In this series, we’ll first present connected vehicles and their associated cybersecurity challenges; the main sources of threat and the risks will be addressed in a second installment. Lastly, a third article will present our views on the issue and the main lines of the response required to address it.

The connected car: a vehicle supporting a raft of interactions

Entertainment, an extension of your smartphone, shared mobility, management of the car’s life cycle… users are demanding new experiences, and the services and applications they generate are resulting in a range of interactions. We can imagine a smart car being able to find a free parking space, automatically schedule an appointment for maintenance, or turn a traffic light green as it approaches. Since April 1, 2018, all new vehicle models must also have an emergency call system, as well as geolocalization to enable the authorities to be contacted in the case of an accident. In this respect, they are already “connected”.

Manufacturers and other players are already capitalizing on the opportunity to maintain a close relationship with customers throughout the vehicle life cycle. By doing this, they become “providers of services and mobility solutions,” drawing on, among other things, collected data. In particular, because such connectivity represents a step toward autonomy, the vehicle needs to be able to communicate with other vehicles and the surrounding environment. These changes are underway, and their pace will progressively increase.

However, the challenge of cybersecurity is scarcely taken into account, or ignored: yet it has to be a key plank of any connected solution—from the design phase to the end of the life cycle. Such thinking is essential to safeguarding the vehicle’s integrity, protecting passenger lives, and complying with current and future regulation.

The first prerequisite is to properly understand the connected vehicle’s technologies and ecosystem.

How connected vehicles interact with their environment

A specific feature of a connected vehicle is that it interacts with its ecosystem, via mobile data streams, over both the short and long-ranges.

• Short-range connections: Here, the vehicle interacts directly with an object (such as a smartphone, infrastructure, etc.), without any intermediary. It uses technologies with a limited range for local exchanges (WAVE, on-board Wi-Fi, Bluetooth, etc.).
• Long-range connections: Here, the vehicle uses remote access to interact with external components via a cloud platform. 4G, and soon 5G, connections are the technologies of choice for connecting vehicles to the internet.

This connected-vehicle concept also covers exchanges with the vehicle’s direct environment under the umbrella term “Vehicle-to-Everything” (or V2X). Lastly, the standard, ISO 20077, covers “Extended Vehicles” (or ExVe) as a whole: which comprise the physical vehicle as well as all the platforms and infrastructures that the car manufacturer is responsible for.

A range of ecosystems and players that need to work together

The car was once a very closed system; with the exception of diagnostic connections for garages and some connectivity to be able to broadcast multimedia content; any connectivity risks were largely contained. Today, the proliferation of forms of connectivity and access to the internet have opened up new opportunities for manufacturers and service providers, but also for attackers.

The first ecosystem to consider is the . Electronic and communication systems must be able to communicate with each other without the transmitted data or stored secrets being altered or stolen. Among these systems are the ECUs, the mini “on-board computers” that control the vehicle’s key functions, such as the braking system, air conditioning, lighting, etc.

Beyond on-board security, there are the user and owner (the latter not necessarily an individual) who have the right to give orders to the vehicle according to pre-defined rules. In the future, their authentication will be essential when it comes to questions of responsibility, as well as for verifying the legitimacy of the orders they issue.

Another vitally important aspect concerns connected services that use centralized platforms, or even cloud-based ones, which have been developed by the manufacturers or their partners. These platforms represent a significant threat because they can trigger orders for entire fleets of vehicles, and therefore the impact of any problem is multiplied. Manufacturers will need to put in place sufficiently secure solutions to allow such services; they’ll need to combine their own platforms with those of partners and the APIs on the vehicle, as well as ensuring the required level of confidence in the environment.

Lastly, in the medium-term, external objects and the surrounding environment (other vehicles, garages, parking lots, road infrastructure, etc.) will need to communicate and share information. The challenges of ensuring security in real time (in terms of availability, integrity, etc.) will be complex ones.

Cybersecurity issues: from the virtual to the real world

People’s safety, inside and outside vehicles, is a top priority for the automotive industry. We might imagine, then, that the cybersecurity issues raised by connected vehicles will be treated with the same degree of rigor—such that they can guarantee the car’s safety and integrity.

The first issue represents an organizational challenge for all stakeholders, especially manufacturers, because the emergence of this new model brings together two opposing worlds: services and engineering. The first is characterized by agility and speed, and large numbers of short-term projects. The second, with a much longer development cycle, must meet the safety and quality requirements associated with vehicle approval. This dichotomy has impacts on cybersecurity and, in particular, its integration into development projects, as well as the coverage of end-to-end risk. For example, as a result of its position, the backend becomes a nerve center that must be fully protected to avoid any risk of a systemic attack that could have repercussions for the entire fleet. Unfortunately, the true value of this need for security is not currently appreciated, mainly as a result of requirements for very short times to market.

Considering the other issues, it’s clear that the cybersecurity challenges for connected vehicles don’t differ greatly from those in the IS world: identity and access management, detection and response, the security of infrastructures, cryptography, third-party management, patch management, etc. A connected vehicle is a mobile IS, and numerous security standards (ISO2700x, NIST 800, etc.) have already been developed. These set out good practice in various guides and reference documents (SAE J3061, AUTOISAC, NHST, etc.) and the topic will shortly be covered to the ISO/SAE 21434 standard.
However, a number of factors inherent to vehicles and their embedded systems mean that the topic needs to be considered from new and specific angles.

The vehicle’s mobility and connectivity make security more complex: security must be guaranteed where there is a limited connection, or no connection, and in the context of a changing environment. Regulatory aspects must not be ignored either, given that the vehicle may have to move between countries.

The world of on-board systems also places constraints on hardware—in terms of cost, computing power, and size.

Questions about updating components and services arise too, given that a system must be able to function at all times but may also be shut down for long periods.

Lastly, vehicles are designed for a long life cycle, which implies thinking about security from the start, especially when it comes to managing identities and accesses. This long life cycle also means considering evolving standards over time, as well as developing a model for updates that guarantees vehicle security in a way that is sustainable and manageable for constructors.

The road ahead is long, and cybersecurity is approaching a crossroads that was not in view a decade ago. It’s vital that all players involved grasp the importance of what’s required and start to put in the effort now, before it’s too late.

Cet article Saga 1/3: connected car: between cybersecurity and safety est apparu en premier sur RiskInsight.

Therefore, vehicles attack surface is becoming ever wider. They are then exposed to more and more risks which can jeopardize passengers’ safety but also the safety of people around vehicles under attack. Indeed, several researchers have already managed to perform different attacks on recent vehicles, and sometimes shown how to take full control of them. ​

What kinds of cyberattacks have been performed so far? What are the possible attack vectors? What could be the motives behind such cyberattacks?

A wide range of cyberattacks already performed on connected and autonomous cars…

Over the last few years, several vulnerabilities have been discovered by researchers on connected vehicles. In particular two events gave rise to an important media response in 2015, bringing the topic to the forefront.

The first one was performed by American researchers Charlie Miller and Chris Valasek, who managed to remotely hack a Fiat Chrysler car and take control of many functionalities, from radio volume tuning to brakes activation. Their entry point was the Internet-connected feature Uconnect that was used in the car to control the vehicle’s entertainment and navigation system, enable phone calls and offer a Wi-Fi hot spot. By attacking this feature, they managed to reach an adjacent chip in the hardware used for the car’s entertainment system, and silently rewrite the chip’s firmware to plant their code. With this rewritten firmware, they were then able to send commands through the car’s internal network, known as CAN bus, to its physical components like the engine and wheels. Once this attack was presented by the researchers, Fiat Chrysler had to patch 1.4 million vehicles by sending USB sticks to all concerned customers so that they can manually fix the vulnerability in their vehicles.

© ANDY GREENBERG/WIRED

Apart from cyberattacks that were made possible thanks to initial physical access or remote connection, others were also performed on sensors used in some cars to detect their surroundings. For instance, in 2016, Chinese researchers showed how to attack the Tesla Model S through its different sensors: Millimeter Wave Radars (MMW Radars), LiDAR, cameras, ultrasonic sensors, etc. They presented different kinds of attacks such as:

• Jamming attack on MMW Radars: use of a transmitter tuned to the same frequency as the car’s receiving equipment, and with the same type of modulation, to override any signal at the car’s receiver. Thus, no signal is received by the car, meaning that if the sensor is used to detect obstacles for example, these ones can no longer be detected during the attack (“obstacle evaporation”).
• Spoofing attack on ultrasonic sensors: use of a transmitter to create at a specific timing ultrasonic pulses with similar pattern as the ones of the car’s ultrasonic sensors to change the time of propagation. Thus, the distance between the car and the objects around it that is calculated by the sensors is no longer the real one during the attack.
• Blinding attack on cameras: use of an LED spot or lasers to blind, or even cause permanent damage on cameras (permanent dead pixels).

To sum up, researchers all around the world already managed to perform various cyberattacks on modern vehicles from different manufacturers, some of which are listed on the timeline below:

6 main vectors to attack connected and autonomous vehicles…

Today’s vehicles can connect to 3G/4G networks and can provide Wi-Fi and Bluetooth access. These technologies are standard and present vulnerabilities: many different types of attacks on these networks are well known. One can easily imagine an opponent penetrating remotely the local network of the vehicle using these canals or performing a “Man-In-The-Middle” attack, in order to steal personal data, to alter some services or even to take control of the commands as shown previously.

In addition, it is possible to directly connect to the vehicle. All cars have ODB port for diagnostic purposes and most of the modern infotainment systems offer a USB port. It represents an open door for attackers to conduct malicious actions with serious consequences: blocking part or all the systems due to a ransomware, malicious frames sent to the CAN bus, alteration of ECUs due to malwares, etc.

With the advent of extended and autonomous vehicles, new types of attacks must also be considered. The automated drive relies on many kinds of sensors that are continuously interacting with the environment to collect information about roads, traffic, etc. Attacks affecting these sensors may have dramatic impacts and malicious people can deflect the primary functions of either the sensors or the road infrastructures to cause an accident. In the past, a fatal accident has occurred, showing that sensors are vulnerable and be a source of misinterpretationOne can say with certainty that the implementation of artificial intelligence within vehicles will result in more and more targeting this vulnerable part.

Finally, the vehicle is becoming a central point of connection with the internet of things. Services will be delivered from smartphones and external devices that will become new vectors to conduct an attack. For instance, authentication may fail or be compromised on the smartphone and can give an unlimited access to services on vehicles, allowing doors unlocking for instance.

According to the attack vector, attacks may be categorized and:

• Could affect a single vehicle or a whole fleet, which will increase the level of impact
• Must be conducted close to the vehicle or can be realized remotely, which will change opponents’ capabilities and will contribute to increase the complexity of the attack because of the physical presence required or not.

Sensors, IoT, public or private network, the extended vehicle is a concentrate of technologies. It represents a large playground for attacker ready to act! But why a person would attack a vehicle?

 

What would be the motives behind such cyberattacks?

Motivations for the attackers could be diverse and varied. We have spotted 5 major categories:

• The first one is ideology: In the automotive context, several organization might intend to attack the vehicle. It could be an environmental group that wants to disclose a specific message (about air pollution for example), to cause a service outage, etc.

• It could be simply financial: Some attacks could be very basic: to hack the infotainment system to gain access free of charge to musical streaming services for example.

• Then, a third motivation could be destabilization: A state may want to destabilize another state by attacking a fleet of vehicle; a competitor may try to spoil the brand image of a car manufacturer, etc.
• It could be also killing: The possibilities to take full control of the vehicle and to cause accidents with likely human fatalities could attract criminals or terrorists. It will have a dramatic impact on populations. In a near future, a fleet of vehicles could become a massive state weapon.
• Then, the last one is attack capabilities procurement: Vehicles will become sophisticated systems with a great potential of computation. If a person finds a vulnerability, cars could become a way to spy citizens. Their performances could be also used for brute force attacks. They could be also turned into botnets to realize DDOS attacks.

Current vehicles already offer many ways to connect with external systems which could present vulnerabilities: Bluetooth, Wi-Fi, USB, etc. With the development of autonomous cars, services platforms and connected road infrastructures, the attack surface is going to increase more and more, and impacts will become very serious. Therefore, car hacking will also appeal to many opponents.

It becomes urgent to adopt a granularity approach to secure vehicle vital functions and to guarantee the safety of passengers. Measures and organization are inspired from IT world, but they need to be adapted to the automotive context. For this purpose, start-ups can bring some answers to technical challenges and norms, such as the ISO21434 currently in development, intend to provide a worldwide framework to increase the resilience of connected vehicles. But what are concretely the solutions and how to protect vehicles from cyberattacks? Don’t put the car(t) before the horse, stay tuned, we will soon have a look on it!

Cet article Saga 2/3: Connected cars… a path full of pitfalls (…and security holes) est apparu en premier sur RiskInsight.