Audi and Infineon Comment on Function on Demand Cybersecurity

author: Mia Bevacqua   

When consumers want a new feature on their phone, they download it over the air (OTA). A similar approach is being integrated into vehicles in the form of a technology called "Function on Demand". While this layout provides opportunities, it also increases cybersecurity challenges.

Greater possibilities

With Function on Demand, consumers will no longer be limited to the equipment a vehicle was sold with. The latest and greatest features can be downloaded OTA and paid for with a credit card. The upgrades can even be purchased for a limited time (a road trip, for example).

At the recent SAE WCX conference, Audi electrical engineer Rolf Schneider pointed out how modern vehicles benefit from OTA updates. For one, the design provides a quick and easy way to update electronic control units. Since cars will have hundreds of modules onboard, this will significantly increase efficiency. Especially in drive-by-wire systems, break-by-wire system, etc.

Security challenges

The concept sounds great – and it is. Unfortunately, Function on Demand also provides potential exploits for cybercriminals. Since most OTA updates must be installed through the vehicle's gateway, defense challenges increase.

Audi and Infineon see Function on Demand as a design worth keeping – even if it must be done cautiously. The two companies aim to benefit from the technology while also minimizing risk.

Of course, most vehicle systems are protected by software-implemented security keys. Rolf Schneider notes, however, that these passwords are difficult to get back once they've been compromised. He also notes that software is easily hacked using standard tools.

Once the system has been compromised down to its core embedded functions (it's "root of trust"), it's tough to save. Using non-standard propriety code can help defend against such an attack.

As manufacturers roll out OTA updates, industry and media focus will continue to be directed towards cyber-security.

Source: SAE

Mia Bevacqua

Mia is an ASE Certified Master Automobile Technician, L1, L2 and L3 Advanced Level Specialist. She has over 12 years of experience in the automotive industry and a bachelor’s degree in automotive technology. These skills have been applied toward content writing, technical writing, inspections, consulting, automotive software engineering.