Read more at www.harmaninnovation.com
HARMAN: Securing Connected Infotainment Systems Against Hackers
Connected vehicles can offer a gateway for cyber criminals to hack into automotive systems. How can infotainment systems help automakers combat this threat?
1. Hackers are the new highway threat
The security challenge of auto
infotainment connectivity
2. • Carhacking is a 21st century crime. Connected
cars can offer a gateway for cyber criminals to
hack into systems.
4. • How can next-generation infotainment
systems be equipped to firewall vehicles
against highway hackers?
5. • Latest infotainment systems provide full
internet connectivity with all the benefits of
real-time updates and information…
• …but such access can also be an open door to
malicious software.
6. • Once on the system, a virus could disrupt the
operation of the infotainment system, causing
errors in music playback, navigation and
potentially corrupt the multimedia display.
7. • Equally intrusive, malware could lurk
unnoticed on a system, and siphon any
personal and private information that may be
on the infotainment hub or contained on
linked devices, back to another source.
9. • By far a bigger concern is the potential for
malware to migrate via the infotainment system
to other in-car networks such as the controller-
area-network bus (CAN bus).
• This links infotainment to the vehicle's critical
systems.
• By connecting a laptop to a car's on-board
diagnostic port and hacking the vital systems,
attackers could – in theory – seize control of the
engine and brakes.
10. • It is the internet connection that provides the
gateway for hackers.
• In addition to LTE connections, there are also
threats posed from smartphone Bluetooth,
WiFi, and NFC connectivity as well as the
increasing trend of BYOD (Bring Your Own
Device) consumer electronics integration.
11. • All modern vehicles contain multiple electronic
control units (ECUs) and independent systems,
integrated networks such as CAN bus and
Ethernet networks that are used to link the
operation of various components.
• The infotainment system is on one hand linked
with these systems to access information from
the speed sensor or other safety-critical ECUs and
on the other hand connected to the internet,
from where attacks could come from.
12. • How a hybrid architecture can resolve the
automotive security challenge
13. • The security architecture of the infotainment
system has to be even more robust than that
of the typical mobile device. It must protect
the vehicle and the occupants from all kinds of
threats such as malware, denial of service, and
other malicious behavior.
14. • The only viable approach is to firewall the car functions
from the infotainment side of the system by hardware
and software security mechanisms to act as a barrier
between malware and an infotainment system.
• This includes secure boot, data encryption, network
securities and a protocol to isolate 'crashed' or
'compromised' parts of an infotainment system from
other connected components and networks but also
more importantly an infotainment system with two
separate domains.
16. • The next-generation scalable infotainment
system architecture from HARMAN uses multi-
core processors with a type 1 hyper-visor to
implement segregated domains with separate
operating systems.
17. • The application domain, running e.g. Linux with
HTML5 as the application environment, offers a
first line of defense with the proven security
techniques used by mobile devices, such as
secure boot, data encryption, and network
securities.
• These security technologies already offer a strong
defense against cyber attack. The vehicle domain,
which runs the critical car functions, is completely
isolated from the application domain through the
hyper-visor.
18. • Both domains can run the same operating
system, e.g. Linux, or different systems, e.g.
QNX in the vehicle domain, and Linux in the
application domain. The split-level
architecture ensures the vehicle domain
remains separate: in the event malicious code
penetrates the application domain, it is
firewalled from affecting the critical vehicle
functions – these remain free from threat.
19. • 4G architectures also have a role to play in care
security. Running the infotainment system via
cloud makes it possible to bypass local software,
and provides access to powerful, robust and
secure servers for both processing and security.
• The server streams the required infotainment
functions to the vehicle, significantly lowering the
risk of malicious software being downloaded into
in-car systems.
20. • By combining these techniques in its unique,
industry-first split-domain architecture,
HARMAN offers a strong firewall between the
two domains and makes the system extremely
robust and resistant to hacking threats. Given
the topicality of connected cars, automakers
and drivers will seek ways to keep their
vehicles secure to new threats.
21. • Developments such as HARMAN’s hybrid
architecture point the way forward to meet
these increased security requirements.