Automotive Security and the Road Ahead of Us
Connected mobility and what to expect from future cyber attacks
In 2010, security researchers at the University of California San Diego and the University of Washington demonstrated that messages can be injected into the Controller Area Network (CAN) of a vehicle.
Controller Area Network
The CAN, is essentially the raw representation of byte code running on a vehicle’s electric wiring. The bus architecture was released in 1986 at the SAE Conference in Detroit, MI. Since then, every vehicle past 1991 has used this architecture. There are many other architectures that precede CAN, to learn more about it click here.
It wasn’t until four years after, the concept of injecting CAN messages into the CAN bus that two researchers — Charlie Miller and Chris Valesek demonstrated the first Remote Code Execution (RCE) in 2014. By chaining multiple vulnerabilities on the vehicle stack they were able to fully control a vehicle. In many video interviews they demonstrate to reporters the abilities of what a malicious actor can do when they are on your CAN bus. This includes controlling your steering wheel, braking, ignition, and even killing the engine completely.
The fact that security researchers were able to remotely communicate with the CAN bus over a remote connection paints a dark picture for the future of mobility.
Death From Hacking
We’re lucky to see that in the past 5 years there has been no vehicle-related deaths involving a remote attack. The paper published by Miller and Valesek required vulnerabilities in OnStar, misconfigurations in cell towers, and in-vehicle infotainment to mount this attack. The fact stands that this is a real threat. Given this, is death by a cyber attack inevitable? We will take a look back at history to answer this question.
The Pioneers of Hacking
Phone freaks “Phreakers” were known as one of the first hackers dating back to the 1970s, they reverse engineered the frequency emitted by rotary phones to enable free calls. At this point, telephone switches were used to connect callers together, what hackers did was they emitted the same 2600Hz frequency to bait the telephone switch into thinking the call was over, while it actually kept the phone line open for them to use in long-distance calls. Other early adopters of phreaking included Steve Wozniak and Steve Jobs.
It was around this time that the ARPANET was established as the first four nodes of what is to become the backbone of the internet. It was founded and used by the Department of Defense. The advancements of technology up until it’s dismantlement included telnet, DNS, FTP, SMTP, and of course, the World Wide Web (WWW).
Securing technology is standing on the shoulders of giants and trying not to fall at the same time.
In 1988, the first internet worm infected 7,000 computer systems and slowed them to a halt. This was known as the Morris Worm, with just 90 lines of code the worm had the ability to wipe out 10% of the computers online at the time. The diaspora of protocols and network infrastructure enabled the Morris Worm to be as destructive as it was.
In 2007, Apple released the first iPhone which gave way to the computers in our pockets we hold so dearly today. The first attacks included an attempt on the GSM network to break encryption, WiFi attacks on WPA, and jail-breaking. The painting is on the wall, Even with modernized computers such as our mobile devices, they are still as vulnerable as the WWW during it’s hayday. A car accident induced by vulnerabilities within it’s technology stack is inevitable. This is the curse of innovation, there will always be a need to manipulate it.
This parasitic relationship between technology and security is the harsh reality.
It will always be easier to break things than to fix and maintain them.
With cars, it’s only been five years, since the first attack on CAN. Vehicles have many other layers of abstraction to secure besides the CAN protocol including: Bluetooth, wireless, hardware, cellular, and radio. How can these be future-proofed as well?
Confidentiality, Integrity, Availability and… Safety?
With car-related incidents, the attacker motivation shifts to that of chaos and disruption. The cyberspace before then has only exploited things in the virtual realm. As devices are being connected, our privacy and safety is at risk. The CIA model security professionals hold on a pedestal will soon include “Safety” (CIAS).
There is also a war that is occurring behind closed doors, a virtual war that consists of espionage and politics. Nation states will often fund hacking groups as an arm of their military to mount attacks on enemies to ex-filtrate data and spy. How enticing would automotive exploits be to these groups? All they would need to do is buy a vehicle or exploit on the dark web for a specific make/model (possibly the most common car in the US), send malicious packets to the vehicle and V2X infrastructure, have all of those cars turn right and kill their engine. A total shutdown of interstate highways.
If you think the traffic was bad in California or New York, think again.
Human lives are on the line, and the wave of connected mobility and devices are coming, securing the devices on edge is more important now than ever. Taking a look back at history, you realize that these physical attacks and cyber-related deaths aren’t too far from reality. The industry of automotive is coming out of the recent recession and it’s hard to imagine that security is high on their list.