In-car antivirus becomes mandatory

Security Awareness
2 August 2023
Obbligo Antivirus in auto

Europe issues two new regulations to standardise anti-virus equipment in cars. Car manufacturers in turmoil.

It was 2017 when the film “Monolith was released in cinemas.
The thriller follows the story of a woman, Sandra, who, after discovering her husband’s betrayal, takes her two-year-old son and sets off in the Monolith, a super-technological, armoured car equipped with artificial intelligence that advises the woman to drive along a remote road to avoid the traffic. In a moment of distraction, the woman hit a deer, so she stopped and got out to check, handing her phone to her crying son to distract him. Unknowingly, the child starts touching the app used to control the car, until it locks from the inside, sealing it completely.
Him inside, his mother outside.

And so begins the ordeal of the woman who, in the middle of nowhere, must do everything possible to free her little son, who is being held captive in a bunker car.

Six years have passed since this film that seemed to depict an avant-garde, science-fiction reality. Yet, through the eyes of today, this story is not so far from reality.

We know that new cars are a powerhouse of technology, much more than just a means of transport. True connectivity units, linked with a number of integrated systems that control everything from engine control to satellite navigation. One only has to remember that a single car contains around 100 million lines of software code that manage its operation. In other words, just as we have forgotten about the old mobile phone that was used “only” for making and receiving calls, the old car that was invented to simply take us on 4 wheels from one place to another seems obsolete to us.

Without a doubt, all this technology has a charm that is hard to resist.
You no longer have to think about finding your way, or get a stiff neck when parking or reversing, or strain your wrist muscles changing gears, we can effortlessly choose the right temperature, the appropriate speed, the most suitable music for the type of journey, or maybe even watch a movie on the dashboard monitor while the car drives itself along the indicated route.
What could be more comfortable? After all, who would swap their smartphone for an old phone with no connection and no apps?

But we know that all that glitters is not gold. And above all, cybercriminals know this too, as they take advantage of every opportunity to infiltrate users’ lives and steal their most sensitive data or, in extreme cases, take control of vehicle functions.

With OTA (over-the-air) updates now almost daily, every vehicle (even commercial ones) could be subject to ongoing cyberattacks, which could undermine the safety of occupants and other road users.

This awareness of cyber crime is now widespread, even in cars, so much so that the European Commission itself has taken action by issuing two regulations aimed at standardising “anti-virus” equipment in cars.

The UN Regulation No. 155 and 156, from the name Uniform provisions concerning the approval of vehicles with regards to cybersecurity and cybersecurity management system affecting all European car manufacturers, have already come into force for all new models introduced from July 2022 and will become compulsory for all new vehicles produced from July 2024 onwards.

These regulations require car manufacturers to adopt various levels of protective measures to prevent potential attacks. This includes rewriting parts of the control code of each vehicle’s internal system to prevent the intrusion of malicious software, either through the network or through the Canbus diagnostic system.

Regulations provide for specific protective measures, including the implementation of constant, safe and secure software updates.

But these new regulations present significant challenges and investments for car manufacturers and software vendors who must comply strictly with the regulations, with no room for change, also because the regulations cover practically everything from managing cyber risks along the supply chain to providing safe and secure software updates.

In fact, companies such as Bosch and Continental, a leader in theautomotivemarket, have expressed concern about the need to review and potentially rewrite a huge amount of software code from scratch, an operation involving considerable expenditure and unplanned investments.

At the same time, Thomas Schafer, CEO of the Volkswagen Group, announced the discontinuation of the production of the e-UP! electric citycar in mid-2024, due to the prohibitive costs associated with upgrading the car’s electronic system.

“To keep it in production we would have had to integrate a completely new electronic architecture. That would have been too expensive. Therefore it was better to develop a new car straight away”, he said.

Whichever way you look at it, one thing is certain: the higher costs associated with compliance with the new regulations will result in higher car prices in Europe, and therefore fall on consumers. The gamble therefore is all to be played for. it will depend a lot on how the market will respond.

Of course, a consumer who is alert and properly trained in cybersecurity is less likely to fall victim to this other type of attack, from which we will have to defend ourselves in the very near future.
We have become connected beings. From telephones to computers, from household appliances to cars. Technology is part of our lives, almost like the air we breathe. Unless we decide to live in isolation on the top of a mountain, not knowing how to defend ourselves from cybercrime is a luxury we can no longer afford.

Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more