"Cybersecurity Risks of Automotive OTA"

Vehicle Original Equipment Manufacturers (OEMs) will contact vehicle owners remotely about Operating System (OS) updates that add new features and/or fixes, as well as software bugs and vulnerabilities, similar to how smartphones do. All of this must be done securely, but over-the-air technology (OTA) is still relatively immature regarding safety-critical applications. The Advanced Driver Assistance Systems (ADAS), as well as the electronic dashboard, powertrain, and infotainment systems, are all controlled by software in modern vehicles. Through OTA updates, vehicles could operate more efficiently, benefit from improved Electronic Vehicle (EV) battery performance, and stay current with technology for longer. These updates can be delivered directly from OEMs or via vehicle dealers. Honda recalled 608,000 vehicles in the US in 2020 to fix software bugs that were causing instruments to display incorrect speed information and other errors with rear-view camera video. Updates are broadly classified into two types: critical and non-critical. Important updates have a direct impact on engine and powertrain performance and safety, while non-critical updates, for example, add new features to infotainment systems. However, OTA has some drawbacks. According to the National Highway Traffic Safety Administration (NHTSA), Tesla recalled more than 40,00 Model S and Model X vehicles built between 2017 and 2021 in October 2022 due to a software update issue. A different issue was caused by an OTA firmware release intended to update the calibration values of the electronic power assist steering system. After hitting a pothole or a bump, some vehicle owners experienced a loss of power steering ability, which required another OTA update to correct. Another challenge is that implementing security in any market is difficult, particularly in complex systems like automotive, where the use of third-party Intellectual Property (IP) is increasing. That IP can take the form of software or hardware, and if it is poorly designed or integrated, or is so complex that it can never be verified and debugged properly, it can open the door to cyberattacks. This article continues to discuss the cybersecurity risks of automotive OTA technology.

Semiconductor Engineering reports "Cybersecurity Risks of Automotive OTA"