The flash download can only be executed if the correct flash driver is available and an ECU can be unlocked using the seed/key features. Once these obstacles have been overcome, anyone can re-flash new software on the ECU.
This rises some concerns on attacks to the ECU, e.g. by non-allowed tunings or overcome anti-theft procedures.
Increased security can be achieved using the Vector's Security component. It provides scalable security features based on cryptographic functions such as
- One-Way Hash functions
- Secret keys
- RSA methods of public/private keys (PGP)
The security component follows the standardized interface from the HIS.
This complex software has been developed in cooperation with Cryptovision, a specialist in security software and hardware products. This cooperation combines the knowledge of the security with the automotive industry standards for high quality and efficient automotive software.
For data encryption and/or decryption the Flash Bootloader can be extended by additional SW components and further products like e.g. CANdelaFlash or HexView are available on demand. The data stream that is transferred from the tester to the ECU is encoded using cryptographical methods like RSA or H-MAC.
Data encryption secures the data transport against third party software and unauthorized flashing.