More complex vehicles demand more sophisticated anti-theft devices

The introduction of hybrid vehicles is presenting a new set of challenges. When China’s largest motor vehicle manufacturer the Shanghai Automotive Industry Corporation (SAIC) started developing its first hybrid vehicle and required support to help design a suitable immobilizer and remote immobilizer system for its new model, it called on automotive consultancy firm SBD. 

The company helped through extensive benchmarking, design reviews, interactive onsite support, and workshops. SBD’s security experts were able to provide information of technology currently in use as well as were able to draw up design specification and test standardization documentation to help SAIC design secure cross-platform solutions. 

 

Parris: SBD approaches automotive security firstly by considering the market requirements defined in terms of government legislation, insurance industry criteria and user expectations. We then consider the manufacturers’ requirements in terms of brand reputation, model range, sales volumes, price positioning, supplier partnerships and strategic direction to determine an overall framework. SBD’s Secure Car Division works across the three main technology areas of automotive security, namely: Mechanical; Electronic; and Cyber. However, we also recognize the importance of taking a holistic view that considers people, process and technology as a broad business response. Effective security is very rarely achieved with just a technology fix. Finally, we understand the evolution of automotive security and use our industry leading insight to prepare our customers for probable technology developments, market trends, and criminal motivations. 

 

Parris: For many years, anti-theft measures such as immobilisers, alarms, steering column locks, improved door locks, parts traceability and control of keys and security components were very successful in reducing car crime. However, a number of countries are now seeing a rise in car crime for the first time in a decade, primarily due to Organised Crime Groups (OCGs) using electronic theft tools. This trend was the subject of my recent interview with Sky TV News who then broadcast it as their lead story. It is worrying that OCGs have brought new levels of funding and sophistication to car crime and have made it an international business. 

 

As cars evolve into networked mobile computers (including Internet connectivity), so the security issues of the internet become relevant to the car. The latest research from the Internet world shows that “hacking” is the single biggest threat to cyber security. The obvious conclusion is that the automotive industry must take steps to protect networked cars from hacking as well as e-theft, a concept that SBD calls ‘e-security’. 

• E-security encompasses safety, security and privacy 

• Includes protection of the vehicle, vehicle data and personal data 

• Protects OEMs from corporate liability lawsuits, damage to brand reputation and financial loss E-security must be implemented as well as, not instead of, conventional anti-theft measures. Any security system is only as strong as its weakest link and the principle of layered security is as true as it has always been. 

 

Parris: In the face of a spate of vehicle thefts in France, an OEM turned to SBD to help them improve their key programming to deter the thieves. 

 

 

While the OEM was regarded as a technical leader for being one of the first manufacturers to use key cards as an alternative to mechanical keys and transponders to start the car, an increased level of theft amongst its best-selling range of domestic models was cause for concern. Thieves were programming new key cards directly to vehicles and driving them away because there was no mechanical ignition lock to defeat. Recognising that they needed to improve the process for key coding, management, and replacement, the OEM designed a new process and asked SBD to review whether it would adequately address the concern. 

“A number of countries are now seeing a rise in car crime for the first time in a decade, primarily due to Organised Crime Groups (OCGs) using electronic theft tools.” 

 

 

Assessing the OEM’s proposed key and component management process alongside those used by other vehicle manufacturers, SBD provided a comprehensive risk analysis, identified areas where the process could be improved and how to achieve the required performance. This involved analysing the procedures to obtain a key card and verification code as well as the potential for thieves to bypass the whole process or abuse the tools and systems available to authorised dealers. 

 

 

SBD advised the OEM on the strengths and weaknesses of their system, including all aspects of the process, from the supply of key-cards, the hardware and associated access restrictions required to program the key cards to individual vehicles. While recognising that a realistic and cost-effective balance would need to be achieved between security and convenience, SBD also advised the OEM that certain aspects of the new process did not increase the defence against thieves. However some changes could be made that would improve the security without incurring significant additional costs. 

 

 

After implementing the process approved by SBD, a significant drop in the theft of the OEM’s models was noted. The OEM now enjoys increased key card traceability and all programming events are recorded against each vehicle on a central database. 

 

Joshy: Our expertise covers the full spectrum of mechanical, electronic and cyber security for the automotive industry, ranging from formulating global security strategies for vehicle manufacturers through in-depth market research, benchmarking and end user surveys to detailed analysis of e-theft tools and methods, reverse-engineering system designs and penetration attack tests. 

 

Joshy: SBD started in 1995 as an independent technical consultancy specializing in automotive security, where at that time the focus was initially on mechanical security, quickly followed by immobilizer and alarm systems. As theft methods have evolved from simple hardware techniques and component replacement through software based key programming and cloning methods to today’s most advanced wireless theft tools, SBD has maintained it leadership in understanding not just the tools and technologies used, but also the underlying methods and motivations of the criminals. SBD security experts also work closely with our colleagues in SBD’s Connected Car and Safe Car divisions who are experts in telematics, advanced driver assistance systems and intelligent transport systems. Our experience and expertise is unrivalled, which is why most of the world’s vehicle manufacturers and their suppliers turn to SBD for automotive security. 

 

Joshy: The emergence of the connected car also heralds the convergence of automotive and cyber technologies. With this convergence comes an exciting array of technologies and opportunities, such as monitoring the location of your car and being able to control some conve- nience functions remotely via a smartphone or networked computer. Clearly convenience features need to have security safeguards built in, but other functions are security features in their own right, such as OnStar’s locate, slowdown and block services. 

 

Looking further into the future, it is interesting to note that the feasibility of such technology is being examined by members of the European Network of Law Enforcement Technology Services (ENLETS). In order to help the automotive industry understand the threats and develop counter-measures, SBD have produced a series of reports describing areas such as the threats of over-the-air hacking and attack points and methods to secure the connected car. Badly conceived, designed and implemented connected car services will always be a risk, but services that are well conceived, well designed and well implemented can actually create a further layer of security in addition to the existing mechanical and electronic security for the benefit of us all