A Sincere Letter From a Security Company to the Car Industry
This past July, Wired released an article about the vulnerabilities of smart cars . In the light of this article as well as the rapid growth in the IoT industry, people have been exploring the possibilities of hacking everyday objects from baby monitors to medical equipment. However, with the Wired article as well as countless other hacking claims of smart cars, these IoT hacks have turned into a physical detriment to the public. As a trusted information security company that has been in industry for over 18 years, we are asking the car industry to carefully reconsider the roll-out of internet-connected smart cars. We understand the technology is in demand and that becoming the first adopter could be a competitive advantage, but we believe that all of the potential issues (especially those regarding security) should be completely resolved before relaunching to the public.
Wired’s article titled Hackers Remotely Kill a Jeep on the Highway — With Me in It, was written by Wired tech journalist, Andy Greenberg. He was asked by former two NSA researchers and tech security experts, Charlie Miller and Chris Valasek to participate in a hacking test. In the past, the pair of two experts had conducted hacking experiments to manipulate the car’s Electronic Control Unit (ECU) with a laptop from the back seat of a car. However, this past summer, it was more sinister — they said that they controlled the hack remotely 16 km away from the moving vehicle. They even released a video as proof.
The car used in the experiment had FCA (Fiat Chrysler’s wireless communication system — also known as Uconnect) installed. When the system was first introduced in 2013, about 470,000 models were sold. However, as time progressed, car productions and sales with FCA technology have rapidly increased. But, as sales increased, so did people’s claims of successful hacks. Some of these boasts include cars from Toyota, Ford, and Tesla.
But How Did These Hackers Actually Hack These Smart Cars?
In the Wired hacking experiment, the hackers were able to control harmless systems like air conditioning and audio systems, but also more critical systems like the accelerator and breaks. With our experience in web security, it’s highly probable that hackers probably accessed the car through its CCU (Computer Control Unit) and then through its CAN (Controller Area Network). Once they secured access to the CAN, they would be able to control the rest of the car’s ECU (Electronic control unit).
If you take a look at the image below, you will see a diagram of how hackers access a car to attack it. As you can see below, there should be five pieces of security missing in the Wired hacked car.
- They were able to access CCU because it was not protected
Think of your smart car’s CCU like your computer or website. Just like those things can be attacked by hackers, so can your smart car. So, if you do not have proper protection for your car’s system (which is a web app), then it is open to web attacks.
2. There were no security measures between the CCU and ECU
When commands are created like activating your GPS navigation or streaming Pandora, they are sent from the car’s CCU to its ECU. A CCU (communication control unit) is the car’s main control unit that communicates to the rest of the cars functions. The ECU are the electronic control units that implement the actual controls from the CCU. So, if you want to turn off your engine,you press the button to turn it off that will be sent to your smart car’s CCU, which will then carry out the act of shutting down through the ECU.
3. There was no authorization process (encryption keys and policies) created in the car’s ECUs
For those of you that know about website security, you will be aware of SSL certificates and the need for public and private keys. It is important to encrypt the data before data transactions as hackers can intercept the data and manipulate it. If there is no authorization process in your car’s ECUs, then hackers can manipulate your system and control your car.
4. Adequate security processes were missing for each ECU, such as Secure Boot and Secure Flashing
Just like there was no authorization process in the car’s ECUs, there were also other missing security processes. Since ECUs execute actions (brakes, engine, ignition, etc) of the car, multiple security processes are needed to ensure that hackers cannot interfere or manipulate them. Your computer actually needs very similar if not identical software to your smart car, like secure boot and secure flash. Secure Boot is a functionality that specifically prevents malicious software from loading when a system starts. Secure flashing is when the system updates itself to prevent hackers’ attempts to subvert the sytem’s security protections.
5. There was no ITS infrastructure employed that would manage the car’s basic security needs
ITS (Information Transformation System) is the system that recognizes surrounding traffic in smart cars. ITS is configured by integrating the elements of the existing traffic systems such as cars, other roadside units (RSU), and roads and signaling systems. However, if the ITS is not protected by security, then when a smart car tries to read neighboring cars or roadside units, a hacker could interfere with the reading.
So how should smart cars technology be secured? For smart car security, we feel that three security aspects must be aptly addressed, such as:
- In-vehicle Security
In order to have full protection for your smart car, you need a web app firewall (WAF). Just like your website needs protection, your smart car’s web app technology also needs to be protected from hack attacks. A WAF creates a proxy between your smart car and outside data. This way, hackers cannot access your smart car’s CCU and access any of the car’s functions such as brakes or windshield wipers.
2. V2X Security
A smart car also needs complete security in all forms of its communication. This includes: vehicle-to-vehicle, vehicle-to-infrastructure, and vehicle-to-mobile. A smart car communicates with other cars when it uses technology to provide traffic status or just for safety precautions like keeping distance between vehicles. Vehicle-to-infrastructure is when a smart car communicates to RSU. The RSU communicates with cars on the road to reduce traffic and provide the drivers with a more agile navigation system. In addition, they help to provide multimedia content like satellite radio. Last aspect is security between the driver’s phone/device and the smart car.
3. Security Infrastructure
As stated earlier, a smart car’s ITS needs to be protected. A method to protect it from hackers is to protect it with PKI authentication (Public Key Infrastructure). A PKI forces all of the cars and RSU to register their identities — therefore making it less possible of hackers accessing or manipulating a person’s ITS infrastructure.
As in the case of the Wired hacking, Fiat Chrysler's Uconnect is known to be a stable and advanced security technology. However, holistically, due to its ability to be easily hacked, it is probably missing at least one of the above security components, thus missing out on the chance for complete security.
Car industry experts are working to prevent malicious car hacks. Currently, by collaborating with NHTSA (America’s highway department), GM is researching how to fortify data communication security in cars. Having already been hacked, Tesla is hiring ethical hackers to help them debug their security. In Korea, Hyundai is doing the same thing by hiring hacking experts and studying smart car security and applying it to their cars. In fact, Penta Security System — the only security company in Korea that meets the car security international standards — is just about to launch commercial car security products. With the car industry and web security firms working to patch car security vulnerabilities, we believe that car security concerns will be solved in the future.
So, although we are hopeful for the future, as a gentle reminder to car companies, we suggest that the car industry put a halt in launching smart car technology. In order to ensure the best customer experience and just overall public safety, please focus on creating a product with all security vulnerabilities patched.