Cars are becoming extremely complex products. In the 1950s all it took was a mechanical engineer, today most vehicle control components are computer controlled. Even low-end cars have embedded more than 30-50 so-called Electronic Control Units (ECUs) that talk over Controller Area Networks (CANs). The number of ECUs is growing all the time: not only because of safety and emissions reduction but, lately, because of the emerging needs of the “connected vehicle”.
What really amazes me is the sheer number of lines of code of software running on all these ECUs, especially if compared to other products and computer software. A modern high-end car features around 100 million lines of code, and this number is planned to grow to 200-300 millions in the near future (see an old but famous IEEE Spectrum article). More interestingly, a revealing infographic on “Information is Beautiful” website shows how cars feature by far one of the biggest pieces of software in terms of size (see chart below). The comparison is impressive if you think that a F-22 fighter jet is less than 2 million, a Boeing 787 is around 14 million and even a cumbersome operating system such as Windows Vista is “only” 50 million.
If you think of it, equally impressive is the apparent quality of car software: considering such a high number of lines of code, and the daily flow of bugs and related patches in the IT world, it stands out how few bugs are reported for cars.
Worthless to say that this complexity, coupled with increased connectivity of upcoming vehicles, will also pose several security risks: such a large base of lines of code will be an evident target for nowadays sophisticated hackers worldwide. This is why auto manufacturers are more and more concerned about information security.
Photo by Jay Mantri