Tech company Harman, supplier of infotainment systems to brands such as Mercedes-Benz, BMW and Porsche, has launched new software to tackle the increasing threat of car hacking, having acquired two software security companies.
The purchase of Towersec and Redbend means their technology contributes to Harman’s new ‘5+1 cyber security framework’, which provides five layers of protection against attack, from the hardware level right up to the vehicle network.
Harman’s director of technology marketing, Hans Roth, said: “As we move forward towards autonomous driving, cars require more built-in connectivity embedded deeply into the car, so cyber security has become a priority.”
Towersec, a specialist in ‘intrusion prevention’, has developed software to protect military weapons systems from hacking, as well as two automotive software products, ECUshield and TCUshield.
TCUshield prevents unwanted wireless connections with a vehicle’s TCU (telematics connecting unit), while ECUshield detects and prevents attempts to hack into a vehicle’s ECUs (electronic control units) or the network connecting them.
“There could be as many as 120 ECUs in a modern luxury car,” said Roth.
Redbend has developed OTA (over the air) technology to update a car’s security systems remotely. All three are offered as part of the 5+1 framework.
Its flexible nature allows car makers to choose which elements of it they wish to use. “Some may substitute another method for one or more layers,” said a spokesman.
For example, one manufacturer has adopted the Redbend OTA system for remote software updates so far, although it is not yet being used to update security systems.
ECOshield and TCUshield include an algorithm that can “spot an attack without knowing the method of attack up front”, said the spokesman.
Unlike PC antivirus software, which must be updated continually with lists of viruses, Towersec’s algorithm recognises authentic data in the Controller Area Network (CAN — the car equivalent of an office computer network), treats any it doesn’t recognise as a threat and tells the car not to use it.
This prevents unwanted instructions given to a car from the outside from taking effect, even if hackers manage to connect to the car in the first place.