未来某天，你也许会发现自己的发动机转速指针快速从“零”跳到“爆表”，又即刻回零，而后不断反复，而你在整个过程中其实什么也没有做，放佛有一股“外部力量”完全控制了你的汽车。

“这叫做短信息欺骗（SMSspoofing），也就是说黑客利用手机等其他电子设备，通过访问车主安装的车辆App来更改车辆设置，包括锁门/开锁等。”哈曼（Harman）北美网络安全业务开发部总监Geoffrey Wood表示，“我们的软件则可以防止这种对车辆系统的入侵。”

在哈曼国际位于密歇根州诺维市的北美汽车总部中，公司正在演示向一辆处于停车状态的汽车进行的仪表盘入侵，以及其他基于远程控制的网络攻击。

驾驶员如果注意力分散，可能很麻烦，甚至很危险。如果黑客控制了车辆的制动和转向系统，后果更是不堪设想。

Wood向《汽车工程》介绍说，“尽管汽车制造商已经采取了大量的网络安全措施，但据我们所知，目前并没有任何厂商的汽车配备了入侵检测系统。”

但这种情况可能很快就会改变。目前，哈曼国际正在与多家汽车制造商就相关事宜进行商讨。Wood表示，公司的车辆入侵监测系统预计将在2019年登陆一款全球范围内使用的汽车平台。

目前，哈曼公司是唯一一家可以提供TCUShield、ECUShield入侵监测系统及Alerts Monitor后端网络安全分析平台等端到端网络安全汽车解决方案的公司。2016年，哈曼国际收购了以色列网络软件公司TowerSec，为公司的“5+1”产品安全架构增加了用于信息娱乐系统和远程通信单元的TCUShield，及用于ECU单元的ECUShield。

现阶段，尽管一些其他供应商也可以向客户提供网络安全检测解决方案，但哈曼工程师认为，公司的端到端解决方案拥有一个竞争优势。“你肯定希望所有组件都能协同工作，”Wood表示，否则系统整体就可能出现漏洞。

汽车网络安全系统面临的挑战之一在于，车辆内置微控制器模块的存储空间非常有限。

“入侵检测系统在网络管理中已经非常常见，但这些大型服务器的内存空间非常充裕，”Wood解释说，“而很多精专于网络管理的公司都无法克服汽车中所特有的空间有限难题。”

哈曼宣称，公司的入侵检测系统已经通过了由多家汽车厂商进行的各种网络安全测试。厂商会向哈曼提供车辆，以安装哈曼的系统，而后进行有针对性的校准测试。接着，“白帽”工程师们会开始发起网络攻击，进行试验。伍德说，“但我们事先并不知道他们会如何进行攻击。”

目前，多家专攻网络安全的公司都在拼命争夺来自汽车厂商的业务。

“我们的产品已经通过了无数次网络安全测试，经过了不同厂商、多个汽车平台的验证。”Wood指出，“无一例外，我们的入侵检测系统全部通过测试，表现远超过其他竞争对手的产品。”这说明，哈曼的入侵检测系统及其OTA漏洞修复功能非常稳定，适用于多个厂商的汽车平台。

A vehicle’s engine tachometer needle rapidly jumps from zero to redline, dives back to zero, then repeats again and again—without a driver behind the wheel. An external source has taken control of your car.

“It’s called SMS spoofing. The hacker uses a cell phone or other electronic device to access the vehicle through the vehicle owner’s app for car settings, like doors lock/unlock," explained Geoffrey Wood, Director of Business Development North America for Cyber Security at Harman. "Our software can prevent that vehicle intrusion.”

Vehicle gauge mayhem and other remotely instituted cyber attacks on a parked vehicle were part of a recent demonstration at Harman’s North American automotive headquarters in Novi, MI.

Distracting the driver is troublesome and potentially dangerous, and it’s an absolute security risk if a hacker takes control of a vehicle’s braking and/or steering systems.

“Although automakers have taken numerous cyber security measures, to our knowledge no vehicle from any OEM is currently equipped with an intrusion detection system,” Wood told Automotive Engineering.

That could soon change. Harman is in discussions with automakers and Wood indicated that his company's intrusion-detection system could debut on a global vehicle platform in MY2019.

Harman is the only company providing an end-to-end cyber security vehicle solution via its TCUShield and ECUShield intrusion-detection systems and its Alerts Monitor backend cyber security analysis platform, Wood claimed. The company's 2016 acquisition of the Israeli cyber-software firm TowerSec added the TCUShield, which is integrated into infotainment systems and telematics units and ECUShield, embedded in ECUs, to Harman’s 5+1 security architecture.

Several suppliers offer cyber security detection solutions. But Harman engineers believe their company's end-to-end solution is a competitive advantage."You want all of the pieces to work together," Wood said, or else vulnerabilities within the overall solution are created.

One of the challenges with cyber security for vehicles is the limited memory space available on a module’s embedded micro controller.

“Intrusion detection systems are used in network management already, but those big servers have unlimited memory space,” explained Wood, “We’ve already seen network management specialist companies not be able to overcome the automotive world’s limited-space hurdle.”

Harman claims its intrusion-detection systems have passed various cyber security tests administrated by different OEMs. They provide a vehicle and Harman embeds its product on it, then calibrates and tunes it to the specific car or truck. Engineers then launch a cyber attack. "We have no clue beforehand what the attack will be,” Wood noted.

Several cyber security specialists are vying for business from automakers.

“We’ve gone through numerous cyber security tests at several different OEMs across several vehicle platforms," he reported. "And in every instance, our intrusion detection system has been proven to be best in class over the competitors." This has shown that Harman's intrusion- detection system and its over-the-air (OTA) vulnerability fix product is stable, regardless of the OEM or the vehicle platform, he added.

Author: Kami Buchholz
Source: SAE Automotive Engineering Magazine