Digital ‘Birth Certificates’ for Vehicular Cybersecurity – Source: securityboulevard.com

Modern vehicles are more connected than ever before thanks to the rise of software-defined vehicles, or SDVs. These vehicles combine physical hardware with digital capabilities, allowing drivers to unlock new functionality by downloading apps just like they would on their smartphones. But with thousands of components from original equipment manufacturers (OEMs) and third-party software, the potential for tampering by unscrupulous individuals is significant. Researchers have warned for years of the growing likelihood for catastrophic cyberattacks on vehicles that could disable brakes, take over steering, and even steal personal information. Secure digital and physical components in SDVs are essential to preventing these threats.

The Threats to SDVs

Threats to SDVs can occur both digitally and physically. Unlike desktop computers and smartphones, SDVs are not general-purpose computers connected to the wider internet. As a result, bad actors cannot upload malicious code onto SDVs through regular internet activity. Instead, they need to find different methods—such as replacing a software update with code that includes a backdoor providing access to the vehicle. Despite the challenges presented by this approach, it remains possible. With the increased bandwidth provided by 5G technology, bad actors may also find it easier to hide malware or extract data through digital traffic.

Additionally, cybercriminals may seek to implant harmful software in the hardware components of vehicles. They could replace an original component with an OEM one that has vulnerabilities or is infected with malware. The situation is comparable to how western governments banned phones from Hauwei and ZTE due to similar fears. Careful regulation and monitoring are necessary to prevent such threats.

Mitigating Risks

To mitigate these risks, a digital and physical component identification system is necessary in SDVs. Each component should have a cryptography-secured identity given to it at the factory stage and throughout its lifetime. This system would allow manufacturers to identify all vehicle components and to prevent the creation of unauthorized components, whether digital or physical. The identification system should also designate decommission dates for components, allowing out-of-date and insecure components to be replaced with newer components. While it may be difficult to persuade drivers to pay for new electronic control units every few years, digital updates could be scheduled efficiently.

Implementing this system would require highly secure key injection. If this were to become compromised in any way, thousands of vehicles could become vulnerable. To avoid disastrous incidents that could endanger lives and create untold PR nightmares, manufacturers would do well to invest in a third-party service with vast experience in the area, that can offer 24/7 managed service and permits car manufacturers and OEMs to create secure environments for their digital assets.    

Securing the digital and physical components in SDVs is critical to preventing cyberattacks that could cause harm and steal personal information. A secure identification system for vehicle components is necessary, allowing manufacturers to identify all components and prevent the creation of unauthorized components. Additionally, a schedule for replacing out-of-date and insecure components should be introduced. With all these safeguards in place, owners of SDVs can continue to enjoy the new functionality and benefits of SDVs without worrying about potential risks.

The Need for Digital ‘Birth Certificates’ 

We each have a birth certificate that identifies us, with supplementary documents added to this as we grow older that all serve the same important function: They are things that only we can own. 

Replicating this system for the digital and physical components in SDVs could be the path to securing both. A revolutionary system of digital ‘birth certificates’ could ensure the safety and security of software-defined vehicles. Each component of a vehicle would have its own encrypted identity that would allow manufacturers to track their movements and usage, as well as guaranteeing they are not tampered with or replaced. In addition, the certificates would prevent the creation of unauthorized components and allow driving authorities to schedule digital updates for out-of-date components. The birth certificates would require extremely secure key injection to guarantee their effectiveness, which is where an experienced third party’s managed service would prove indispensable.