HIAI Recommends Hardware Security to Safeguard Vehicle Apps
In 2015, researchers successfully proved they could hack into—and control—an internet-connected vehicle from any point on the globe. Although automobile manufacturers are adding software-based security techniques to protect vehicles from unauthorized control, the problem is far from solved.
Currently, manufacturers like Volvo, Ford, and GM publish apps for Android and iPhone that allow drivers to control their vehicles remotely. While convenient, this means anyone who can hack into your smartphone has access to your vehicle. So while manufacturers may be able to secure the vehicle itself, vulnerabilities in the smartphone are out of their control.
One possible solution suggested by researchers at Florida Institute of Technology’s Harris Institute for Assured Information is to look past software solutions and use new hardware-based security features on your phone. “Our work is to identify new security threats and the second is to defeat those problems,” said HIAI assistant professor Shengzhi Zhang.
Most smartphones today run smoothly because of a processor called ARM that lets the device do a lot of different things as efficiently as possible. Recently, a feature called the ARM TrustZone was added to the processors to create a higher level of security for sensitive apps. The ARM TrustZone is a secure environment on a smartphone where certain “trusted” applications run, like the one for your car, and protected from other “untrusted” applications, like games. This means that even if a security flaw in one app gave an attacker access to your phone, they would still be incapable of accessing your vehicle.
“The fundamental goal is to provide security for cars,” said, Zhang. “We want users to have confidence that they can safely use the application on their smartphone without fear of attack. As long your smartphone has the necessary hardware, such as the ARM Trust Zone feature, the solution should work.”
Hardware-based security solutions are becoming more popular as they prove to be more effective and efficient, Zhang said. When a hardware-based solution is built right into the device, remote attacks on the software are no longer relevant. And when a hardware-secured app for your car is paired with security that blocks physical access to your phone (such as keeping a password lock on at all times), the chances of getting hacked are even slimmer.