Blog
October 11, 2021
Electric vehicle security is essential with an increased amount of embedded software and connectivity features. For that reason, it is important that you understand electric vehicle security concerns, how coding standards can help mitigate those risks, and what tools you should use to improve electric vehicle security.
Read along or jump ahead to the section that interests you the most about electric vehicle security:
➡️ Accelerate EV software compliance with Static Analysis
Back to topElectric Vehicle Security Concerns
Electric vehicles rely on embedded software and connective functionality in order to operate efficiently. However, not all that software may be adequately safeguarded against potential software security vulnerabilities. In fact, the number cyberattacks on connected vehicles increased 99% from 2018 to 2020, according to a study from Uswitch.
If a software security vulnerability is exploited, a hacker could:
- Take command of the steering controls.
- Disable the brakes.
- Bypass vehicle control systems.
- Disable networks, range sensors, and cameras.
- Access personal information on other connected devices through the vehicle’s OS.
The most common electric vehicle security concerns that could allow a hacker to gain access to an electric vehicle, include the following:
Mobile Apps
Most connected cars utilize mobile apps to control functions through their infotainment systems. This includes GPS navigation, and Bluetooth phone operations, as well as storing smartphone-related data, like a phone’s list of contacts. However, these apps can also expose the vehicle — along with any connected devices — to security risks.
Electric Vehicle Security: Electric Vehicle Charging
In order to charge an electric vehicle, an app is often needed in order to communicate with electric vehicle supply equipment (EVSE), although in some cases it’s just as simple as plugging it in. However, there are several components of an EVSE that are susceptible to security breaches, which include:
- The communication channel between the vehicle and charging station.
- The mobile app that may be required.
- Firmware updates to the EVSE.
- The physical access points of the EVSE.
Connected Fleets
Connected fleets are particularly susceptible to targeted software security attacks by command-and-control (C&C) servers which can sabotage entire fleets of vehicles. A C&C server is a computer that is controlled by a hacker to send commands to systems that are compromised by malware and/or stolen data received from a target network
Once a hacker has hacked one vehicle, they can easily gain control of the rest of the fleet.
📕 Related Resource: Learn about the top 10 embedded security vulnerabilities.
Back to topKey Coding Standards for Electric Vehicle Security
With the volume of embedded software and increased connectivity in vehicles, compliance with ISO 21434 is essential for ensuring the security of electric vehicle software. ISO 21434 is an automotive standard that focuses on managing cybersecurity risks in every stage of the lifecycle of a vehicle and across the entire supply chain.
The standard has specific guidance for software development which are addressed by the use of coding guidelines, for example, MISRA C:2012 or CERT C for the C language.
Both guidelines identify functionality that may cause critical or unspecified behavior. In addition, defensive implementation techniques enable the electric vehicle software to continue to function even in the event of unforeseen circumstances.
ISO 21434 also requires integration and verification activities for the implementation and integration of components with respect to defined cybersecurity specifications. This can be achieved with static analysis.
A SAST tool — which includes static code analyzers, like Helix QAC and Klocwork — examines code continually throughout the development process and provides an in-depth analysis that identifies defects vulnerabilities, and compliance issues in the source code. This makes eliminating security issues easier.
📕 Related Resource: Learn more about how SAST helps to safeguard your software.
Back to topWhy Static Code Analysis Is Essential for Electric Vehicle Security
An industry standardized tool — specifically a static code analysis tool — should be used to effectively identify security vulnerabilities and weaknesses, as well as to enforce the recommended coding guidelines.
A static code analysis tool — like Helix QAC and Klocwork — can both verify compliance with coding guidelines and provide evidence of that compliance. This helps ensure consistency, correctness, and completeness for software security requirements.
Using a static code analysis tool helps you to ensure that your code is secure and compliant by:
- Enforcing coding standards.
- Detecting vulnerabilities, errors, and compliance issues earlier in development.
- Accelerating code reviews and manual testing efforts.
- Reporting on compliance over time and across product versions.
Experience the difference that Perforce static code analysis tools — Helix QAC and Klocwork — can have on the quality and security of your electric vehicle software. Request a free trial today.