Cybersecurity Risks of Automotive Over the Air (OTA) technology

Modern vehicles increasingly resemble supercomputers on wheels, with many electronic control units (ECUs) networked together as increasingly sophisticated software is installed and updated.

Similar to smartphones, vehicle OEMs will contact vehicle owners remotely about operating system updates that add new features and/or fixes, as well as software bugs and vulnerabilities.

Automotive OTA is a process by which OEMs can broadcast software over Wi-Fi or cellular (4G/5G/LTE) networks to the target vehicles. The intent is to update vehicle software and firmware as well as installing useful configuration information.

But all of this must be done securely, and over-the-air technology is still a relatively immature technology when it comes to safety-critical applications.

Software controls several components inside modern vehicles, including the Advanced Driver Assistance Systems (ADAS), along with the electronic dashboard, powertrain, and infotainment systems.

With OTA updates, cars could run more efficiently, stay up to date on technology longer, and benefit from improved EV battery performance.

These updates can be sent directly from the OEMs or through vehicle dealers.

This is already happening.

In 2020, Honda recalled 608,000 vehicles in the U.S. to fix software bugs that were causing instruments to show incorrect speed information, and other errors pertaining to the rear-view camera video. Software updates were performed OTA, which allowed Honda to realize cost savings by broadcasting updates simultaneously to many vehicles instead of bringing them into dealerships for the repairs.

Other updates can improve vehicle performance and safety, some of which can be done without the dealerships’ involvement, saving car owners time.

Broadly speaking, updates can be divided into two categories — critical and non-critical. Critical updates directly impact engine and powertrain performance and safety. Non-critical updates provide new features to infotainment systems, for example.

“Within the next 5 to 10 years, many vehicles will be software-defined,” said Robert Day, director of automotive partnerships for Arm’s Automotive Line of Business. “Software and firmware updates for ECUs will be easily performed with OTA. Much like updating the operating system of a mobile phone, the vehicles can do this at the shop, or parked somewhere with access to Wi-Fi. Most importantly, this can be done at the drivers’ convenience.”

According to Market Research Future, the automotive OTA updates market will grow approximately 18% from 2022 to 2030. Industry revenue is forecast to reach $14.47 billion by 2030, up from $2.89 billion in 2021. Some of the suppliers include Continental AG, Garmin Ltd., Delphi Automotive, NVIDIA, Robert Bosch GmbH, and NXP.

But OTA has its downside, as well. In October 2022, Tesla recalled more than 40,00 Model S and Model X vehicles built between 2017 and 2021 due to a software update issue, according to the NHTSA.

An OTA firmware release meant to update the calibration values of the electronic power assist steering system caused a different problem. Some vehicle owners experienced the loss of power steering ability after hitting a pothole or a bump, which required another OTA update to fix.

Another challenge is simply that implementing security in any market is difficult, especially in complex systems such as automotive, where the use of third-party IP is growing. That IP can be in the form of software or hardware, and if it is poorly designed or integrated, or so complex that it can never be completely verified and debugged, then it can open a door for cyberattacks.

“Transparency in this comes down to writing down the requirements, not having them scattered throughout the 500-page documentation and grouping them all together so that the users are very clear about the security functionality,” said Nicole Fern, senior security analyst at Riscure. “Good vendors will have that. But great vendors will also tell you where the limitations are because every solution that claims to offer some sort of security guarantee has weaknesses.

There is a certain point at which it cannot protect you because every solution can be broken eventually. When design teams are looking at the vast landscape of all the different IP that can potentially be integrated into a product, and how they should decide as to which one to integrate, it is important to look for vendors who are transparent about the strengths, but also what conditions the IP can no longer provide those guarantees in.”

Some OEMs are taking the lead, while others are adopting a wait-and-see attitude.

According to Electrek, OEM OTA capabilities are “all over the map.”

Some OEMs are trying to accelerate their OTA expertise by forming partnerships. For example, BYD, the first Chinese car manufacturer to offer OTA solution in 2018, formed a partnership with Aurora Mobile Ltd. in 2021 to provide additional OTA capabilities. Hyundai attempted to catch up by forming a partnership with NVIDIA.

So far, Hyundai’s OTA update capability is limited to only infotainment and maps.

While OTA faces many challenges, including incomplete testing, potential cyberattacks, adding full features to the offerings, and more, it is still a technology of the future, with more OEMs expected to participate.