Free Trials

Download a free trial to find out which Altium software best suits your needs

How to Buy

Contact your local sales office to get started on improving your design environment

Downloads

Download the latest in PCB design and EDA software

  • PCB DESIGN SOFTWARE
  • Altium Designer

    Complete Environment for Schematic + Layout

  • CircuitStudio

    Entry Level, Professional PCB Design Tool

  • CircuitMaker

    Community Based PCB Design Tool

  • NEXUS

    Agile PCB Design For Teams

  • CLOUD PLATFORM
  • Altium 365

    Connecting PCB Design to the Manufacturing Floor

  • COMPONENT MANAGEMENT
  • Altium Concord Pro

    Complete Solution for Library Management

  • Octopart

    Extensive, Easy-to-Use Component Database

  • PRODUCT EXTENSIONS
  • PDN Analyzer

    Natural and Effortless Power Distribution Network Analysis

  • See All Extensions
  • EMBEDDED
  • TASKING

    World-Renowned Technology for Embedded Systems Development

  • TRAININGS
  • Live Courses

    Learn best practices with instructional training available worldwide

  • On-Demand Courses

    Gain comprehensive knowledge without leaving your home or office

  • ONLINE VIEWER
  • Altium 365 Viewer

    View & Share electronic designs in your browser

  • Altium Designer 20

    The most powerful, modern and easy-to-use PCB design tool for professional use

    ALTIUMLIVE

    Annual PCB Design Summit

    • Forum

      Where Altium users and enthusiasts can interact with each other

    • Blog

      Our blog about things that interest us and hopefully you too

    • Ideas

      Submit ideas and vote for new features you want in Altium tools

    • Bug Crunch

      Help make the software better by submitting bugs and voting on what's important

    • Wall

      A stream of events on AltiumLive you follow by participating in or subscribing to

    • Beta Program

      Information about participating in our Beta program and getting early access to Altium tools

    All Resources

    Explore the latest content from blog posts to social media and technical white papers gathered together for your convenience

    Downloads

    Take a look at what download options are available to best suit your needs

    How to Buy

    Contact your local sales office to get started improving your design environment

    • Documentation

      The documentation area is where you can find extensive, versioned information about our software online, for free.

    • Training & Events

      View the schedule and register for training events all around the world and online

    • Design Content

      Browse our vast library of free design content including components, templates and reference designs

    • Webinars

      Attend a live webinar online or get instant access to our on demand series of webinars

    • Support

      Get your questions answered with our variety of direct support and self-service options

    • Technical Papers

      Stay up to date with the latest technology and industry trends with our complete collection of technical white papers.

    • Video Library

      Quick and to-the-point video tutorials to get you started with Altium Designer

    Over-The-Air Connectivity Means Quick Updates, but New Security Challenges

    May 15, 2017

    Update button on keyboard

    Thanks to the accelerating pace vehicle systems are being computerized, updating and securing control firmware is a new responsibility for automotive manufacturers. Over-the-air connectivity means crucial patches, especially those closing security holes, can be silently pushed to thousands of cars without user intervention. That said, it’s important to realize that an over-the-air solution presents a double-edged sword: if not implemented properly, vehicle hardware systems can be exposed to attack. It’s absolutely critical to ensure that not only the update system is itself secure, but that the design approach used is inherently resilient.

    Picture yourself driving a car. It’s a new model that you just bought, and so far you love it. You’re on your freeway commute, the stereo is playing your favorite music, air conditioning is just right. Suddenly, the stereo shuts off. That’s odd, you think. Did you hit a button? Then the air conditioning stops, and the vents start blasting full heat. What is going on here? As you investigate, the brakes suddenly come on, full force. The car behind honks wildly, only just swerving to avoid a rear-ending. Terrified, you make your best effort to pull over. Despite your vain attempts to figure it out, nothing explains your car’s outright rebellion. For an automaker, it’s a public relations disaster.

    Thief hacking car from laptop
    Everyone’s worst nightmare, someone externally taking over your car while you’re in it!

    An Avoidable Problem

    This nerve-wracking situation might seem far-fetched, but a group of computer hackers showed it was entirely possible. As documented by Wired Magazine, nearly all of the key systems of a late-model Jeep Cherokee could be controlled remotely. A vulnerability in the SUV’s “UConnect” system, shared amongst Fiat Chrysler Automobiles’ entire lineup, enabled an internet-based attack via the system’s built-in cell connection. Since nearly all features of the Cherokee are electronically controlled, it turned a two-ton vehicle into a glorified RC toy. Once they learned of the hacking experiment, Fiat Chrysler was forced to recall 1.4 million similarly equipped cars at great expense. However, the fracas could have been easily resolved using over-the-air updates.

    A Solution: Over-the-air Updates

    Thanks to the accelerating pace vehicle systems are being computerized, updating and securing control firmware is a new responsibility for automotive manufacturers. Over-the-air connectivity means crucial patches, especially those closing security holes, can be silently pushed to thousands of cars without user intervention. That said, it’s important to realize that an over-the-air solution presents a double-edged sword: if not implemented properly, vehicle hardware systems can be exposed to attack. It’s absolutely critical to ensure that not only the update system is itself secure, but that the design approach used is inherently resilient.

    Best practices for over-the-air updates are still evolving, but can be readily summed up: keep things separated. The more layers, obfuscation, and sandboxes added to key vehicle systems, the better. In practice, this means target assets such as Engine Control Units and the Controller Area Network need to be firewalled from infotainment and telephony hardware and updated separately. While the cost-saving benefits of a consolidated design approach are attractive, a stratified approach is much more resilient.

    Designers of embedded hardware should also consider using more off-the-shelf solutions, especially those that run on industry-standard operating systems. Not only will this reel in development costs, but an in-house approach might not give enough attention to potential security holes. Finally, for absolute security, consider leaving out the most critical systems outside of an over-the-air update program. Master ECU’s and airbag controllers, for instance, can be updated during dealer visits and technical service bulletins.

    Yellow sign saying “Work In Progress”
    Getting OTA updates to be completely secure is still a work in progress

    Security without Compromise: The Over-the-Air Manager

    That last point might seem like a cop-out, but it doesn’t need to be. It is possible to keep all vehicle systems updated securely, but it demands a little rethinking through a novel approach. Using an independent over-the-air manager,  or a lightweight computer in charge of updates assures maximum security. This unit, which firewalls critical systems from the actual communication equipment, acts as a “passport control” for incoming firmware updates.

    Using either built-in encryption/decryption or a cryptographic checker, the over-the-air manager verifies the update file to ensure authenticity. If the firmware has been tampered with or is fake, the over-the-air manager rejects the file. When implemented along with communication security, such as TLS, this system is theoretically bulletproof. Critical hardware controls remain isolated and firmware updates can be distributed without worry.

    Automakers are gradually coming to grips with the new responsibilities that modern car systems create and the role security plays. At first glance, it may seem like a secure, robust solution is resigning developers to greater cost and overhead. However, that needn’t be the case. Through the use of a modern security-aware development tool, like Altium TASKING®, high levels of resiliency won’t be a headache. provides an integrated development environment for embedded systems and is designed with the unique needs of automotive applications in mind.

    MISRA C and CERT C compliant, allows rapid development for stratified hardware units without sacrificing reliability or security. Its cost-effectively enables over-the-air updates with targeted firmware development and a long list of supported hardware solutions. Most importantly, makes it easier and simpler to create fast compiling, low impact code that is highly resilient to vulnerabilities and attacks. Talk to Altium today to learn more about and what it can do for your particular automotive application.

    most recent articles

    Back to Home