Taking Software Piracy Out of the Driving Seat
With over 30 years’ experience in the hi-tech industry, I know that software piracy is nothing new, but I do know that it is changing and the automotive industry is one sector that is unfortunately seeing a growth in potential attacks.
So why and where is the automotive industry being hit hardest and what can be done to take software piracy out of the driving seat?
The Scale of the Problem
Software piracy is increasing generally and Software Alliance (BSA) research shows that nearly 40% of all software used worldwide is not properly licensed with software companies losing nearly US$46 billion a year due to unlicensed use.
There has also been ‘the 2020 effect’ and the shockwaves from the pandemic will be with us for some time to come. Our latest data analysis reveals an increase in instances of piracy by 44% in 2020, when compared like-for-like to the previous year.
Software piracy is also often accompanied by malware attacks and the BSA Global Software Survey reports that malware from unlicensed software costs companies worldwide nearly US$359 billion a year. Each malware attack costs an average of US$2.4 million, and a malware attack can take up to 50 days for a company to resolve.
These are all figures that make companies sit up and take notice, so let’s take a look in more detail at the software piracy that exists in the sector today.
A Focus on Automotive
The reasons that the automotive sector is being targeted more and more in software piracy are numerous and complex:
- The digitalization of the sector – and especially the increased dependency on software and electronics – has brought about a transformation, but also means greater vulnerability.
- The growth of connected vehicles and the V2X market, along with cloud-based applications and technologies provide more opportunities for attack.
- The advancements in autonomous driving mean that vehicles are moving to a complete reliance on the software that runs them, with each element potentially provided by different developers.
- And the sector has always had a complex ecosystem with a historically fragmented supply chain, which results in a lack of standardization and therefore is more susceptible to risk; and
- Finally, the sheer scale of the automotive industry across the globe and the trillions of dollars it generates make it very appealing to those who want a short-cut to a slice of that pie without the long-term investment that legitimate parties have made.
We have examples where companies have come to us without any suspected activity but want to check how their software products are being used. We carry out a piracy impact analysis on the software usage and often uncover what are shocking results for them.
For one vendor, a cracked version of their software had been downloaded nearly 24,000 times around the world, in less than a 12-month period. A post with download links to just one of their software products had clocked up nearly 21,000 views on a single site alone. They had no visibility or knowledge of any of this.
Across the Automotive Ecosystem
While the financial implications are extremely significant, it is not only the vendors’ lost revenue that affects the automotive industry, but also the wide-ranging associated damage caused by pirated software.
Most dealers and repair shops will buy genuine software to comply with the manufacturer’s spec, to provide the best service to their customers and protect brand and reputation. When illicit versions are being used by some, this creates unfair competition as they can potentially undercut pricing for what seems like the same service.
It may be, however, that the purchaser is unaware that they are buying counterfeit software, especially from what may appear to be genuine vendors. This leaves them potentially exposed and unable to provide their service when the regular software updates that legitimate companies will provide (and receive additional revenue for) do not materialize.
Unlicensed software also allows unauthorized repair shops to undercut the dealer network, as rogue operations are the channel for counterfeit parts. This is a concern as the parts can appear legitimate, especially with convincing trademarks and packaging, but they do not meet the standards manufacturers set when they insist on the use of genuine OEM replacement parts. As such, substandard products can lead to premature part failure and system breakdowns, which can result in inappropriate warranty claims or invalid warranty. There are also serious implications from the use of counterfeit parts with vehicle safety.
The Cost of Automotive Diagnostics Software Piracy
Diagnostics software is a particular target for piracy. There are already thousands of software applications with billions of lines of source code, and this will only grow as diagnostics continue to become more sophisticated.
Anybody buying a vehicle is paying for the development of this diagnostic software and it is in their interest to have the best diagnostics tools used to maintain the value of their vehicle, validate warranties, ensure safety, and avoid expensive repairs down the road. Consumers need to understand the importance of genuine technology, which will have the latest software patches and the most up-to-date diagnostics software to keep their vehicle running safely and efficiently, and not void the warranty.
Manufacturers lose money when they make warranty repairs that might not have occurred with genuine parts. The dealers, who sell vehicles with thin margins, are victimized when the service revenue is diverted to the secondary repair markets. Dealers need to make sure they explain to consumers the risks of counterfeit parts and the significance of software updates.
Importantly, it is also about protecting the valuable intellectual property the automotive industry owns – much of which today is software IP. This critical asset needs to be protected using the most advanced technologies available, as it is extremely vulnerable to misappropriation. The EDA and CAD software developer sectors are advanced in leveraging solutions to detect and report on counterfeit software, and they are experienced in taking legal action if they are victimized by pirated software. We work with a lot of these companies and there are common practices that can be shared across into the automotive sector.
“Each malware attack costs an average of US$2.4 million, and a malware attack can take up to 50 days for a company to resolve.”
The Automotive Industry Fighting Back
Many companies are fighting back by adopting the latest software piracy identification technologies that enable them to track illegal users, shut down rogue operators, and recover significant revenue. We can identify the users of crack software and apply telemetry data to pinpoint the repair shops providing the counterfeit parts and services.
For one client, our piracy impact analysis detected 4,000 machines using a cracked version of their software. This resulted in recovering $1.2 million in infringements, with ongoing investigations into a further $6 million and – from converting illicit users into licensed users – they gained around 100 new customers.
A case that got headlines around the world was when Mercedes Benz sued an aftermarket auto-parts distributor that had sold more than $17 million worth of its diagnostic software to independent repair shops in breach of Mercedes’ copyright. The company, TBC, was selling the copied software for $11,000, less than half the price of the genuine product, to bypass the Mercedes Benz dealer network. Mercedes succeeded in shutting TBC down and protecting its dealers.
In conclusion it pains me to say that software piracy is extensive within the automotive sector and will remain to be, unless positive and preventive action is taken. The impact is financially significant, causes reputational damage across the ecosystem and has potential safety issues.
There are proven anti-piracy solutions available to solve the problem and the automotive industry is adopting these to take the step to protect valuable intellectual property from copyright infringement and to take software piracy out of the driving seat.
Ted is co-founder and CEO of Cylynt. His high-technology experience spans 30 years in electronic design automation (EDA), semiconductors, defense electronics, RF/microwave circuit design, and cybersecurity.