But how do cyber criminals manage to get their hands on vehicle data in the first place? "Hardly anyone tries to tap the encrypted information in transit today. The encryption is too complex for that. Instead, hackers are targeting vulnerabilities at the ends — the vehicle itself, the backend or the networked infrastructure," says Eisenbarth. Cars now have around 100 different control units. Each of them contains its own software and they are all connected. Thus, every ECU is a potential gateway for cyber criminals and must be protected accordingly.
"On the ECUs, there is not enough computer capacity for the encryption that would otherwise be used. This is a potential vulnerability," explains Eisenbarth. To close this gateway, manufacturers and suppliers are increasingly using physical hardware security modules (HSM), physical modules on which the key is directly stored and which protect and manage it. "Such hardware security modules will soon be an integral part of every ECU," Eisenbarth added.