Everything in your car, from the steering to the engine, is controlled by an ECU, or Electronic Control Unit. Each car has over 100 ECUs, and each one is a mini computer that could easily come under attack.
Cars used to be less technological, but built-in GPS systems and the ability to automatically call for help in emergencies has made motor vehicles more susceptible to attacks. Hackers can procure personal information from the ECUs in a car, car thieves can cheat these functions to get what they want, and people can even enable functions that they have not paid for.
However, there are ways of implementing IT security in vehicles, which are becoming increasingly important as cars become more technologically advanced. Dr. Christoph Krauß, who hails from the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, Germany, has come up with a solution that protects devices through hardware security modules, or HSMs. Like what nearly all major IT companies are doing, this solution is based on Trusted Platform Module 2.0, or TPM 2.0.
It allows for the simulation of all significant aspects of an ECU, enabling developers to work out all of the kinks despite not being able to test it out on the real thing before the product is finished. The hardware of the solution is effectively a "trust anchor," in which all cryptographic keys can be stored securely and security-related operations can be tested. It detects attacks and does not release the cryptographic key until the device is working properly, making sure that it is secure. In this way, the HSM software communicates with the hardware to make sure that the essential function is embedded in the core tasks of the ECU.
The Fraunhofer SIT research team used the same framework to develop an HSM demonstrator to control a car's infotainment features, which prevents unauthorized extraction of both the user's private information and the manufacturer's data. TPM security systems are in place in most computers, and is becoming more widely used in automobiles.