Security enhancement of over-the-air update for connected vehicles

Abstract

Similar to wireless software updates for the smartphones, over the air (OTA) update is used to update the software and firmware for various electronic control units (ECUs) in the connected vehicles. It is an efficient and convenient approach to update the software in the car and it will save the customers the visiting time to repair small bugs in the software. However, OTA updates will open a new attack vector for the hackers. They can possibly exploit the OTA channel to steal OEM firmware, to reprogram ECUs and even control the vehicle remotely. In this paper, we perform a comprehensive security analysis for the current OTA mechanism to understand its associated threats. We also propose an approach to secure the original OTA software update method by incorporating biometric iris scan and cryptographic checksum before updating the software and firmware over the air. These security enhancements can help to mitigate the threats by preventing unwanted and potentially malicious software updates through the OTA channel.