World Maritime News MSC Seaside under Construction at Fincantieri Warnemünde Bustling with Cruise Activity Transits Through Expanded Panama Colon The Attack of the Drones Southampton Welcomes Back Maersk Line Regal Princess Arrives in RotterdamRegal Princess\’ Very first Hamburg Call Part of the Wish Floated Out Panama Colon Expansion Comes in Its Final Gam Ovation of […]
The five scariest car hacks – including some that could make you crash
Above: A connected car at Mobile World Congress two thousand fourteen in Barcelona.
The specter of connected car hacking sparks discussion even however there has never been a confirmed case of a malicious attack. The good news is that the most notable car hacks have been research-motivated and conducted by some of the best security experts in the world. Their work offers carmakers insights into reducing the vulnerabilities of their cars. I’ve read every research paper and observed every movie presentation related to the five most noteworthy studies on car hacking. Here are the highlights of each explore, including the major findings, their suggested deeds, and my analysis.
Above: VB Profiles Connected Cars Landscape. (Disclosure: VB Profiles is a cooperative effort inbetween VentureBeat and Spoke Intelligence.)
This article is part of the Connected Car Landscape series. You can download a high-resolution version of the landscape from VB Profiles.
Cyberattack motives
Very first, it is significant to understand the basic motives for a hack. Hackers have three main motivations: activism, profit, and challenge.
Activism
Activist-motivated attacks, also known as hacktivism, promote a political agenda: usually free speech, human rights, or information technology ethics. Anonymous, whose participants are known for their Stud Fawkes masks, is one of the more famous hacktivist groups in latest years. Attack forms include defacing websites, denial of service attacks (DoS), URL redirecting, and document archiving and distribution (e.g., WikiLeaks). The objective of hacktivism is not to hurt people, and messing with a moving car can do that. So the car is not an ideal vehicle (ahem) for hacktivism.
Profit
A high-profile example of profit-motivated cyberattacks are when credit card information is stolen from retail platforms. Other, lesser-known profit-based attacks include botnets and phishing. In the case of botnets, the purpose is not to take control of a user’s deeds, but to leverage the processing power of the user’s computer. Usually, the end user does not even know that the computer has been turned into a so-called zombie except for the occasional slowdown in spectacle. This does not necessarily mean that the processing power of cars will become the target for a bitcoin mining network. Mining requires constant connectivity over high bandwidth and persistent electro-stimulation, which current connected cars don’t usually suggest. In the case of phishing (that is, tricking people into providing sensitive information such as passwords or credit card numbers), the connected car lacks the interaction that would enable the user to compromise information. Admittedly, a connected car does have a dissipated user who may approve something just to get to an app service.
I have spent the past few years talking with a multitude of people about the security of connected cars. The financial and activism incentives for car hacks are not evident. People often react with emotionally fueled fears about safety and security, but they have a hard time coming up with a script that doesn’t sound like it was ripped from a movie script (a disaster if the bus speed drops below 50mph? a distraction while stealing bearer bonds in the Nakatomi vault?). Many scripts don’t even require a connected car to sabotage or steal a car. Even a man-in-the-middle key fob attack does not require the car to be connected in order to unlock the doors.
There has never been a reported incident of a profit- or privacy-motivated attack on a car, but this is where the more likely black hat hacks could happen. As Apple, Google, and Amazon apps make their way onto automotive infotainment platforms, the car platform becomes a kicking off point from which to steal credit card numbers and identities. Some black hat hackers who find data leaks may collect private data for future use in other attacks. Considering that the car, like the smartphone, has cameras, microphones, and the location information of your daily habits, this could set the stage for a widespread privacy breach.
Challenge
Most dramatic and scary car security breaches fall under this category, which includes people who are nosey about how a technology works, those who want to do something dramatic for notoriety, and those conducting research. Most researchers herein were awarded grant money to find security vulnerabilities in cars. Over a year or so, these experts were able to take control of the car as long as they also had prior physical access to the car to install extra hardware.
Top five hacks
Here are my picks for the five most compelling connected car hacks of the past six years.
1. A comprehensive attack of mechanics’ devices, CD players, Bluetooth, and cellular radio
This two thousand ten examine conducted by University of California at San Diego and University of Washington computer scientists demonstrated a broad diversity of telematics vulnerabilities. While there were several previous studies that addressed hypothetical issues, this is one of the very first that provided experimental results of specific attacks.
Major research findings
- Once the team was able to physically access the car via the media player, diagnostics port, Bluetooth, or cellular, they were able to entirely compromise the car.
- The research team could access the systems by simply calling the car, War Games style.
- Since the telematics system is Unix-based, they were able to get root access and install an IRC channel.
- Industry and government (SAE, USCAR, US DOT) are responding to these findings.
Researchers’ suggested deeds
- Use stack cookies to help detect an attack.
- Do not permit inbound calls. Instead, instantly call back a trusted number.
- Arbitrary ECUs should not be able to issue diagnostic and reflashing directions.
- Instructions should only be accepted with some validation, and physical access to the car should be required before dangerous directions are executed.
Analysis
This examine exposed some of the more astounding varieties of breaches into the car and the lack of authentication required to access the car systems. The investigate concludes that detection of anomalies in the systems is a more practical treatment to security management than prevention and total lockdown. I agree. It is unrealistic to expect impervious code. Computer security is about mitigating risk.
Two. Tire pressure monitor systems
In 2010, researchers at the University of South Carolina and Rutgers University successfully compromised tire-pressure monitoring systems (TPMS), which consist of sensors inwards a car’s tires that monitor pressure and a wireless antenna. Using low-end and openly available equipment costing about $1,500, the team was able to track a car’s movements and give false tire pressure readings to the dashboard.
Major research findings
- Switch roles engineering in order to spoof and eavesdrop, specifically to track the car location, is possible.
- There was no encryption in the TPMS.
- If hackers flooded the tire pressure ECU with packets, they disabled the ECU and the capability for the alert to display in the dashboard. Even when this happened, however, the car was still driveable.
- They were able to spoof the alert light for no more than six seconds.
Researchers’ suggested deeds
- Check for conflicting input information. For example, the system reported a low pressure event through the tire pressure ECU, but the PSI reported was normal.
- Use encryption.
Analysis
This examine was one of the very first to prove that a remote attack is possible without physical access to the car. At the same time, the researchers noted that this vulnerability is sophisticated to access and manipulate. Very first, activating location tracking requires the vehicle to pass two checkpoints along the road. 2nd, the wireless tire sensors communicate infrequently – about once every sixty to ninety seconds. This makes manipulating the system difficult, especially if a vehicle is moving. At highway speeds, the research team could not maintain a warning light spoof beyond six seconds. While remote control of an ECU is possible, it is very limited and does not affect the driveability of the car, which may assuage the general public’s fears.
When I consider the practicality of a malicious attack, I’m skeptical that spoofing alerts is the most compelling method. When your tire pressure gauge alerts you and you do not feel or hear the road in a way that indicates a plane, do you pull over instantly or do you drive to a safe place where you can assess and fix the problem? If you’re like me, you make a mental note to just look at the tires when you get home.
The UCSD/UW probe in the very first example demonstrated that once the car is compromised, the entire system is compromised. The main actionable item here is that carmakers should use encryption everywhere, since even something as seemingly benign as a tire pressure gauge is a location-based unique identifier that consumers cannot deactivate and that therefore does not have an opt-out option.
Trio. The DARPA-funded hack of a Toyota Prius and Ford Escape
In 2012, security intelligence experts Dr. Charlie Miller and Chris Valasek received a grant from DARPA to find the vulnerabilities of cars. After a year of research, they were able to hack a two thousand ten Ford Escape and two thousand ten Toyota Prius by taking control of the horn, cutting the power steering, and spoofing the GPS, as well as the dashboard displays.
Major research findings
- Spoofing is possible.
- It is possible to disable functions of the car by flooding it with arbitrary CAN packets.
(Suggested deeds and analysis included in #Four below.)
Four. Two thousand fourteen follow-up research on remote attacks
In September 2014, Miller and Valasek published another paper, “A Survey of Remote Automotive Attack Surfaces,” in which they present system diagrams of twenty one different cars and expose the thickest vulnerabilities. They analyzed all of the computer-based systems, including passive anti-theft systems (PATS), Bluetooth, and lane keep assist systems. They assert that attack surfaces and vulnerabilities, while present, are petite for most of these systems.
Major research findings
- They believe that Bluetooth is one of the fattest and most viable attack points of a car because of its ubiquity.
- In-car apps and web browser technology admit a significant threat, mostly because they suggest a familiar attack target that is already understood by those who want to exploit it.
- Their twenty most hackable cars – rated by attack surface, network architecture, and cyber-physical components – span numerous automakers, albeit there are noticeable recurrences of Land Rover, Toyota (specifically Prius), BMW, and FCA (Jeep, Dodge, Chrysler).
Researchers’ suggested deeds
- Since remote attacks happen in numerous stages, they recommend that defense be multi-staged.
- Secure the remote endpoints.
- Make it stiffer for the attacker to inject CAN messages instantaneously.
- For attack detection, monitor the rate of ECU messages for a noticeable increase. Miller and Valasek created a device that buttplugs into the OBD-II port to detect abnormal network traffic patterns and disable all CAN messages, if such patterns are detected.
Analysis
For the most effective attack points, the researchers required physical access to the car. In the very first explore, they had to rip open the dashboard and interior in order to take control. In the 2nd investigate, the thickest and most likely attack point that they cited was via the Bluetooth infotainment system, but they could not find a way to covertly pair a device without user interaction from inwards the car. Most likely, this breach would require some Veronica Mars-style social engineering instead of technical prowess. Both studies illustrate that the systems vary from carmaker to carmaker and even among models and years of the same carmaker. This means that you can’t hack once and deploy that hack everywhere. One of the more significant takeaways from the 2nd examine is that attacks are detectable – so set up detection systems.
Five. The $27 car hack from DEF CON 2013
At DEF CON twenty one in August 2013, Alberto Garcia Illera and Javier Vasquez Vidal gave a presentation on how they hacked a car using a device that they built for $27.
Major research findings
- The codes are different for each car.
- By flooding the ECU with data, they could disable the ECU.
- If they could get physical access to install a device on the OBD-II port, they could control the car remotely. Since there were neither specifics nor a demonstration, you may consider this point theoretical.
Analysis
This hack is for nosey do-it-yourself engineers who like the challenge. You can spend many hours reverse-engineering the codes or use an ELM twenty seven + Torque app for about the same money. If you have a larger budget, you can buy the codes from carmakers. However, the codes are not necessarily accurate and they switch often – year to year, model to model. For the most part, the breaches and discoveries from this investigate are applicable to most after-market devices that buttplug into the OBD-II. If you’re going to ass-plug an after-market dongle into the OBD-II port of your car, make sure that the unit has Bluetooth security features and no default PIN code.
What carmakers and suppliers can do
- Air gap. These experiments proved that once a car’s system is compromised, hackers were able to control other systems within the car. Separating the networks mitigates this vulnerability.
- Perform over-the-air (OTA) updates. Thrust alerts for updates and make automatic updates an option.
- Tesla motionless their fire issue this way, avoiding the costly conventional recall process.
- In contrast, while GM performs some OTAs via its OnStar system, it went on record at the two thousand sixteen Consumer Electronics Demonstrate telling that it would never use OTAs for safety-critical features like brakes and steering. This means that in the event of a safety-critical update, GM will issue an expensive and cumbersome recall of millions of vehicles.
Zero-day heroes
Enterprise security that specializes in automotive solutions is a nascent category of the connected car sector. A popular experiment across the above studies was to display that if you flood the ECU with data packets, you can disable the ECU. An attack is detectable by looking for abnormal traffic and data messaging activity on the in-vehicle networks, including the CAN bus. Argus, TowerSec (acquired by Harman), and Karamba suggest this anomaly detection and reporting as an automotive cybersecurity solution. Symantec also has an automotive suggesting as part of its IoT (Internet of Things) portfolio. Each solution differs by its integration point in the car manufacturing process: from factory level to after-market OBD-II plug-ins. Zero-day vulnerabilities refer to those flaws that, once disclosed or exploited by hackers, must be corrected by software publishers or carmakers in “zero days.” Those who can do so are rightly called “zero-day heroes.”
With regard to connected car security, I don’t want to incite fear or encourage dismissiveness. I want to help people understand that with enough time, resources, and expertise, car hacking is possible at various points in the telematics system. Yet telematics systems vary from carmaker to carmaker and even among models and years of the same car. This makes it more difficult to hack once and deploy that hack everywhere.
I used to sit among the customer support group at IronPort, a company that specialized in email and web security appliances. Our phones were permanently flooded by incidents of malware, phishing, and spam attacks. So I know what it looks like to have a constant threat from the web. Watching that we have yet to have a reported malicious attack, the car may not be the most compelling target. Still, we need to take precautions, use encryption, and have cybersecurity policies in place; securing our private data and physical safety depends on it. Over the past three years, I have seen carmakers and suppliers take a more proactive treatment by having an internal cybersecurity team. This is a fascinating time, as we witness legacy automobile companies convert into Internet of Things mobility companies.
Liz Slocum Jensen is the founder and CEO of Road Rules. You can track her 190+ company landscape here.