ECUs control and monitor a range of critical functions, including braking, steering, and engine control. If an attacker gains control of an ECU, this could have severe consequences for drivers.
As the automotive industry is moving towards autonomous driving, the number of embedded systems in vehicles is rapidly increasing. Today cars feature several assistive systems, such as cruise control or lane assist, which are supposed to provide safer and more comfortable driving. However, with this increased number of devices and stronger connectivity required, there are new risks and attack routes that need to be considered. One critical area of concern is vehicles’ electronic control units (ECUs). ECUs control and monitor a range of critical functions, including braking, steering, and engine control. If an attacker gains control of an ECU, this could have severe consequences for drivers.
If an attacker gains control of the ECU or other embedded systems in a (self-driving) car, they could cause the car to make unsafe or even life-threatening decisions. For example, if the attacker takes control of the braking system, they could potentially cause a collision or cause the car to lose control. Firmware attacks are a common way to exploit vulnerabilities in an ECU and other embedded systems, posing a significant risk. Through reverse engineering, attackers can extract and analyse the firmware running on the device to identify vulnerabilities that can be exploited to take control of the device or gain access to sensitive data, or take control of the device and critical systems in the car, such as the brakes or steering. With more remote connectivity of cars, attacks can be carried out remotely, without requiring physical access.
Protecting firmware autonomous driving systems poses several challenges. The firmware often runs on resource-constrained devices, making it difficult to implement robust security measures, without the right expertise, which is rarely available in-house. Cryptographic implementations are usually just the beginning and can often be circumvented by bugs accidentally inserted around them. Additional measures are necessary such as obfuscation and exploit mitigation. Cars often require real-time processing, which can be incompatible with certain obfuscation techniques and exploit mitigations. These challenges make protecting the firmware complex and an ongoing process that requires a combination of technical and organisational measures.
Emproof Nyx is an end-to-end software solution that provides a strong and user-friendly defence against attacks on critical systems in cars, such as the ECU. By using a combination of tamper detection, real-time exploitation prevention, and code obfuscation, Emproof Nyx, designed for embedded systems, is lightweight and uses minimal overhead, making it ideal for real-time processing. Unlike other solutions, Emproof Nyx is flexible, allowing the run-time critical parts to remain untouched to avoid interrupting timing critical functions. Importantly, Emproof Nyx does not require access to the source code, which enables vendors to secure their valuable IP without having to expose it. Additionally, the software adheres to the functional safety certificate, ISO26262, the international functional safety standard for the development of electrical and electronic systems in road vehicles.
Ensuring the security of embedded systems in cars is critical for car manufacturers for several reasons. Firstly, a successful attack on the Electronic Control Unit (ECU) or other embedded systems in a car can have catastrophic consequences, potentially leading to the death of a driver or passengers. Such an event could result in severe legal and reputational damage to the car manufacturer, leading to a loss of trust from the public. If customers no longer trust a car brand to keep them safe, they will likely look for an alternative car brand. Also, as more autonomous features are added to cars, the risk of cyber attacks is only going to increase. Therefore, car manufacturers must prioritise the security of their embedded systems to ensure the safety and trust of their customers. With Emproof Nyx, they can do just that.
Our functional safety compliant and trusted solution protects your embedded system.
 |
 |
