Your new smart car is an IoT device that can be hacked
The automotive industry is rapidly changing due to the introduction of new technology in modern vehicles. Our cars are connected to complex networks hosting numerous sensors and smart components that are in turn connected to the Internet. For this reason, their attack surface increases dramatically.
Connected cars are complex systems composed of numerous units that exchange large amounts of data, and threat actors can manipulate those systems in order to gain control of smart vehicles.
Over the years, a growing number of security experts have focused their studies on car hacking, demonstrating with success how attackers could compromise the various components in the vehicles.
One of the most well-known attacks on a smart car is the remote hack of a Jeep demonstrated by the security duo Charlie Miller and Chris Valasek to raise awareness in the automotive industry about the possible risks related to cyberattacks.
Miller and Valasek exploited security flaws in the Uconnect automobile system with cellular connectivity to take over a 2014 Jeep Cherokee.
The hack shocked the automotive industry and provoked a public debate on the cyber risks of connected vehicles.
Security experts speculate that in some cases, car makers failed to implement adequate protections from cyberattacks. Threat actors could hack a vehicle to steal sensitive data managed by its components for sabotage purposes, or simply to steal it.
Connected cars can share information with other vehicles in C2C (car-to-car) or C2I (Car-to-Infrastructure) connections in real-time. In essence, they are becoming sophisticated nodes of the global network that manages massive amounts of information.
According to the study “Driving Security: Cyber Assurance for Next-Generation Vehicle,” the following aspects are essential when it comes to manufacturing secure connected cars:
Design secure cars. Security requirements are part of the early stage of the design process. Designers should focus on security, implementing protections against known threats for each component, subsystem, and network that the connected vehicle will be exposed to once it leaves the car maker's production line.
Create safe networks. Internal communications and communications with external entities should be encrypted. Car makers also have to design monitoring systems able to detect suspicious activities that could be potentially associated with attack patterns.
Vehicle hardening. Vendors have to harden their connected cars at all levels:
- Encryption of data at rest and data in motion
- Implementing proper cloud security controls
- Access control mechanisms
- Securing the operating system
- Penetration testing of the apps
The threat landscape in smart car security
Modern vehicles include interconnected electronics systems that could be targeted by threat actors for various purposes.
Today, cars are able to interact with the surrounding environment by exchanging data with control stations set up to provide a broad range of services to the populations of smart cities. The vehicles include sophisticated controllers that manage data collected through a network of sensors in real-time.
To have an idea of the complexity of a modern vehicle, let’s consider that a controller of a luxury car has more than 100 million lines of computer code, while software and electronics account for 40% of the cost of the car.
Every component in a car and its communication channels could potentially be targeted by cybercriminals.
What are the attack vectors for smart cars?
Security experts have demonstrated multiple attack techniques against connected cars. Some of them were also exploited by cybercriminals in real attack scenarios.
Here are the most popular car hacking techniques:
- Attacks against telematics systems. Telematics systems allow vehicles to communicate with a remote center and exchange with it the telemetry data and other information. Some car manufacturers already offer their customers telemetry services for a remote diagnostic that could prevent accidental crashes and electronic faults. Attackers could exploit vulnerabilities in these systems to potentially interfere with onboard components, and modify their parameters to alter the response of the vehicle to the driver’s orders.
- Malware exploits. An attacker could inject tailormade malware into some car components, modifying their behavior or triggering a Denial of Service condition. A malware program could be injected in different ways. For example, using a USB stick inserted into an MP3 reader or through wireless technology (wifi, Bluetooth, mobile communication).
- Unauthorized applications. On-board computers can download and execute applications and related updates. A threat actor could tamper with these applications to get malicious code executed on the target vehicle. In a classic supply chain attack, hackers could inject the car with a tainted update that, once installed and executed on the vehicle, could allow attackers to carry out malicious activities.
- OBD. Tailormade software could exploit the OBD-II (on-board diagnostics) port for installation. Once the connector is accessed via the CAN bus, it is possible to monitor every component connected to it.
- Door locks and key fobs. An attacker could emulate the presence of access code used by key fobs and door locks to control locks and start/stop for car engines.
Our vehicles are similar to a network of computers that communicate in an “unsecure” way on the internal bus. This means that hackers could take over a vehicle by sending a large number of controller area network packets (both normal packets and diagnostic packets) on the CAN bus to internal components. If the malicious packets arrive at the ECUs before the legitimate packets, these components consider them as valid.
Normal packets could be sent by attackers to manipulate multiple components, including the car’s speedometer, odometer, on-board navigation system, steering, brakes, and acceleration.
Attackers could send diagnostic packets to alter the behavior of some of the components in the vehicle such as brakes management, kill engine, lights flashing, doors lock/unlock, and modification of fuel gauge.
Unlike normal packets, diagnostic activities against an ECU need to be authenticated. However, weak implementation of the authentication process poses serious risks to the users.
Threat actors could target modern vehicles for multiple reasons, from sabotage to cyber espionage. An attacker could launch an attack to take over the car and cause a crash or to gather information stored by on board systems that could allow it to spy on the owner.
Car makers should implement security by design for the internal architecture of the vehicles. Here are some of the essential mitigations proposed by security researchers:
- Implement network segmentation to avoid threat actors exploiting security flaws in a component in order to access the rest of the network, including critical units.
- Implement authentication or authorization for any component connected through the CAN bus.
- Encrypt the traffic on the CAN bus.
Security researchers also suggest implementing anomaly detection mechanisms to prevent cyberattacks. An anomaly detection mechanism can leverage patterns for “normal” behavior for any component in the vehicle. Any deviation from this baseline must be analyzed and countermeasures can be potentially activated. Researchers Miller and Valasek suggested real-time analysis of CAN packets over time to detect potentially malicious traffic.
Unfortunately, in many cases, auto manufacturers avoid increasing the complexity of the vehicles by adding additional defense systems.
To mitigate the risk of attacks, experts recommend manually applying software security patches provided by the car makers when the vendors don’t push them ‘over the air’.
Avoid installing any software that is not approved by the car manufacturer and don’t install updates downloaded from third-party repositories. This includes diagnostics software to monitor your car's performance or different types of entertainment software that has Internet connectivity. Third-party software could be affected by vulnerabilities that could be exploited by hackers to steal or take over your car.
Researchers and authorities have to support and urge the automotive industry in implementing mandatory requirements for the safety and security of the vehicles.