How to Ensure Automotive Cybersecurity in the Next-Gen Vehicles [Part 1]
In the first part of this article, we will discuss types of potential threats present in the connected vehicle ecosystem and the reasons why automakers should make automotive cybersecurity their priority.
From Connected Car to Self-Driving Vehicle
Trends are evolving at enormous speed. Seems like only yesterday we saw a hype over the vehicle connectivity. Based on Advanced Driver Assistance System (ADAS) and In-Vehicle Information System (IVIS), connected vehicles are designed to help drivers feel more secure and comfortable on the road. A connected car can talk to other vehicles in the wireless local area network influencing own driving behavior and informing other cars about its position, speed, brake status, etc.
Now, we’re seeing a major trend to shift from the assistance and connectivity features to self-driving cars. And this is how the driver’s seat will soon turn to the passenger’s. More and more electric and hybrid electric vehicles implement partial and conditional automation per SAE J3016 International Standard, as seen in the illustration below:
Level 3 (“hands-off”) and Level 4 (“eyes off”) of autonomy are already present in Tesla vehicles, Google’s Waymo Pacifica, Volvo Drive Me S60, Audi A8 Luxury Sedan, and others. Many manufacturers aim to achieve the complete Level 5 automation when the car is able to drive any road just like the human driver. This, however, won’t be possible until after 2021 at the earliest, while some sources predict not earlier than 2025 for full car automation.
Anyway, the tendency to implement connectivity features is growing exponentially as it promises considerable profit to automakers. As projected by BI Intelligence, 380 million of connected cars will be present on our roads by 2021. The estimated revenues from the purchased connected car packages in 2022 are predicted to reach $155.9 billion, according to another report by PwC.
Based on V2X communication, ADAS, IVIS, Internet of Things, Machine Learning, Artificial Intelligence and many other evolving technologies, a connected car becomes smarter and, thus, a more desirable product for end users. However, despite being able to predict and prevent accidents and collisions, the connected cars may be vulnerable to cyber attacks, making autonomous cars cybersecurity the most important challenge nowadays.
Features and Trends
Generally, automotive cybersecurity should focus on three main trends adopted in a connected vehicle according to TU-Automotive report:
- Complexity:
The attack surface has expanded due to new connectivity features, which added complexity to a vehicular system. The number of lines of program code increased to 100 million in a connected car – an astonishing number even compared to 8 million of lines of code in a stealth F-35 Lightning II. Besides, there are almost a hundred of Electronic Control Units (ECUs) connected through the internal networks and diverse Infotainment and Telematics systems (navigation, traffic information, text messaging, voice control, etc.). - Connectivity:
Wireless communication interfaces enable interaction between cars and the whole infrastructure as well as other features, powered by the Internet of Things (IoT) technology. This technology, however, has made the vehicular system vulnerable to attacks on multiple fronts. - Easy sharing and quick access:
The integrity of the driver’s personal content is awfully compromised through multiple side technologies present in a connected car, e.g. a remote access to Tesla car via Apple Watch or a keyless entry already exploited by the thieves in Europe. Moreover, connecting to the vehicle via Bluetooth can not only imperil the security of a car but also lead to eavesdropping, blackmail, identity theft or stolen data.
Evidently, by inheriting multiple features of a computer on wheels, a connected car becomes more unprotected. As seen from the abovementioned examples, even some acclaimed car brands like Tesla cannot fully guarantee driverless cars cybersecurity today.
Automotive Cybersecurity Concerns
The new driverless technologies and connectivity trends are still evolving. Naturally, cybersecurity experts, as well as common users, have numerous concerns. According to the University of Michigan research, American drivers are concerned about hacked self-driving cars that may cause crashes, serve as weapons for terrorists, and leak their personal data. At the same time, according to IDC research, 50% of British and 57% of German drivers are extremely concerned about connected car applications, such as Adaptive Cruise Control, Collision Avoidance System, and Self-Parking.
Drivers do have reasonable grounds for such concerns. In 2015, two white hat hackers Miller and Valasek got a remote control over Jeep Cherokee via the Internet. This incident made a great stir, forcing Fiat Chrysler recall 1,4 million of vehicles for maintenance. This year, Chinese researchers compromised the security of Tesla Model X uncovering some serious vulnerabilities to be patched. The group of experts remotely opened the car doors, trunk and turned on brakes by using Wi-Fi and cellular connection.
The good news is that Tesla, GM, Fiat Chrysler and other carmakers realize the importance of cooperation with professional hackers and have started their own “bug bounty” programs. E.g. Fiat Chrysler Automobiles offers a reward of up to $1,500 per bug.
Stages of Remote Cyberattack
Pursuing to add as many new connectivity features as a consumer will buy, manufacturers offer a wide range of ADAS safety packages. Nonetheless, many of them provide low-tier if barely any security. The array of new functions and services has created so many attack surfaces, that protection needs a more serious approach.
According to the aforementioned Miller and Valasek’s report, a hacker should get through three stages to perform a successful remote attack:
- The first step is to get an access to the internal vehicle networks (aka message-protocols), such as Controller Area Network (CAN bus) supported by ISO 11519 and ISO 11898, Local Interconnect Network (LIN bus), FlexRay, MOST, VAN, etc. These networks are designed to enable communication between the vehicle systems and subsystems formed of electronic control units (ECUs). ECU (aka “a node”) is an embedded system mainly used for the control of the engine, powertrain, transmission, brakes, speed, seats, telematics, etc. All nodes (ECUs) connect with each other through a 2-wire bus. The cybersecurity of a CAN bus can be compromised through unauthorized messages, instantly transmitted by nodes. The problem is that such messages, as well as nodes, can be easily added to the network.
- Here’s where the second stage begins. If attackers manage to penetrate the network, they can inject messages into the vehicle networks and build communication with them, or, in other words, gain a direct or indirect control of the targeted ECU.
- In the last stage, a hacker will be able to exploit vulnerabilities of the compromised ECU and networks.
To know how to protect a connected car from unexpected penetration you should understand the nature of attack and types of vulnerabilities frequently exploited by hackers.
Things to Protect in Cars on Cyber Level
While there are numerous attack vectors, McAfee lists fifteen the most hackable attack surfaces as shown in the diagram below:
Among these surfaces, cyber experts distinguish five top vulnerable channels for potential threats:
- ECU and internal network:
A new-age car obtains a number of networks controlled by resident ECUs that enable communications between less-critical and safety-critical The complexity of a new-age system allows accessing the vehicle’s Transmission (safety critical) through Infotainment system (e.g., DAB radio) or Bluetooth (less-critical). - Onboard Wi-Fi and mobile communication systems:
As an example, an attacker can simply set up a pseudo-Wi-Fi AP accessing the car’s internal network and communication data. By this method, two Chinese cybersecurity researchers were able to take control of Tesla Model S by using a fake malicious Wi-Fi hotspot. Furthermore, an attacker can also easily get through any 2G/3G/4G mobile communication system penetrating their protocols and causing abnormal car functioning. - Over-the-air (OTA) updates:
Hackers can take over sensitive OTA components injecting the malicious code into them. Tesla used a code-signing method to fix such vulnerabilities exploited by the aforementioned Chinese white hackers. It means that all new Tesla firmware OTA updates will contain a unique cryptographic key, strengthening the vehicle internal network. - OBD-II:
Unlike other remote threats, compromising OBD port requires a physical access to a car. However, this entry point threatens cybersecurity of a connected car, since ODB-II allows directly connect to all CAN buses. The fact that there are already special powerful scan tools for ODB port, available at an affordable price on the web, eliminates the need for physical access. For instance, CANtact is an open source low-cost device that opens too many doors for hackers. - Bluetooth:
Bluetooth protocols impose a list of vulnerabilities and security threats like disclosure of unauthorized data, information integrity, and DoS (denial of service) threat. A study of researchers from the University of California proved that complex Bluetooth protocols are vulnerable to reverse engineering and could compromise telematics security. Moreover, the latest Bluetooth version with the improved broadcast capacity and speed generates even more risks by extending the range of data channels for easier device-to-device connectivity.
Unfortunately, even after strengthening the described key channels, the connected car cybersecurity is still exposed to many vulnerabilities. Due to the complicated modern vehicle infrastructure, the attack surface expands to 50 entry points according to SBD Automotive report. As a result, today the underdeveloped automobile cybersecurity system can imperil a driver or his personal data from different attack vectors illustrated in the figure below.
Regarding the scale of a topic, the first part of an article can be viewed as an outline of connected car features, main trends and technologies applied in the modern vehicle, specific concerns raised by drivers and cybersecurity experts as well. We have also highlighted major attack vectors and other possible entry points confirming the fact that a connected vehicle aimed to improve safety on the road obtains a low level of cybersecurity. To enhance and protect a modern vehicle from potential cyberattacks, the automotive community has developed best practices and innovative solutions reviewed in the next part of this article. Follow us to get more details and valuable insights.