Bodywork shops must guarantee the cybersecurity of replaced or repaired parts in connected cars

This is one of the most controversial questions regarding the revision of the regulations that control the maintenance and repair of vehicles: how can an independent shop guarantee the cybersecurity of the data generated and processed by a connected vehicle? Legislation has made it clear that this security is something that must be assured by garages.

More and more devices that perform important driving functions are being installed in vehicles. These devices work thanks to connectivity technology and can eventually be affected by a collision. Fixing and replacing these components must be performed while guaranteeing the vehicle’s cybersecurity.

Cars must leave the shop with exactly the same cybersecurity that they had before the crash. Otherwise, the functions which are vulnerable to cybersecurity risks, due to their connectivity, could be hacked in order to alter the vehicle´s behavior. This could lead to critical situations, for example, if someone took control of the braking or the steering, or even hacked the cameras which provide the necessary information for the proper functioning of the advanced driver-assistance systems (ADAS).

Market analysts consider that, nowadays, most software-based controllers that manage vehicle functions and are damaged in a collision, which include cameras and sensors, will probably have to be replaced and not fixed, according to the OEM procedures. Some of them could be repaired, if the physical damage is around the part, such as in the case of a lens that is outside the camera. But the trend is to replace. The key added value for the bodywork shop in this type of repair involving “connected components” is the recalibration of these devices without harming cybersecurity. Having the adequate equipment and knowledge is essential in order to achieve this.