current position:Home>Cybersecurity Considerations for In-Vehicle Infotainment Systems

Cybersecurity Considerations for In-Vehicle Infotainment Systems

2022-11-11 01:54:04Trinitytec

Today, new car buyers are focusing more on the "digital cockpit ecosystem experience" than on traditional features like horsepower and fuel economy.The automotive industry has made it a requirement of limited consideration to provide this experience through a fully connected in-vehicle infotainment (IVI) system consisting of a touchscreen display, voice commands, and integrated infotainment features.

What is an in-vehicle infotainment system?

End consumers are increasingly expecting an experience connected to their "digital ecosystem".The "digital cockpit" is the core of the in-vehicle infotainment system and is becoming the main differentiator for major OEMs and their car brands.

IVI is a combination of vehicle systems used to provide the occupants of the vehicle with audio and video interfaces and control elements—touchscreen displays, button panels, voice commands, and more.

The following is a brief description of the components or modules that make up the "Digital Cockpit":

  1. User Interface: The interface for the driver and passenger to view and interact on the screen by touch or via knobs and dials.
  2. Head Unit: Contains the display, housing, circuit board, CD/DVD player, radio, and multiple processors - these are collectively referred to asfor the head unit of the vehicle.It is also the interface for all physical inputs to the vehicle, such as the audio system and/or external cameras.
  3. Operating System(OS):The operating system is the heart of the infotainment system, which controls access to the processor, memory, storage, and display in the head unit.
  4. App Framework Module: Manages everything from the Spotify app to navigation and interaction with the system, such as text-to-speech and voice commands.It controls the functionality of all apps and which apps appear on the head unit.
  5. Mobile Integration: Enables the vehicle to connect with a variety of smartphones and devices.Wi-Fi, Bluetooth and plug-and-play software such as Google Play’s Mirror Link, Apple Car Play and Android Auto are supported, allowing custom versions of mobile media and apps to be imported onto the screen.
  6. Automotive Platform: The software bridge between the application framework and the operating system (OS) supporting multimedia, video, navigation, audio, radio, audio, software updates, cloud services, and more.

According to a recent analysis by industry research firm Frost & Sullivan, "connected cars" will account for nearly 86 percent of the global auto market by 2025.In the same year, the IVI market is expected to reach $42.7 billion.

However, it is true that the IVI system itself, in conjunction with third-party applications, creates a large number of vulnerability threat points for cybercriminals.OEMs and Tier 1 suppliers of IVI systems in the automotive industry must work hard to ensure that the embedded code within these systems meets safety-critical standards.Doing so helps avoid recall costs and business reputational impact.

Cyber ​​attacks pose a serious risk to IVI

It can be said that a connected vehicle is a four-wheeled computer connected to the Internet through an IVI system.In addition, since the IVI system is part of the in-vehicle network, hackers can use the system to control the driver's smartphone, obtain personal information, manipulate vehicle safety-critical system functions, program system updates, etc., creating many vulnerable threat points..Therefore, IVI system development practices must adhere to coding standards and guidelines.

Additionally, two recent initiatives are expected to benefit the IVI system, the ISO/SAE 21434 standard and the United Nations Economic Commission for Europe (UNECE) WP.29 regulation.The two standards complement each other and prepare the automotive industry for a new generation of connected cars.

ISO/SAE 21434 builds on its predecessorBased on ISO 26262, excluding software development and subsystems.ISO/SAE 21434 focuses on the cybersecurity risks inherent in the design and development of automotive electronics.The automotive software security standard ISO/SAE 21434 provides a structured process to ensure that cybersecurity issues are considered throughout the life cycle of an automotive product.

Unlike ISO/SAE 21434, the WP.29 regulation recognizes the responsibility of OEMs to manage cybersecurity risks throughout the supply chain.

How the IVI cybersecurity breach affects OEMs

OEMs and their Tier 1 suppliers need to take steps to avoid the negative impact of vulnerabilities in their IVI embedded software, as attacks could threaten the privacy and safety of drivers and passengers.Cybersecurity incidents can be costly and time-intensive, and can lead to vehicle recalls, ultimately with the worst impact, loss of reputation and loss of organizational efficiency.

Why SAST is the key to IVI system software code

Static Application Security Testing (SAST) software testing methodology examines and analyzes application source code, bytecode, and binaries for coding and design to discover security in IVI system softwareVulnerability.The working mechanism behind SAST relies on static analysis tools that check for design and coding flaws.

Klocwork is an industry-leading static analysis and SAST tool for C, C++, C#, Java, JavaScript, Python and Kotlin and other languages ​​designed source code, very suitable for enterprise DevOps and DevSecOps.And, 9 of the 10 top auto parts manufacturers rely on Perforce static analysis tools to help ensure the safety and compliance of their automotive software.

If you're ready to experience for yourself how Klocwork can help ensure the quality of your embedded software, sign up today for a 10-day Try it for free.

"Original content, please indicate the source"

copyright notice
author[Trinitytec],Please bring the original link to reprint, thank you.

Random recommended