current position:Home>Static code analysis | How to ensure the cybersecurity of in-vehicle infotainment systems in the digital cockpit era?

Static code analysis | How to ensure the cybersecurity of in-vehicle infotainment systems in the digital cockpit era?

2022-10-08 10:42:02InfoQ

< div> with auto intelligent level of ascension, car infotainment system the function of (IVI) is becoming more and more rich, from the navigation, map, to the music, entertainment, and then to voice assistant, automatic parking, etc., continue to expand the possibilities of car as an intelligent terminal.But with the popularity of IVI, followed by the network security problem has occurred frequently, for users and manufacturers such as information leakage and the risk of damage to property.< / div>< div> reading this article, you'll learn what is car infotainment system (IVI), network attack will be to IVI constitute what risks, IVI network security holes on the influence of the original equipment manufacturer, and if by SAST tools Klocwork enhance the safety of the IVI software code.< / div>< div> to know more about < / div>< div>< div> SAST tool Klocwork < / div>< / div>< div> information, please contact < / div>< div>< div> Perforce authorized partners - Long Zhi < / div>< / div>< div>.< / div>< br>< img SRC="/ /" Alt=null loading=lazy>< div> now, buying a new car consumers pay more attention to "experience" digital cockpit ecological system, but less focus on power, fuel economy and other traditional characteristics.Delivery to connect fully on-board information entertainment experience (IVI) system, including touch screen display, voice command, information aggregation, and entertainment function, etc., have become the important issues in automotive industry.< / div>< h3> what is car infotainment system?< / h3>< br>< div> terminal more and more consumers want to experience fully connected "digital ecosystem"."Digital cockpit" is the core of automotive infotainment system, is becoming the key of original equipment manufacturers and automobile brand differentiation factors.< / div>< br>< div> IVI is a combination of a vehicle system, is used to provide the occupants with audio/video interface and control elements - touch screen display, buttons, panels, voice command, etc.< / div>< br>< div> the following is a component of "digital cockpit" components, modules, brief description: < / div>< br>< ul>< li>< div> user interface: < / div>< div> drivers and passengers by touch, knob and rotary table on the screen to see and interact with content.< / div>< / li>< / ul>< ul>< li>< div> host: < / div>< div> including display, shell, circuit boards, CD/DVD player, radio and multiple processors - collectively known as the host vehicle.It is also with vehicles of all physical input interface, such as a sound system and/or external camera.< / div>< / li>< / ul>< ul>< li>< div> operating system (OS) < / div>< div> : the operating system is the core of the infotainment system, it controls the host processors, memory, storage and display of access.< / div>< / li>< / ul>< ul>< li>< div> application framework module < / div>< div> : management from company application to navigation, all the content and interacts with the system, such as text to speech and voice commands.It controls all the application function, and which applications can appear in the host.< / div>< / li>< / ul>< ul>< li>< div> mobile integration: < / div>< div> enable vehicles to connect with all kinds of smart phones and devices.Support wi-fi, bluetooth and plug and play programs, for example Google Play Mirror CarPlay Link, apple and android Auto to the modified import screen mobile phone media and applications.< / div>< / li>< / ul>< ul>< li>< div> auto platform: < / div>< div> bridge between the application framework and the operating system software, multimedia, audio, video, navigation, radio, audio, software updates, cloud services, etc.< / div>< / li>< / ul>< br>< div> according to < / div>< div>< div> industry research firm Frost&Sullivan, a recent analysis, < / div>< / div>< div> in 2025, the "cars" will account for nearly 86% of the global auto market.That same year, IVI market is expected to reach $42.7 billion.< / div>< br>< div> but the IVI system itself and third party applications has also created many loopholes for the network crime threat point.Original equipment manufacturer of auto industry and IVI tier one suppliers must work to ensure that these systems within the embedded code accord with standard of safety and prevention of the key.Doing this will help avoid recall costs, as well as avoid influence the corporate reputation.< / div>< br>< h3> network attacks pose a serious risk to IVI < / h3>< br>< div>, so to speak, networked automobile is a through the IVI four-wheel computer connected to the Internet.Because the IVI is part of the network inside the vehicle, it can create many vulnerable point of threat for hackers, the hackers could control driver smartphone and access to personal data, manipulate vehicle safety critical systems function or forge the system to update the program.Therefore, IVI development practices must comply with coding standards and guidelines.< / div>< br>< div> two recent standard is expected to benefit the IVI, they are ISO/SAE 21434 standard and the United Nations economic commission for Europe (UNECE) WP. 29.These standards supplement each other, for a new generation network provides guarantee and security.< / div>< br>< div> ISO/SAE 21434 standard based on its predecessor < / div>< div>< div> ISO 26262 < / div>< / div>< div>.ISO 26262 does not include software development or subsystems.< / div>< br>< div> ISO/SAE 21434 focused on automotive electronics product design and development of network security risks inherent in the.Car software safety standard provides a structured process, to ensure that in the whole life cycle of the automobile products, a network security considerations should be brought into the automobile products.< / div>< br>< div> unlike ISO/SAE21434, WP. 29 regulations handed responsibility for original equipment manufacturer, to manage the network security risks in the whole supply chain.< / div>< br>< h3> IVI network security holes affect how original equipment manufacturer < / h3>< br>< div> original equipment manufacturers and their tier one suppliers need to take measures, to avoid the negative impact of IVI embedded software vulnerabilities, because the attack could threaten the driver and the passengers' privacy and security.Network security events can be costly and time consuming, and may lead to a recall, ultimately affect the profits, loss of reputation and organizational productivity.< / div>< br>< h3> why SAST is crucial for the IVI software code < / h3>< br>< div>< div> SAST < / div>< / div>< div> & amp;nbsp;(static application security testing & amp;NBSP;) Software testing methods by checking and analyzing the application source code, bytecode and the binary coding and design conditions, to discover the IVI software security vulnerabilities.SAST behind the work system is a used to examine the design and coding of < / div>< div>< div> static analysis tool < / div>< / div>< div>.< / div>< br>< div>< div> Klocwork < / div>< / div>< div> is the ideal choice of the business enterprise and DevSecOps, it is one of the industry's leading < / div>< div>< div> static analysis < / div>< / div>< div> and SAST tools, suitable for C, C + +, C #, Java, JavaScript, Python, and Kotlin - designed source code.In addition, there are nine out of ten large auto parts manufacturers rely on Perforce static analysis tool to help them to make sure its car software security, defensive, and compliance.< / div>< br>< div> article source: < / div>< br>< div> for static analysis tools Klocwork insight into how to help you ensure that the quality of the embedded software, please contact < / div>< div>< div> Perforce authorized partners - Long Zhi < / div>< / div>< div> : < / div>< div> website: < / div>< div> tel: 400-666-7732 < / div>< div> email: [email protected] < / div>< br>< img SRC="/ /" Alt=null loading=lazy>< br>

copyright notice
author[InfoQ],Please bring the original link to reprint, thank you.

Random recommended