The shift in the global automotive landscape is centred around technology and in the past few years, automakers have been cracking the code to make their products future-proof.

A standard Chevrolet Volt featured 4 million more lines of code than an F-35 Joint Strike Fighter Plane, and this was a decade back. As years progressed, automakers have been increasing the number of ECU’s in a car in order to grace it with more tech. However, worryingly, this has also created a new set of problems that the automakers have now begun to acknowledge. The vulnerability to cyber-attacks. Imagine a hacker single-handedly taking control of a handful of cars on the street.

Hence, in an effort to reverse the trend, the industry has now shifted their agenda to reduce the number of ECUs and cut back on unnecessary coding. For this, automakers, as well as cybersecurity authorities, are moving forward together.

Automakers are increasing the number of ECUs for added functionalities.

What Is Software Overload?

Apart from a soaring number of ECUs in a vehicle, a similar trend can be seen with connectivity. Step inside the cockpit of one of the concept cars showcased at any of the motor shows and you can estimate how vulnerable your car can be.

“There has been a rush to get systems internet-connected in order to provide additional services. At the same time, self-driving computers have also arrived,” says Director of Platform Solutions at GHS, Joe Fabbre. With an unaltered combination of safety-critical software and the entertainment-focussed ones, a vehicle has now become extremely vulnerable.

“Not enough thought has been put into the security architecture of the overall system. Luckily, we have not seen any malicious hacks in the wild, but researchers have proven that it is possible to perform remote attacks on these connected computers that now reside in cars.” Fabbre added.

The same risks became acutely apparent after one of the most high-profile connected car hacks to date. In July 2015, a pair of researchers – now working at GM’s Cruise Automation Unit – took control of a Jeep Cherokee…remotely. Later in 2016, in a similar incident, the same hackers returned, only this time, they used a laptop plugged in directly into the vehicle’s CAN bus to control the vehicle.

To put all these software under control, automakers are now consolidating multiple ECUs into single and more powerful processors.

“It is far easier to secure those systems if there is an underlying software component to keep applications separate and ensure they cannot interfere with each other,” explained Fabbre. “It is not only critical to the overall safety of a system but also security. Almost all security exploits occur when a hacker figures out how to take advantage of bugs in the software.”

A car's software supports more lines of code than a fighter jet.

Is More Code Calling For More Problems?

Eyeing high scale and high speed, automakers are now preferring off-the-shelf coding to save time and effort. These complex codes are causing vehicles to bloat, increasing the surface for the hackers to operate on.

According to the publication Code complete: A Practical Handbook of Software Construction, math proves that between one and 25 defects can be found per 1,000 lines of code. In addition to this, Fabbre estimates that in five years, roughly 0.05 vulnerabilities are discovered per 1,000 lines of code. This means for a vehicle that contains 50 million lines of code, 2,500 vulnerabilities will be discovered on the platform.

Keeping It Simple

The threat, as we see, is rooted in the underlying challenge where numerous functions in the car rely heavily on software today, calling for additional lines of unnecessary code. Hence, cutting out the excess and ensuring the software is as lean as possible, would be a viable solution for the automotive industry.

In today’s production practice, engineers often leverage software libraries where functions can be downloaded with a click. Development time can be slashed, but they inadvertently end up with extra code that is surplus to requirements.

“When most people sit down to write software, the code is overly complex. Taking a critical approach and carving it down to its simplest and most elegant form is a skill that takes many years of practice and experience,” concluded Fabbre.