Your next car is probably going to be hacked … no, really!
By Benjamin Cher August 22, 2016
- Cybercriminals will be able to ‘hijack’ vehicles or steal your financial info
- Automotive and cybersecurity industries need to hash this out together
MANY technologists are touting the ‘connected car’ – vehicles with sensors linked to the Internet of Things (IoT), which also allows them to ‘talk back’ to their manufacturers.
But while there are many benefits to such vehicles, it also opens up opportunities for cyberthreats to enter previously untapped realms.
There was that case in 2015 when hackers remotely controlled a Jeep, for one. But while experts and critics are still debating whether it constituted a legitimate hack, the threat still remains, according to David Allott, Asia Pacific cyberdefence director of Intel Security Group.
Speaking to Digital News Asia (DNA) via email, he says the top three threats to connected cars are:
1) Penetrating the car or the manufacturer end of the system
The connected car of the future would be able to wirelessly receive software and firmware updates.
If a hacker can get into a connected car, he would be able to access and steal personally identifiable information that will probably be stored on these vehicles. Then he would be able to carry out conventional identity theft or even sell the information on the black market to other hackers.
2) Steal financial information on subscription car services
We subscribe to a multitude of digital services over the course of our day-to-day lives, including audio and visual streaming services and navigational aids.
These aren’t limited to the confines of a desktop, Allott notes. Technology has evolved to the point where we are able to access these services from the in-car entertainment or infotainment consoles.
However, this connectivity is a two-way street. Hackers could get into the system and gain access to the financial information that we key in when subscribing to these services, and use that to make unauthorised purchases, for example.
3) Hijacking a vehicle
There have been stories of hackers getting into vehicle systems and taking control of them. A hacker could easily override a car’s ECU (electronic control unit) and take over key components such as the transmission, brakes and steering.
He could make unexpected stops or turns, causing accidents that could lead to injury or even death, according to Allot.
Currently cars can contain up to 100 ECUs, which segment the functions that each ECU controls. However, this number is set to go down, bringing with it greater vulnerability.
“The industry is already moving towards greater integration and virtualisation,” he says.
“This will reduce the number of ECUs but increase the number of functions they can accomplish and the complexity of the software,” he explains.
“This results in a broad attack surface, touching most in-vehicle systems and an increasingly wide range of external networks, from WiFi, cellular networks and the Internet to service garages, toll roads, drive-through windows, gas stations, and a rapidly growing list of automotive and aftermarket applications,” he adds.
What auto manufacturers are doing
While it might sound like a nightmarish future where drivers and pedestrians cannot trust cars, Allott assures DNA that auto manufacturers are taking steps to safeguard their cars – on the hardware, software and network levels.
On the hardware level, these are:
- Tamper protection: They are encrypting intellectual property, account credentials and other valuable information at compile time and decrypting them only during a small execution window, protecting the information from reverse engineering.
- Active memory protection: They are reducing code vulnerabilities by embedding pointer- checking functionality into hardware to prevent buffer overflow conditions that may be exploited by malicious code.
On the software software side, they are using:
- Partitioned operating systems: A common software and hardware combination that isolates different processes or functions, such as externally-facing functions, from those that drive the vehicle, reducing the complexity of consolidating multiple systems onto a single ECU.
- Authentication: Electronic keys, passwords, and biometrics need to be managed and authorised to access personal information such as identity, telemetry, locations, and financial transactions. Similarly, the various ECUs in a vehicle would authenticate communications to prevent an attacker from faking messages or commands.
As for network security, they are looking into:
- Enforcement of predictably holistic behaviour of all systems: A mouthful which essentially means they restricting network communications to predefined normal behaviour and will limit abnormal types or volumes of messages so that they do not impair the vehicle’s functions.
- Access controls: Explicitly permitting communications and messages only between pre-approved systems and sensors, blocking unapproved and inappropriate messages, and alerting security systems about any invalid attempts.
Software companies constantly make software obsolete with newer versions every three to five years, but what about cars, which typically last for 15 years or even longer?
This is a challenge that manufacturers have to overcome, and they need to assure owners too, Allott concedes.
“The ability to ensure continued security when replacing key vehicular parts is a crucial aspect of the recovery mechanism,” he says.
“Not all parts will directly affect the security functionality, but a customer has to remain assured that changing your brake-pads would not compromise the vehicle's safety,” he adds.
Maintaining software over a long period also poses its own set of challenges. For instance, Microsoft Corp maintained support for its popular Windows XP operating system for more than 12 years, with support only ending in April 2014.
“In that period [pf support], there were more than 100 updates, or on average, about one per month,” Allott notes.
“This update frequency is vastly different from most car maintenance interactions, which happen based on the distance the car has travelled, or when the owner brings it in to a workshop when he or she encounters a problem.
“The ability to update the software, through some public network, further drives the need for secure maintenance and recovery mechanisms.
“It is likely that the incident response plans will require mechanisms to respond, potentially in a matter of hours or days, to an active threat,” he adds.
Will such threats lead to reliance on old-fashioned mechanical systems or even a disconnection of ECUs controlling emergency features such as airbags?
Allott believes that a balance has to be met between connected features and reliance on mechanical systems.
“There has to be a balance between un-hackable mechanical systems for emergency features and connected features as well – safety is the No 1 concern when it comes to manufacturing automobiles,” he says.
“This interest could be best served with a dual-approach: Having both the mechanical and connected systems in place, the mechanical systems could be the last resort or a failsafe feature in case the connected features are compromised.
“Also, disconnecting the ECU would be a reverse to the current trend of championing further integration and virtualisation, although there is a valid case to be made that disconnecting the ECU would benefit the security of the vehicle,” he adds.
Ultimately, automobile cybersecurity would require a collaborative approach to detect, protect, and correct identifiable or avoidable threats, and to protect from previously unknown or unavoidable ones, according to Allott.
“With next-generation cars, this includes hardware-based protection in and around the ECUs, software-based in-vehicle defences, network monitoring and enforcement inside and outside the vehicle, cloud security services, and appropriate data privacy and anonymity for bumper-to-cloud protection,” he says.
Connecting cars, changing realities
Knowing that your car could be vulnerable to threats other than a physical break-in may be sobering, but it does not detract from the possibilities that these cars of the future promise.
Drivers will look at their cars the same way people look at their smartphones and computers – yet another connected device.
“There is a real chance of the car being a platform for drivers to do what they do on their smartphones and computers,” Allott says.
“They could use voice commands to make hands-free calls, send messages and perform banking transactions, or even pay for petrol or schedule a servicing session,” he adds.
As for manufacturers, ensuring that cybersecurity is integrated from the start will be the new reality.
“Car manufacturers will have to give thought to ensuring that security is integrated at the design process itself, and not as an afterthought,” Allott argues.
“If vehicle security moves towards third-party security vendors, dealers may also have an important part to play in education, sales, and provisioning of security products,” he adds.
Currently there is no clear demarcation when it comes to who is responsible for monitoring security, leaving it up in the air between “manufacturer, owner, government agency, or an aftermarket security company,” according to Allott.
This is why discussion and collaboration are needed to formulate best practices for the cars of the future.
“The automotive and cybersecurity ecosystems need to engage in discussion and develop best practices for designing, developing, and deploying security solutions,” says Allott.
Who's driving your car?
Of money and cars: EmTech Asia Day Two
Singapore gets into self-driving cars, EDB invests in US-based nuTonomy
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.