The evolving mix of technologies driving change in the worlds of computing, digital communication, the control of processes, and the growing Internet of Things are fueling changes in the automotive industry. Onboard computers have been a part of motor vehicles for some time now, and technological improvements have given rise to a new breed that includes self-driving, self-regulating, and intelligently reporting cars, vans, and trucks in which automation and personalization play as much of a role as oil and gas.
Internet connectivity, user authentication, smart devices and circuitry figure largely in the operations of this emerging generation of vehicles. But unlike the Information Technology sector, operating system changes, tweaks, new tools and software can’t be rolled out to production lines and users already on the road with anything yet approaching real-time response.
The pace of change is still slow by comparison, and for the automotive industry, this has serious implications for the identification of security vulnerabilities – and the measures needed to remediate and patch them.
Automotive Cybersecurity – Glitches and Recalls
A number of incidents have already occurred to raise concerns in the automotive security sector – beginning with the revelations at 2015’s Black Hat USA gathering that vulnerabilities in Chrysler’s 2014 Jeep Cherokee could be remotely exploited by hackers.
This year has seen researchers from one of Europe’s largest automobile clubs (the ADAC) demonstrating how the keyless “comfort locking” mechanisms gaining popularity in the market are no proof against tech-savvy thieves. An inexpensive and readily available hardware tool can be used to bypass the locking mechanisms of entire ranges of vehicles in the Volkswagen group comprising Alfa Romeo, Chevrolet, Ford, Lancia, Opel, Peugeot, and Renault.
Security flaws in BMW’s ConnectedDrive system may be exploited to tamper with vehicle settings. And a mobile app has been developed that’s capable of remotely controlling Mitsubishi’s Outlander hybrid SUV.
Early discovery of such flaws at least enables auto manufacturers to take the necessary steps to correct them before damaging and even more news-worthy events occur on the street. But there’s still plenty of scope for the kind of financial losses and reputational damage that have accompanied high-profile failures and the subsequent recall of thousands or even millions of vehicles due to mechanical issues.
Automotive Cybersecurity – “A Real and Present Danger”
In a joint statement issued with the US National Highway Traffic and Safety Administration and the Department of Transportation, the Federal Bureau of Investigation (FBI) has declared this year that it officially considers car hacking “a real and present danger” that vehicle manufacturers and the general public should be wary of.
Automotive Cybersecurity – An Industry Response
Now that the problem is out in the open and being taken seriously, the automotive industry has set up some initiatives to deal with the emerging security issue.
Efforts have begun at the small scale, with the “bug bounty” program recently launched by Fiat Chrysler Automobiles, which currently offers a maximum reward of around $1500 for issues and vulnerabilities discovered by researchers and the general public.
In terms of oversight, a non-profit syndicate called the Automotive Security Review Board (ASRB) was formed in June 2016 to endorse a more proactive approach to cyber-security issues in the design and manufacture of motor vehicles. And a detailed Automotive Cybersecurity Best Practices document has been compiled by members of the Automotive Information Sharing and Analysis Center (Auto-ISAC).
Other industry initiatives address more specific aspects of design and implementation. Notable among these are:
- E-safety Vehicle Intrusion Protected Applications (codenamed EVITA): An architecture for securing onboard networks co-funded by the European Commission, with emphasis on developing secure components and protection for sensitive data.
- ISO/IEC FDIS 20243 Information Technology and Open Trusted Technology Provider Standard (O-TTPS): Designed with the initial purpose of mitigating counterfeit and maliciously tainted products, these recommendations are due to become an international standard for overseeing and auditing the security of manufacturing and supply chains.
- Secure Hardware Extensions (SHE): Developed by German OEM consortium Hersteller Initiative Software (HIS), these chip-resident extensions help isolate encryption keys and provide cryptographic services to the application layer of automotive systems.
- Trusted Platform Module (TPM): Authored by the Trusted Computing Group (TCG) and standardized as ISO/IEC 11889, the module is designed for dedicated microprocessors integrating cryptographic keys into a range of devices.
Automotive Cybersecurity – Practical Challenges
The slow development cycle typical of the automotive industry is one of the principal hurdles that needs to be overcome. Long certification periods are required before new technologies may be introduced. And if those changes are required to mitigate vulnerabilities existing in products already in general use, those weaknesses will be out there and exploitable, throughout this time.
Even when improved technology becomes certified and available, rolling it out to users (who in this case are motorists in all corners of the globe) introduces potentially huge logistical problems.
A Moving Attack Surface
The nature of the hardware itself (connected motor vehicles) is lending to increased risk.
It’s no longer necessary for hackers or hijackers to be seated in their target vehicle, plugged into its onboard diagnostics (OBD-II) port – they can now gain access to this remotely. The keyless entry systems which allow vehicle owners to enter, leave, lock, stop, or even start their engines without removing the physical keys from their pocket or purse often don’t use digitally signed (by the car and the keys) position and proximity data from cellular, GPS, WiFi or accelerometer telemetry.
Bluetooth technology still enables connections to a vehicle owner’s mobile devices – and potentially to those of a malicious intruder. Vulnerabilities within the Bluetooth implementation itself and related IVI systems (often used for streaming data in navigation and entertainment apps) are another potential attack vector. Existing CAN bus and FlexRay bus protocols also don’t provide sufficiently secure means for interacting components to authenticate each other.
Connectivity dictates that today’s vehicles operate on a number of levels: Cloud-based infrastructure and applications, data center operations, data connections, and on-board modules including the body control module (BCM), single board computer (SBC), smaller sensor modules and the chips driving them, and the bus protocols interconnecting everything. Unsecured, all of these present multiple avenues of potential attack.
Automotive Cybersecurity – Writing Security into the Blueprints
Given the opportunities being presented to would-be assailants, there’s now an inter-relationship between vehicle safety and automotive security which needs to be addressed. Beyond the potential for physical injury and catastrophe with the hijacking of steering controls or braking systems, there’s the possibility that the emerging breed of smart transportation applications (traffic and intersection monitoring, collision avoidance, etc.) could be compromised – with attendant consequences.
The targeting of specific models or brands by criminal organizations using ransomware is another nightmare scenario that auto manufacturers are actively seeking to avoid. To this end, design for security needs to be approached in the same manner as design for safety – right from the drawing board.
An infosec mindset may be adopted, which first draws up a realistic threat model for a vehicle based on the known and potential dangers it’s likely to face, and the various ways to mitigate them. This will aid in determining the best combination of hardware and software functions – including the isolation of individual components, secure encryption of confidential or critical data, and so on.
Drawing on experience and knowledge from other industries (aerospace, defense, manufacturing, etc.) a distributed security architecture should be drawn up – one which addresses issues at all levels of operation, including:
- Hardware protection around each electronic control unit (ECU)
- On-board software providing security defenses inside the vehicle
- Monitoring and management of the network inside and outside the vehicle
- Cloud security services
- Anonymity and data privacy for information traveling between vehicle and cloud
- Building trusted environments for application execution
- Isolation of safety-critical systems and components
- Message authentication and network encryption
- Behavioral monitoring and anomaly detection
Automotive Cybersecurity – “Over the Air” (OTA) Updates
Complexity and diversity in the automotive supply chain demand that the means of distributing information and security updates be universal and real-time / instantaneous. Using the cloud to deliver “over the air” or OTA updates is one way to achieve this – with some reservations.
OTA won’t fix everything, but improvements in response may be achieved by enhancing a vehicle’s inbuilt set of OTA sensors with technologies like Android’s TrustZone™ Integrity Monitoring Architecture (TIMA). Beyond the limits of OTA, more serious vulnerabilities must be addressed by applying security principles and best practices across the entire supply chain.
As part of an ecosystem that involves information exchange and the use of applications and infrastructure over wireless channels, monitoring and analytics must also play a crucial role. This should extend beyond the provision of on-board or embedded security analytics to connected networks and cloud enhancement, applied to behavioral analysis and anomaly detection techniques.
Shared intelligence will also be important, and several major manufacturers have already entered into agreements to make available threat intelligence databases, news, and best practices as a clearer picture of the automotive security threat landscape continues to emerge.
Emerging automotive technologies are creating exposure to new cyber threats. Cyber Security experts are quickly figuring out how to deal with this growing problem, using established methods like penetration testing to thwart attacks on cars.
Share this Post