Guardians of the Road — Part 1: Why Cybersecurity is Needed in the Automotive Industry?
Imagine the Internal Combustion Engine in a car. It requires a precise amount of Air, Fuel, Timing, etc. If any of these has an inaccurate amount, it may occur Pre-ignition, the phenomenon in internal combustion engines where the fuel-air mixture ignites before the scheduled ignition. It hinders the engine from functioning properly in its role.
This is the reason why we need the ECU.
What is the ECU?
This is a computer in a car called an ‘Electronic Control Unit’. It calculates the amount of a lot of things needed to be accurate and controls brakes, engine, and many functions in the car.
The car is full of many ECUs that communicate using CAN protocol for human safety.
What is the CAN?
It’s the most commonly used protocol for the ECUs to communicate with each other. When there was no CAN protocol, they used the Point-to-Point method to communicate. But it requires too many wires so that the weight of the car gets heavy. However, the CAN protocol is a bus linked with many ECUs, so it requires only two wires to communicate. That’s why the CAN protocol is necessary.
But there’s a critical problem with the CAN protocol. There’s no concept of Sender Authentication, which means once the attacker successfully penetrates the CAN protocol, the attacker can imitate every ECU. For example, if the attacker sends a message controlling the brake in the car, the braking will be performed…
This is the reason why Cybersecurity is in the Automobile Industry. We will dig into the CAN protocol in the next story.
Thank you.
