By Humra Laeeq
It is a hardly contestable fact that with the kind of technology in todays world, one cannot shut people out.
“There is no safety without security“, says John Wall, head of Blackberry QNX software. His words seem quite similar to the thoughts of Mary Barra of General Motors, who regards cybersecurity as her top priority. Recently, Wall introduced an automotive security system, the ‘QNX Hypervisor 2.0’ that safeguards automobiles against systemic breaches. Connected and self-driving autonomous vehicles show immense vulnerability towards such breaches. By creating virtual software containers, the QNX Hypervisor 2.0 isolates the cars functional domains such that any breach in a single domain does not impact others.
The background story
Conventionally, a virtual cockpit would run both an automobiles infotainment system (the audio-visual hardware and software combination for entertainment) and its digital instrument cluster (comprising the speedometer, odometer and gas tank indicator) with a single ‘system on a chip’ (SoC). The SoC allowed all electronic functions of the car to work on a single integrated circuit. A skilled hacker could easily guide himself through the music system to speed and brake controls through the interconnected wiring. The networks of wireless and electronic control units (ECUs) that allow smartphones and internet connectivity, offered the potential for hackers to access critical car controls. This risked the safety of critical operations. These systems would also stay prone to manipulation through mapping apps, tire-pressure sensors and even older entry points like a CD drive through Bluetooth functioning.
Walls newest innovation attempts to seal this crack.
The latest technology in town
Recognising that the digital instrument cluster interfaces with critical driving systems, the QNX Hypervisor 2.0 moulds it in such a way that each of these two systems is isolated and kept safe. So, even if a hacker assumes control over audio-visuals, he would be unable to direct himself to safety critical areas, such as driving controls, speed and braking. In addition to this ironclad security, the BlackBerry QNX operating system enables developers to use trusted BlackBerry services such as ‘splash screen display’ or ‘instant device activation’ for user familiarity, easy access and attraction. The Hypervisor 2.0 is another ancestor of the already industry-proven QNX Operating System based on microkernels. These microkernels remove all non-essential components from the processing system and have minimal or micro amount of processing and efficient memory management. Microkernels offer real-time stability to the operating system and the QNX software already ships in embedded systems across the world.
Announcing the adoption of QNX Hypervisor by Qualcomms Snapdragon, a high-resolution in-car infotainment system, manufacturers can now reduce the cost and hardware complexity of their vehicles, while still delivering the quality user experiences that consumers demand today. As a Type-1 Hypervisor, it is a guest operating system that works directly on the host machine (the cars hardware) and provides flexible virtual machine configuration. This flexibility of the hypervisor environment, or the different configurations which can be applied in varying host spaces, can be scaled into large-scale requirements of automated drive and high-end computing systems.
Why do we need automotive cyber security?
The stage for modern warfare has undergone a huge transformation. Thriving underground, invisible modes of security violation pose a threat that the world is still getting accustomed to, yet largely unaware of. Any online system, layered with circuitry and operation systems, does not remain safe from probing attempts by a hacker. A team of Chinese researchers at Tencent hacked a moving Tesla Model S and controlled its brakes from 12 miles away in high-speed traffic, all from a computer in the back of the car. Even though it was exemplary of the well-meaning term white-hacking, actual possibilities run further.
And the vulnerability is increasing manifold.
Twenty years ago, on average, cars had one million lines of code. The General Motors 2010 Chevrolet Volt had about 10 million lines of code. Today, an average car possesses more than 100 million lines of code, according to software engineering expert Steve McConnell. Considering there are 15 to 50 defects per 1,000 lines of software code, the scope for exploitability adds up. Google Chrome, Microsoft and Android contain millions of lines of code. The motivation to find exploitable defects has never been higher.
Building a digital army
Governments, big and small, are investing in security defences like firewalls and antivirus software. Behind the United States and China, Iran claims to have the third largest digital army in the world. Except that among computer codes and automotive codes, the difference exists in “the loss of data versus the loss of life“, says David Barzilai, co-founder of Karamba Security, an Israeli start-up that is working on addressing automotive security.
With the National Highway Traffic Safety Administration of the US proposing that V2V or vehicle-to-vehicle communication equipment be installed in all cars in the future, maybe we do not lag much behind the advent of autonomous, self-driving cars. However, that dangerously exposes millions of more access points for would-be attackers. The QNX Hypervisor comes as one of the few attempts to safeguard cyber war capabilities.
Featured Image Credits: Jalantikus