Cyber security: such measures in the car do not only thwart hackers

05-11-2020

It all started with the OBD2 interface at the end of the 1990s. This was deliberately left open for the purpose of servicing cars, but it soon became clear that the technology was a potential safety risk. Hackers could easily crack the OBD2 interface and thus manipulate the most diverse kinds of driving functions. In the meantime it is no longer just about OBD2: basically, all data interfaces represent a potential security risk. 

This was experienced first hand in a particularly painful way by those responsible for the Chrysler brand. Their Jeep Cherokee was hacked without further ado twice, making a huge impact in the media. First of all, the hackers cracked the automatically generated WLAN password and thus gained access to critical driving functions. A little later they hacked their way into the SUV via the OBD2 interface and hijacked the steering, amongst other things. The damage that hackers can cause is therefore immense.

Advantages and disadvantages of protected diagnostic access

One thing is certain: the challenges in the field of so-called "cyber security" are not becoming less significant and they are certainly not decreasing in number. More and more cars are online, modern cars today are rolling computers. Via interfaces such as WLAN, Bluetooth, keyless systems and, of course, via the OBD2 connector, criminal hackers have numerous possibilities of invading the interior workings of cars. And, at the latest, with the advent of automated driving, the widespread danger will become a real concrete threat. Because if cars are to communicate with one another and with traffic infrastructure such as traffic lights, it becomes clear what hackers could do if they succeed in breaking into this sensitive system. Therefore car manufacturers and suppliers are treating the problem with the seriousness it warrants.

The car manufacturers began to develop a kind of firewall for their cars, the so-called security gateways (SGW). Following Fiat Chrysler Automobiles (FCA), which protects its current models against unauthorised access by implementing security gateways, now Volkswagen and Mercedes-Benz have also put in place initial measures. The problem: not only hackers can be locked out in this way, but also independent workshops will increasingly be unable to access maintenance and diagnostic data with their multi-brand diagnostic equipment.

Access to car data: Hella Gutmann is working on a solution for independent workshops

Companies like Hella Gutmann have been working flat out on practical solutions for some time now. Back in the spring of 2020, Hella Gutmann introduced an SGW adapter for FCA. This can be used with every kind of diagnostic equipment: it is simply plugged in between the OBD interface and the mega macs diagnostic unit and connected to an internet-capable laptop via a USB cable. After successful registration in the FCA portal and receipt of a digital key, the security gateway is then unlocked. 

The mega macs software from Hella Gutmann is to receive a "Cyber Security Management" update.

The full implementation of a comprehensive "Cyber Security Management" in the mega macs software is planned for the end of 2020. Depending on the makes and their security systems, this OE-compliant embedding will then also enable the selection of various manufacturer portals and the relevant activation direct from mega macs. The declared goal: the making available of a time-saving, multi-brand solution for independent workshops. Because even though cyber security is important: independent workshops should continue to have access to the diagnostic data of their customers' vehicles.