Explore the critical role of secrets security in the era of software-driven vehicles. From code leaks to supply chain vulnerabilities, read how safeguarding automotive software is paramount for consumer safety.

As our company Komodo Consulting is researching this exciting field of interest, we have prepared a short analysis of some of the exploitable attack vectors. In the era of smart vehicles, In-Vehicle Infotainment (IVI) systems have become central to enhancing the driving experience. However, with increased connectivity comes heightened cybersecurity risks.

Technology has greatly transformed the automotive industry, bringing both advancements and new challenges. The reliance on connectivity and software in cars has opened the door to cyber threats, making cybersecurity a crucial concern for the automobile industry. With the increasing complexity of modern cars, there are now around 150 Electronic Control Units (ECUs) and an astonishing 100 million lines of code. Even simple functions like opening car windows require multiple software systems.

You're cruising down the highway in your sleek, state-of-the-art electric vehicle (EV). The hum of the electric motor is your soundtrack, the open road your cinema. Your dashboard, a symphony of lights and numbers, is a live feed of your vehicle's vitals – battery levels, tire pressure, energy consumption, and more. Suddenly, your phone buzzes. It's your EV's companion app, alerting you to an unexpected battery drain.

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is time to revisit the topic to see if driverless cars have taken a better direction.

Co-author: Matthias Maier, Product Marketing Director at Splunk. With increasing focus on implementing security standards within the digital supply chain, national and industry-specific certifications have become increasingly important. Today, we are excited to announce that Splunk Services Germany GmbH has become a TISAX participant. The alignment with TISAX requirements demonstrates Splunk’s continued commitment to support the heightened security expectations in the automotive industry.

The previous blog post in this series presented an introduction to secure software development for modern vehicles. In this blog post, we will do a deep dive on connected and autonomous vehicles (AVs) and focus on fuzz testing.

As technology continues to advance, the potential for hacking and cyber-attacks on various devices and systems has become a major threat. This has extended to the automotive industry, with increasing numbers of car hacks being reported. With the rise in the production of electric vehicles (EVs), these attacks have escalated in frequency and severity.

Fuzz testing is a popular testing approach used to find bugs in C/C++ and embedded software, particularly memory corruptions. It has proven effective for identifying obscure bugs that are difficult to find through other testing methods. This testing approach is increasingly being adopted by automotive companies to comply with new security standards, save time, mitigate costs, and improve software quality. Let's have a look at how fuzzing is helping all of these automotive companies.