA Manager to the target ECU. However, not all ECUs in the vehicle will have secure key storage and hardware accelerated security features. In these cases the OTA Manager must authenticate and decrypt the update on behalf of the target ECU and send the plaintext update, over the internal network to the target ECU.

The lack of a hardware security module on an ECU thus leads to the update being sent unprotected over the in-vehicle network, which is not ideal. However, for this to be hacked, physical access to the vehicle and a knowledge of which wires to access would be required in order to snoop the bus. If this is still considered too high a risk then the module should not be updatable via OTA until the hardware is updated.

The OTA manager should check whether an update is valid for the vehicle: to guarantee the consistency (compatibility) of all firmware images of the different ECUs in the vehicle and to prevent a hacker from being able to install an older firmware version to re-enable a patched exploit.

This requires a secure method for storing the current firmware version number, which can then be checked against the version number of any received update.

The final mitigation strategy for OTA security is the location of the OTA Manager functionality. The OTA Manager software orchestrates the updates of the firmware between the OEM servers and the vehicle’s ECUs. It is critical that this is located somewhere safe and isolated from (potentially rogue) third party software.

The central gateway on the other hand, which sits central in the vehicle network typically only runs OEM trusted software and would be a strong location for the OTA manager.

There are many advantages to over the air updates for both manufacturers and consumers but it will take diligence to ensure that security measures are implemented carefully.

The author of this blog is Daniel Mckenna, Systems and Applications engineer at NXP Semiconductor

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more

Protecting assets with LTE, NTN & 5G LPWA

Posted on: March 15, 2024

In this compelling piece, part of the Key Industry Insights Series, Analyst Robin Duke-Woolley of Beecham Research and Kevin Guan of Fibocom, explain how LTE Cat 4/1/1bis/M, NTN and 5G LPWA are working to change the game for protecting goods and supply chains with total, global coverage asset tracking for reduced losses and improved operations

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more