Trend Micro and Panasonic are on a joint mission to thwart cyber risks that jeopardise connected car safety - they will develop a solution that can stop attacks on Electronic Control Units (ECUs).
ECUs control driving behaviour such as acceleration, steering and braking, as well as in-vehicle systems such as navigation, telematics and infotainment systems.
Hackers could potentially take control of steering and braking systems in connected cars – a threat that is ‘very real’, Trend Micro says.
Similar risks have been demonstrated by security researchers Chris Valasek and Charlie Miller. They were able to successfully conduct a remote hack against a 2014 Jeep Cherokee without any physical access to the vehicle.
Security vulnerabilities are discovered daily and pose risks that could result in remote exploitation, Trend Micro says.
In a blog posted in August 2017, Trend Micro senior threat researcher Federico Maggi notes that many car hacking proof-of-concepts are ignored because they require physical access to the car, but the Jeep case in particular shows that is not the case anymore. Maggi also says even local attacks should not be disregarded.
“Traditionally, the scenario in which an attacker could access a car that way is not only rare, but is also very risky to the attacker. This may have been true back then, but with current transportation trends such as ride-sharing, carpooling, and car renting, the scenario where many people can have local access to the same car is now more commonplace. As such, a paradigm shift in terms of vehicle cybersecurity must happen,” Maggi says.
Trend Micro and Panasonic will design a solution that can detect and prevent the intrusions into ECUs. Panasonic’s Control Area Network intrusion detection and prevention technology and Trend Micro’s IoT Security will form the base of the solutions.
Panasonic’s intrusion and detection will be able to detect any unauthorised commands to ECUs related to driving control. Trend Micro’s IoT Security will provide security intelligence and malware analysis on in-vehicle infotainment devices and navigation systems to detect attacks via the internet.
The partnership will also seek to jointly collect security events for analysis in the cloud. This will help detect and block suspicious traffic.
The companies hope to progress the overall development of cybersecurity solutions for autonomous and connected cars, particularly for in-vehicle and cloud systems.
“It is more important than ever to not only implement security measures in each vehicle but also to analyse new attacks by constantly monitoring in-vehicle systems from the cloud and utilise the results to implement countermeasures against cyber-attacks to all vehicles,” Trend Micro states.
Trend Micro and Panasonic hope to launch the security solution commercially after 2020.