Car autopilot security

To protect ADAS from external interference, cars need a special approach to cybersecurity.

Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). The main issue that autopilot manufacturers must address is guaranteeing reliability and safety. After all, people’s lives depend on the proper functioning of the system.

Automakers can draw from the aviation industry experience in some measure; aviators have been using similar systems for more than a century. But creating an automatic control system for a car is far more complex, and not only because there are more factors to be taken into account on the road than in the air, including the at-times unpredictable behavior of neighboring vehicle drivers. There is also the fact that modern cars, by and large, are Internet-connected cyberphysical systems, so the autopilot must be not only reliable, but also protected from outside interference.

Cars and cybersecurity

In recent years, infosec researchers have become increasingly interested in cars and their electronic systems. As part of their research, attempts have been made to stop cars traveling at full speed and to confuse autopilot cameras. Almost every major infosec conference features at least one report on vulnerabilities found in vehicles. Typically, such news is presented in the media in apocalyptic tones: Cars are vulnerable! We’re all going to die! But in fact, the news is positive: For the first time, it seems, researchers have taken interest in a problem before criminals — or at least before the latter have begun to use their skills to attack cars on a large scale.

Unfortunately, not all automotive companies are closely monitoring the research of cybersecurity experts. Sometimes, even publicly disclosed vulnerabilities remain unpatched for years. However, some automakers are tapping in to the yearslong experience of specialist cybersecurity companies. One of the pioneers in this field is automotive consulting firm AVL, a company with which we collaborate. At the moment, AVL is tackling the issue of ADAS security head-on, making use of our developments.

Special protection for autopilots

The main potential problem from an ADAS perspective is likely vulnerabilities in vehicle electronic systems, which cannot be eliminated completely (their regular detection and patching is part and parcel of managing any software–hardware product). That being the case, ensuring that any attempt to exploit them does not allow interference with the ADAS is vital. In other words, the ADAS needs a specialized security approach.

We created our operating system, KasperskyOS, especially for devices with greater-than-normal cybersecurity requirements. Therefore, we used the OS as the basis for the Kaspersky Automotive Adaptive Platform, an advanced tool for creating safe and reliable applications for electronic control units. It not only prevents interference in autopilot processes, but also ensures the secure separation of electronics systems and their processes. It is this product that AVL Software and Functions GmbH (AVL SFR) uses in its ADAS.

AVL SFR offers an ADAS ECU module, which can be used at the prototyping stage of car production. You can learn more about the Kaspersky Automotive Adaptive Platform in this brochure, and find out more about what we are doing for transportation cybersecurity overall.