Cars are becoming extremely complex products. In the 1950s all it took was a mechanical engineer to build one, today most vehicle controls are electronic. Even low-end cars have embedded more than 30-50 so-called Electronic Control Units (ECUs) that talk over Controller Area Networks (CANs). The number of ECUs is growing: not only because of safety and emissions reduction but, lately, because of the emerging demand for a "connected vehicle.”
Today, a car can have as much as 100 million lines of code, more lines of code than a F-22 fighter jet. Over the past decade, the automobile’s role to consumers has been transforming from what was once perceived as a personal transportation vehicle to what is now quickly becoming a new mobile device facilitated by telematics systems.
Alissa Knight presenting at the Secure Car Conference 2016 in Munich, Germany
Consumers today are now twice as likely to purchase a car based on its technology than what was once for performance. According to a recent survey by Accenture Research, 39% of consumers surveyed said their primary consideration in choosing a new car is in-car technology compared to 14% who sighted performance as their primary motivator. With no surprise, this consumer demand has also spilled over into emerging markets, including China, Brazil, Indonesia, and Malaysia.
This connectivity is enabled through telematics systems. At its core, telematics deals with the services enabling vehicles to communicate over a telecommunications device, whether that be automatic crash notification to emergency services, roadside assistance, vehicle tracking, remote door services, navigation assistance, traffic assistance, concierge services, infotainment services, fleet management, and diagnostics.
Brier & Thorn performs security testing of all layers of the Telematics System over the entire attack surface that the TCUs use to communicate, including Bluetooth, WLAN, and cellular phone networks. All layers of a telematics system are tested, including the:
The security of the communication sessions of data in transit between the Service/Content Providers, Call Centers, and the TNOS are also tested as well as use of any encryption, including certificate exchange protocols.
We share our clients’ ambitions working to understand their reality and deliver true results – focusing on strategic decisions and practical actions. We align our incentives with our clients’ objectives so they know we’re in this together as a closely-held partnership.
The automotive division of a global manufacturing company in Stuttgart, Germany retained Brier & Thorn for security testing services of its telematics control unit (TCU) prior to the implementation inside fleet of connected cars.