Published on 05/14/2017 | Operations
The automotive industry is abuzz with the high-profile hack of a Jeep Cherokee by security researchers Charlie Miller and Chris Valasek. Miller and Valasek exploited a weakness in Fiat Chrysler’s UConnect system that allowed hackers who know a vehicle’s IP address to remotely control the vehicle – including disabling the brakes, disengaging the transmission and more.
The vehicle, driven by a reporter covering the hack, wound up in a ditch. The day the story broke, Fiat Chrysler recalled 1.4 million vehicles, all of which require a software update through a physical connection – either a USB stick or dealership OBD-II equipment.
Another connected car take-over by the U.S. Defense Advanced Research Projects Agency (DARPA), demonstrated on an episode of 60 Minutes, led to a scathing US Senate report issued by Senator Edward J. Markey (D-Mass) last February. Based on surveys sent to major automakers, Markey’s study found that, while automakers had fully embraced car connectivity, they had not fully addressed the security or privacy issues raised by these vehicles.
Markey and fellow Senator Richard Blumenthal (D-Conn) jointly introduced legislation called the “Security and Privacy in Your Car Act” (SPY Car Act) on the same day the Jeep hack was announced. This bill would require the US National Highway Traffic Safety Agency (NHTSA) and Federal Trade Commission (FTC) to establish Federal standards for vehicles that protect driver safety and privacy.
You don’t have to be DARPA
It turns out you do not need lots of smart engineers and a limitless budget like DARPA to hack the connected car. Last summer, a 14-year-old student stunned auto executives by hacking a connected car with only a couple of days training, $15 in Radio Shack components, and a soldering iron at the Battelle AutoCyber Challenge.
While the kid’s hack did not penetrate the car’s drivetrain, it was still an impressive demonstration not only of young talent but also how far connected car systems have to go to catch up with the technological sophistication of the systems with which they interface – and the threats those systems expose.
How did the connected car get so insecure?
When it comes to connecting cars to outside networks, the automotive industry is playing significant catch-up. While cars have evolved over 100 years and the Internet over 25-45, depending on when you drop the flag, cars are relatively new as digital devices. Digital controls started replacing analog ones for essential onboard systems in the 1970’s, but onboard vehicle networking did not stabilize until Bosch freely released the first commercial automotive controller area networks (CAN) standard in 1986. CAN protocols are embodied in the International Standards Organization’s (ISO’s) 11898 standard, which covers device identification plus physical and datalink layer protocols.
The latest version is CAN 2.0, which was published in 1991. Note that this is two full years before GM released the first externally networked connected car service: OnStar. CAN 2.0 and all its preceding generations were designed as an internal network that is physically interfaced from time to time exclusively with trusted sources. Security considerations related to connecting this network to the outside world are simply not reflected in the standard.
Hence, connected car security needs to be applied through add-on applications and services which operate in parallel to and in a manner compatible with an existing vehicle’s CAN controller. Movimento’s recently released Over-The-Air (OTA) platform for the Software Defined Car™ is one example of an effective automobile security service.
5 Best Practices for Securing Connected Cars
Based on Movimento’s decades of experience programming and reflashing cars and components for many automakers and Tier 1 suppliers, here are five best practices to keep in mind when securing the connected car.
1. Encrypt car’s wide area network communications
Encrypting network communications has long been a method to protect against data theft and guarantee confidentiality, and yet only in February of this year BMW pushed an OTA software update to 2.2 million BMW, Mini and Rolls-Royce cars equipped with their ConnectedDrive system to implement encryption for car communications.
BMW’s “in the clear” transmission of data was uncovered by a group of hackers from Allgemeiner Deutscher Automobil-Club (ADAC), a German auto club, who set up rogue cell sites to which the test vehicles automatically connected. Once in, hackers were able to lock and unlock doors, access the navigation and entertainment system, and change environmental settings.
2. Don’t let components software update each other
Viruses frequently spread within information systems by first finding a foothold, then scanning the network for insecure devices that they can infiltrate. One of the ways to stop this type of wildfire is to prevent vehicle Electronic Control Units (ECUs) from software updating aka reflashing each other.
Reflashing matters because some of the most dangerous viruses infect a computer’s BiOS or other root vectors, which are often exposed at startup. Preventing ECUs that become infected from spreading the infection to others is a primary line of defense.
3. Keep all the software up to date, over the air
“Insecure” devices are often subject to viral infection because their firmware is out of date. Keeping all network elements up to date has long been the bane of ICT departments around the world. Now the domain that requires this protection extends to vehicles as well.
When updating connected car firmware, be sure to make these connections wirelessly to avoid “rootkit” infections that can enter a vehicle through a physical connection, including the OBD-II port, USB port and even the charging port for electric cars. Rootkits are particularly troublesome because they can literally take over a device, plus many rootkits cloak and/or clone themselves to prevent detection or removal.
Rootkits are not the only threat that can come with connecting a car to a physical device. Last January, a researcher from the Digital Bond Labs found three security weaknesses in Progressive Insurance’s “Snapshot” OBD-II driver monitoring device: allowing access to a vehicle’s CAN bus, no authentication of the Snapshot device to the vehicle, and no encryption of driver data before transmitting it over a cellular network.
4. The best defense is a good offense: actively monitor the CAN bus
The virtual spinal cord of the connected car is the CAN bus. It communicates with the ECUs and relays important messages, such as alerting the ECU that controls the air bags that another ECU has reported a hard car crash. Actively monitoring the messages flowing across the CAN bus for unauthorized content, such as one ECU sending restart instructions to another, is a proactive way to protect the vehicle. Movimento’s OTA platform can identify and block unauthorized CAN messages in transit, in less than 10 milliseconds.
Identifying, intercepting and destroying unauthorized messages flowing through the CAN bus not only serves to isolate a corrupted ECU – it also provides an evidence trail that can be used to locate the infection and clean it up.
5. Host a hackathon and let the world have at it
Putting every known security measure into place may not be enough to keep ahead of today’s sophisticated hackers. As the development of connected car platforms, operating systems, and components races ahead at breakneck speed, the potential for new vulnerabilities entering the connected car is significant.
World-class enterprise security programs perpetually harden the target through incursion testing and consulting from top-tier security companies – often firms run by former black-hat hackers. With the popularity of connected car hackathons, and the urgency associated with solving this set of problems, do not miss the opportunity to let the hacking world “have at it” by hosting your own hackathon or participating in one of the many education-based programs including AutoCyber Challenge and university-sponsored programs.
The original article is available here.