Automotive Security – Part 1 (101 – Automotive Security Introduction)
Automotive Security is not just physically hacking a car/vehicle. It is only a very little and crispy part. While thinking like an attacker/adversary targeting a Connected vehicle you’re looking at the entire ecosystem of the vehicle. Which contains both how it is communicating to outside entities and how it is working inside the vehicle.
Cars are prior means of transportation, in older cars they had basic electrical wiring as time went on the demand for more features was increased to gain competitive advantage and also comply with new regulations, as we are literally and figuratively turning the corner into the era of the driver-less or connected autonomous vehicle, securing automobile landscape will become even more important and dangerous.
Today, a car is not just a powerful motor vehicle, it is connected to wireless networks, apps and electronic components, sensors, and actuators. Malicious hackers/adversaries are penetrating vehicle networks, putting the automotive industry in a position where end-to-end security is a must.
A connected vehicle requires enormous processing power and several communication channels for the electronic components to compute and communicate. vehicles today are defined by their software. With so much connectivity (V2V, V2I & V2X) vehicles must be secure by design. but, in general, a vehicle/car contains more than 100 ECUs manufactured & developed by different OEM vendors.
More than 100s of millions of lines of code are being used by a vehicle to control different ECUs from safety components (acceleration, gears, breaks, etc.) to Infotainment hubs and from GPS to playing music, the overwhelming amount of software can cause security gaps in a vehicle. these gaps are the potential attack points for an attacker/adversary. anything online is a target for cyber attackers. a hacker can put not just users’ personal information at risk, but their physical safety as well. if the gap is between a poorly secured ECU connected with critical components of a vehicle, it will make a fleet of vehicles vulnerable.
Possible remote attack scenarios
If a vehicle’s computer systems aren’t properly protected, hackers can steal data or even take control of the vehicle. these threats are not just theoretical. Security researchers Charlie Miller and Chris Valasek made international headlines back in 2015. when they remotely hacked into a Jeep Cherokee driven by a reporter for Wired magazine. They took control of the air conditioning, wipers, accelerator, and brakes remotely.
After 2015, many researchers shared their findings in conferences all over the world shared their work in hacking car companies & OEM’s backend servers. Once an attacker/adversary gains access to a backend server he/she now has the potential to deploy fleet-wide attacks. at this point, it is very dangerous, because the backend server is a trusted platform for pushing secure OTA (Firmware/Software) updates to a fleet of vehicles. He can either take control of propulsion/brakes/steering or he can push a malicious update.
OEMs and Tier 1s might severely get impacted if any researcher finds a vulnerability that has heavy potential to make cars/vehicles that are on the road remotely hackable. if they can’t be fixed through an OTA update. automakers will have to bring all the cars/vehicles in-house to fix those vulnerabilities.
To manage all the ECUs and their functionality, it’s a heavy job. Imagine something went haywire. Manually finding the torn-out component is a nightmare. Manufacturers came up with an On-Board Diagnostics port (OBD-II) for these kinds of diagnostic troubles.
Modern OBD implementations use a standardized digital communications port to provide real-time data in addition to a standardized series of diagnostic trouble codes (DTCs). In other words, each network bus in a vehicle will be connected to the OBD-II diagnostic port. A test device from OEM simply sends a Unified Diagnostic Service (UDS) command to read the DTC information.
If we are ultimately concerned about attacks that can endanger life and property:
- Telematics ECU/Gateway authentication and integrity (V2X).
- Malware/Backdoor gaining control and communication of a critical ECU (Rootkit).
- Communication disruption (Spoofing/Dos) in a critical network bus of the vehicle.
- Original component/software being replaced with an infected counterpart.
- Sensor data validation (Radar/Lidar etc.).
What exactly Automotive Security comprises of ?
In the bigger picture, a connected vehicle can see (sensors & cameras), listen (Multimedia & voice assistants), and update itself by connecting to the OEM backend. For example, an attacker/adversary can make happen a set of instructions, when you cross a particular GPS coordinates your vehicle might kill the brakes or when it sees a red traffic signal it can Overspeed, or when you’ve hit an obstacle, the airbags might not get deployed.
When we look at a secure car/vehicle, it must have:
- Secure OTA and physical updates.
- Protected In-vehicle and external communications.
- Hardware security of electronic components.
- Security of different software’s and apps used.
- Secure communications through OBD-II port.
Manufacturers are adding more electronic components to cars/vehicles every year. insecure integration of different OEM & Tier 1 supplied parts may generate potential spaces in car/vehicle architecture. which an attacker/adversary can leverage to hack into the car/vehicle. simple bugs or security gaps can be joined to access/attack an entire fleet. in these cases, there damage will be catastrophic.
To make a car/vehicle secure, we must implement encrypted, authenticated, and protected communications both within and outside by working closely with OEM’s, Tier 1’s, and companies.
We hope this blog post gave you a good high-level overview of Automotive security. If you are reading up to this point, you are very much interested in Automotive security. This blog post aimed to give you a basic idea about car hacking. Going forward, the next blog post will describe the attack surface of cars/vehicles. I hope you enjoyed reading this as much as I enjoyed writing it : )
Payatu is a research-powered cybersecurity service and training organization specialized in IoT, embedded, mobile, cloud, infrastructure security, and advanced security training. We offer a full IoT/IIoTT ecosystem security assessment, including hardware, firmware, middleware, and application interfaces. If you are looking for security testing services then let’s talk, share your requirements: https://payatu.com/#getstarted Payatu is at the front line of IoT security research, with a great team, and in house tools like expliot.io. In the last 8+ years, Payatu has performed, security assessment of 100+ IoT/IIoT product ecosystems and we understand the IoT ecosystem inside out. Get in touch with us. Click on the get started button below.