Since FCA (FIAT group) introduced the first SGW (secure gateway) access gateway to its vehicles in 2017, many people have been asking themselves whether cybersecurity in the automotive industry is a way for manufacturers to protect their authorized service network or a necessity to ensure security?
To explain one of the most complex and controversial topics in the industry, connected vehicle security, we will first provide some data and facts.
There are currently 237 million connected cars on the world's roads, and manufacturers predict this number will grow to over 400 million by 2025. Like computers, cars using cellular connectivity can transmit data in real time, which increases their functionality but also exposes them to cyberattacks.
In 2015, a significant event took place that brought cybersecurity threats to the automotive industry's attention and sparked a widespread debate worldwide. In a controlled experiment conducted by Wired US, security experts Charlie Miller and Chris Valasek remotely took control of a Jeep Cherokee traveling on the highway at 62 mph (100 km/h). This experiment exposed serious vulnerabilities in vehicle systems that could lead to life-threatening situations.
Mattia Tonetto, TEXA's Cybersecurity Manager, points out that as vehicles evolve, the number of elements through which a hacker can attempt to gain access to a vehicle increases. These include keyless entry, Bluetooth, multimedia systems, ADAS systems, and even the EOBD diagnostic port. As Tonetto emphasizes, modern cars are increasingly connected to the internet and capable of operating autonomously. This is changing the entire industry – cars are becoming a fusion of mechanics and electronics, transforming into so-called cyber-physical systems.
In response to this situation, legislative changes were introduced, including the UNECE R155 standard, which, from 2022, focuses on ensuring uniform regulations for vehicle cybersecurity and cybersecurity management systems, requiring all vehicle manufacturers to type-approved new vehicles in accordance with its requirements. The UNECE R156 standard, on the other hand, addresses specific requirements for updating vehicle software.
It's easy to imagine that a hacker attack on a vehicle could have serious consequences for road safety . Therefore, manufacturers must be prepared to prevent such situations. The first company to implement system access security was the previously mentioned FCA (Fiat). In 2017, it implemented a "secure gateway" (SGW) to block access to diagnostics for selected vehicle systems, requiring user authentication and a temporary code to unlock access to diagnostics.
Like any externally connected device, diagnostic tools can also pose a threat to a vehicle. In the world of cybersecurity, a simple rule applies: anything originating from outside the vehicle's system can be potentially dangerous if not properly secured.
This may seem like an exaggeration to many, but it's actually about applying common sense—the same common sense that tells us to lock our doors to keep out uninvited guests.
Since 2017 
The TXT Multihub diagnostic tester from Texa (A: 0856025) is a multi-brand tester manufacturer, collaborating with car manufacturers to provide users of their diagnostic solutions with access to "protected" vehicles. TEXA has developed a registration and authentication system for diagnostic equipment users, which involves connecting to servers and entering the mechanic's personal data. Once the person seeking access to the vehicle is identified, a code is sent that unlocks the gateway for the time needed to perform the specific operation. Once the operation is completed, or after a specified time has elapsed, the vehicle is secured again, and external access is blocked.
The approach to vehicle diagnostics is moving toward increasingly secure connections to the vehicle . In the future, access to vehicle systems will likely require an even higher level of authentication—that is, confirming the user's identity. This means that diagnostic tools will need to meet new requirements to securely connect to the vehicle.
Heavy-duty workshops may experience these limitations, for example, on FCA (Fiat) commercial vehicles or IVECO trucks after 2017. Will others follow suit? We should know the answer to this question soon.
The automotive industry is changing rapidly. More and more cars are using advanced electronic systems and internet connectivity. If these changes aren't regulated by standards and regulations, they could introduce further complications and costs, especially for independent repair shops.
