Shortly, you will see cars in your bays that have the ability to communicate with one another. These cars are already on the street, and can facilitate driver access to many different, and potentially dangerous, networks. With these networks, simple interactions like accessing a calendar or playing music could lead to a malware infection that could target the most critical and susceptible systems of the car, such as the brakes, steering and powertrain controls.
Customers like these added tech features, and many companies want to offer more connectivity. So, the question becomes, just how do you allow the kids to play on the playground and keep bad things from happening to them? The simple answer is that you build a fence to keep bad things out. This is the solution that several groups are working on.
It’s a foregone conclusion that there are people who desire to hack cars’ CAN systems. It doesn’t take something dramatic to cause a lot of trouble. For example, if you spoof a vehicle stability control system, the result may be immediate action by the emergency braking system. Imagine that on a large scale. One solution that is rooted in enterprise security is the implementation of a firewall. In the automotive world, a variation on this theme is being actively discussed, which is known as the Secure Vehicle Interface (SVI).
SVI is the idea that a software-based solution would allow automakers to be responsive to hacking attempts, as cars would send data logs outlining the types of attacks they were seeing. This would allow over-the-air updating to “patch” software vulnerabilities very rapidly. Another thing that SVI does is build a “fence” around cars’ critical systems so they can operate without being exposed to unsafe Internet connections when connecting through apps, e-commerce and social media platforms.
SVI would also include an open channel to listen for other vehicle communications from the proposed Dedicated Short Range Communication (DSRC) network that has currently been reserved to run in the 5.9 Ghz range. Just as with Internet connections where the vehicle would be monitoring for hacking attempts, the software involved in SVI would need the ability or logic to validate a communication from another vehicle to determine if it is real or a spoof.
One thought is that vehicles could utilize a system like the commercial banking industry does where each time you log in to your account, you are given a short-term, one-time-use token that protects against someone possibly capturing and reusing your login information.
I’M A SCAN TOOL, LET ME IN
The future of the OBD-II port is one of the things that may be on your mind while you are reading this. The OBD-II port will be around for some time. It is currently a necessity as part of EPA and CARB regulations. To move away from it would require major software rewrites in states that are using OBD-II data in their emissions test. However, what may change if SVI becomes a standard is where that OBD-II port sits on the network.
Reviewing the current SVI proposal, the port would sit outside the network to avoid intrusion from malware devices. Scan tool software would most likely use a token system to make your session unique and discrete in case a hacker was trying to breach a vehicle’s security.
Not coincidentally, the NHTSA’s “Cybersecurity Best Practices for Modern Vehicles” released in October recommends consideration by tool companies that would limit the amount of time a diagnostic port could stay open. It also recommended that bidirectional tests be given limits in terms of their capabilities. This does not mean that you have to throw out your current scan tools. They will continue to be viable for use on the vehicle model years for which they were designed. The message here is that as a repairer, you need to keep up with what is happening. There will be opportunities to comment on these governing standards to voice your opinion on pending changes, but you’re not alone. There are many groups watching out for you like ASA, ETI, the Auto Care Association and AAA, to name only a few. These groups are fighting for what’s best for the industry, but their messages are more powerful when technicians are active and part of the discussion.
What is your job in the coming months and years? Keep learning and take advantage of opportunities to participate in educational events that cover these topics. The secure vehicles of today will evolve much faster into the automated transportation of tomorrow. The possibilities and splinter specialties that appear to be on the horizon will be only limited by the industry’s ability to get some standards in place that protect the vehicle and its drivers.