OEMs are working hard to remain one step ahead of increasingly sophisticated global theft rings.
The introduction of hybrid vehicles is presenting a new set of challenges. When China’s largest motor vehicle manufacturer the Shanghai Automotive Industry Corporation (SAIC) started developing its first hybrid vehicle and required support to help design a suitable immobilizer and remote immobilizer system for its new model, it called on automotive consultancy firm SBD.
The company helped through extensive benchmarking, design reviews, interactive onsite support, and workshops. SBD’s security experts were able to provide information of technology currently in use as well as were able to draw up design specification and test standardization documentation to help SAIC design secure cross-platform solutions.
Automotive Industries (AI) asked Mike Parris, Head of the Secure Car Division at SBD what strategies the company is following to help automotive manufacturers deal with issues of security.
Parris: SBD approaches automotive security firstly by considering the market requirements defined in terms of government legislation, insurance industry criteria and user expectations. We then consider the manufacturers’ requirements in terms of brand reputation, model range, sales volumes, price positioning, supplier partnerships and strategic direction to determine an overall framework. SBD’s Secure Car Division works across the three main technology areas of automotive security, namely: Mechanical; Electronic; and Cyber. However, we also recognize the importance of taking a holistic view that considers people, process and technology as a broad business response. Effective security is very rarely achieved with just a technology fix. Finally, we understand the evolution of automotive security and use our industry leading insight to prepare our customers for probable technology developments, market trends, and criminal motivations.
AI: Globally, what kind of risk do automobiles face and how is this increasing or decreasing thanks to improvements in car security systems?
Parris: For many years, anti-theft measures such as immobilisers, alarms, steering column locks, improved door locks, parts traceability and control of keys and security components were very successful in reducing car crime. However, a number of countries are now seeing a rise in car crime for the first time in a decade, primarily due to Organised Crime Groups (OCGs) using electronic theft tools. This trend was the subject of my recent interview with Sky TV News who then broadcast it as their lead story. It is worrying that OCGs have brought new levels of funding and sophistication to car crime and have made it an international business.
As cars evolve into networked mobile computers (including Internet connectivity), so the security issues of the internet become relevant to the car. The latest research from the Internet world shows that “hacking” is the single biggest threat to cyber security. The obvious conclusion is that the automotive industry must take steps to protect networked cars from hacking as well as e-theft, a concept that SBD calls ‘e-security’.
• E-security encompasses safety, security and privacy
• Includes protection of the vehicle, vehicle data and personal data
• Protects OEMs from corporate liability lawsuits, damage to brand reputation and financial loss E-security must be implemented as well as, not instead of, conventional anti-theft measures. Any security system is only as strong as its weakest link and the principle of layered security is as true as it has always been.
AI: Please share an example of how SBD worked together with an auto maker to improve security.
Parris: In the face of a spate of vehicle thefts in France, an OEM turned to SBD to help them improve their key programming to deter the thieves.
While the OEM was regarded as a technical leader for being one of the first manufacturers to use key cards as an alternative to mechanical keys and transponders to start the car, an increased level of theft amongst its best-selling range of domestic models was cause for concern. Thieves were programming new key cards directly to vehicles and driving them away because there was no mechanical ignition lock to defeat. Recognising that they needed to improve the process for key coding, management, and replacement, the OEM designed a new process and asked SBD to review whether it would adequately address the concern.
“A number of countries are now seeing a rise in car crime for the first time in a decade, primarily due to Organised Crime Groups (OCGs) using electronic theft tools.”
Assessing the OEM’s proposed key and component management process alongside those used by other vehicle manufacturers, SBD provided a comprehensive risk analysis, identified areas where the process could be improved and how to achieve the required performance. This involved analysing the procedures to obtain a key card and verification code as well as the potential for thieves to bypass the whole process or abuse the tools and systems available to authorised dealers.
SBD advised the OEM on the strengths and weaknesses of their system, including all aspects of the process, from the supply of key-cards, the hardware and associated access restrictions required to program the key cards to individual vehicles. While recognising that a realistic and cost-effective balance would need to be achieved between security and convenience, SBD also advised the OEM that certain aspects of the new process did not increase the defence against thieves. However some changes could be made that would improve the security without incurring significant additional costs.
After implementing the process approved by SBD, a significant drop in the theft of the OEM’s models was noted. The OEM now enjoys increased key card traceability and all programming events are recorded against each vehicle on a central database.
AI: also spoke to Jithesh Joshy, Specialist, Secure Car Division, SBD, and asked what kind of expertise SBD has in automotive security.
Joshy: Our expertise covers the full spectrum of mechanical, electronic and cyber security for the automotive industry, ranging from formulating global security strategies for vehicle manufacturers through in-depth market research, benchmarking and end user surveys to detailed analysis of e-theft tools and methods, reverse-engineering system designs and penetration attack tests.
AI: What gives your firm an edge over others in the field of automotive security?
Joshy: SBD started in 1995 as an independent technical consultancy specializing in automotive security, where at that time the focus was initially on mechanical security, quickly followed by immobilizer and alarm systems. As theft methods have evolved from simple hardware techniques and component replacement through software based key programming and cloning methods to today’s most advanced wireless theft tools, SBD has maintained it leadership in understanding not just the tools and technologies used, but also the underlying methods and motivations of the criminals. SBD security experts also work closely with our colleagues in SBD’s Connected Car and Safe Car divisions who are experts in telematics, advanced driver assistance systems and intelligent transport systems. Our experience and expertise is unrivalled, which is why most of the world’s vehicle manufacturers and their suppliers turn to SBD for automotive security.
AI: What are some of the latest breakthroughs in security systems in the era of connected cars?
Joshy: The emergence of the connected car also heralds the convergence of automotive and cyber technologies. With this convergence comes an exciting array of technologies and opportunities, such as monitoring the location of your car and being able to control some conve- nience functions remotely via a smartphone or networked computer. Clearly convenience features need to have security safeguards built in, but other functions are security features in their own right, such as OnStar’s locate, slowdown and block services.
Looking further into the future, it is interesting to note that the feasibility of such technology is being examined by members of the European Network of Law Enforcement Technology Services (ENLETS). In order to help the automotive industry understand the threats and develop counter-measures, SBD have produced a series of reports describing areas such as the threats of over-the-air hacking and attack points and methods to secure the connected car. Badly conceived, designed and implemented connected car services will always be a risk, but services that are well conceived, well designed and well implemented can actually create a further layer of security in addition to the existing mechanical and electronic security for the benefit of us all