Skip to main content
Loading ...

Your Country

Your Country

Change your address

You are here

Security gets FASTR for automotive

April 07, 2017
With automobiles generating gigabytes of data, FASTR has a plan to secure that data while ensuring user privacy, but it needs help.
With automobiles generating gigabytes of data, FASTR has a plan to secure that data while ensuring user privacy, but it needs help.

In a connected world, very few worthwhile things can happen in isolation, and this is particularly true of automotive security and privacy. That’s why the Future of Automotive Security Technology Research (FASTRSM) consortium recently released a very formal and detailed manifesto, and with it, a call‑to‑action to the entire automotive supply chain.

The big driver for security (pardon the pun) is the escalating level of communications, both between modules in the vehicle itself, as well as vehicle‑to‑vehicle (V2V), vehicle‑to‑infrastructure (V2I) and vehicle‑to‑everything (V2X). The big realization, of course, is that we’re rapidly tumbling towards rising levels of vehicle autonomy that, according to FASTR, will be generating somewhere in the region of 4 gigabytes per vehicle by 2020 (Figure 1). While this is technologically exciting, it’s also terrifying from a security, privacy, user trust and liability point of view.

Figure 1: FASTR recognizes that the transition to higher levels of V2I, V2V, and V2X communication and autonomy creates more data and privacy concerns, which users will look to the industry to solve. (Image source: FASTR consortium)

That fear is well‑founded. To prove the point, researchers hacked a Jeep to expose vulnerabilities, and have continued to do so even after the initial vulnerability was shut down by Chrysler.

However, for anyone familiar with electronic systems, software and user habits, security will always be a moving target, kind of like cybersecurity “whack‑a-mole”. If one attack surface gets shut down, hackers move on to another. If the car manufacturer chooses to do over‑the‑air (OTA) updates to close the vulnerability, that OTA connection becomes a hacker target: sending a USB stick with self‑installing firmware updates to the user, or doing updates only in secure locations by the car dealer, is often the best solution.

Even then, with all the hardware, software, and connectivity loopholes closed, the user themselves can be tricked into giving away access codes, if the hackers are that intent on gaining access. Unless it’s a targeted attack for specific purposes, hackers, fortunately, are still human: they’ll move on to an easier target, we hope.

However, in an era of heightened security and privacy concerns, few want to rely upon hope as a solution, particularly anyone who might be in a position to be targeted. And vehicle manufacturers would rather avoid the publicity.

This brings us to FASTR and its manifesto. FASTR was founded in 2016 by Aeries, Intel, and Uber as a means of working with the expanding automotive ecosystem to accelerate the realization of organically secure vehicles. Along with the new manifesto announced in February, FASTR also welcomed Karamba Security and Rambus to the consortium.

Given the scope of the issue, a concerted effort is clearly necessary: 250 million connected vehicles will be on roadways by 2020 and the expected market for autonomous vehicles looks likely to approach $77 billion in 2023. FASTR itself pointed to some of the potential attack surfaces (Figure 2).

Figure 2: The lines of code and the attack surfaces on a connected vehicle are going to grow rapidly as we accelerate toward more connected vehicles with higher levels of autonomy. Collaboration through FASTR might be a good idea. (Image source: FASTR consortium)

It isn’t just the electronic control units (ECUs) deep within the vehicle itself that can be dangerous if hacked. Remotely cranking the entertainment unit may seem like harmless fun for tricksters, but it can kill if the driver is distracted or surprised at the wrong time.

For sure, black‑hat‑turned‑white‑hat operators are now being gainfully employed to ensure security, and the vulnerabilities are being addressed. User access is gated by biometrics, dual‑authentication methods and even the old passwords. Communication gateways can be used to provide domain isolation, as well as encrypted data, while processors and software are becoming more tamper‑proof.

Still, a cohesive approach across the whole industry that addresses the following has not been forthcoming:

  • Trust in data confidentiality: Vehicle data must not be divulged without the permission of the operator.
  • Trust in data and system integrity: Vehicle and operator data must not be compromised or altered.
  • Trust in data and system availability: Vehicle and operator data must be available to the systems and services that rely on them.

The FASTR consortium is gathering together OEMs, transportation network companies, supply‑chain providers (Tier 1s and 2s), autonomous vehicle specialists, integrated circuit (IC) suppliers, specialists in automotive security, academics and researchers. As a collaborative effort, it hopes to address security from top to bottom, including:

  • Defense in depth: Threat‑modeling, vulnerability assessment, architecture.
  • Hardware security features: Multi‑layered defense across all hardware layers and environments.
  • Vehicle security design lifecycle: Predictable processes through production and manufacturing.
  • Threat intelligence: On‑going assessment and over‑the‑air updates.

Security in a vacuum is easy, but security in the real world across a vast ecosystem takes collaboration at an unprecedented level. While we don’t suggest cloaking vehicles in aluminum foil (yet), awareness of the issues and working with a knowledgeable partner or two are good starting points.

Patrick Mannion
Technology Analyst and Writer


by Patty Felts

u‑blox has partnered with T‑Mobile US, the first operator to roll out a commercial Narrowband IoT (NB‑IoT or LTE Cat NB1) network in the US.

January 09, 2018
Boosting GNSS performance with sensor fusion


by Alexander Somieski

Has your car’s GPS ever led you astray? After following it blindly for an hour, it suddenly dawns on you that you’re heading in the wrong direction.

December 07, 2017

by Patrick Mannion

The Security Manifesto and accompanying Digital Social Contract are an industry‑wide call to action from Arm’s CEO at the recent Arm TechCon, but developers have to act now, using available tools and pushing back to ge

November 17, 2017
Galileo Satellite Constellation by Lukas Rohr:


by Clemens Buergi

Two decades after it was first conceived, the Galileo global navigation satellite system is raining down its signals across the globe.

November 14, 2017
Connecting cars for over 12 years

by Thomas Nigg

The automotive industry found u‑blox sometime around 2005. It was neither anticipated nor planned, but looking back, it’s been a fantastic adventure. Since, we’ve sold dozens of millions of positioning and communication devices to automotive Tier Ones and OEMs.

November 07, 2017
dog tracker

by Florian Bousquet

GPS trackers – small, wearable devices used to track people, pets and animals – have made life easier for parents, pet owners, wildlife researchers, farmers, and businesses alike.

November 02, 2017
Arm TechCon

There’s a lot that goes into making IoT applications run smoothly and securely. From designing the hardware to ensuring robust connectivity, security, privacy, and data collection, the success of a prototype or of an end product hinges on cleanly clearing all of these hurdles. Sound daunting?

October 25, 2017

by Florian Bousquet

From the Apple Watch, to the Samsung Gear and Huawei 2, more and more smartwatches are popping up every day on people’s wrists. What started as a luxurious fashion accessory is becoming increasingly respected as a useful wearable.

October 18, 2017

u‑blox is demoing the long range connectivity of its newly launched, full‑featured Bluetooth 5 wireless MCU (microcontroller unit) module, NINA‑B3, at booth #1G44 of the

October 04, 2017