Cyber Threats and the Wired Vehicle: Cause for Concern?Kevin J. Harrigan | March 19, 2015
High-tech, interconnected systems are becoming almost ubiquitous in automobiles. These systems provide drivers with exceptional data and entertainment, enabling safer driving via devices such as backup cameras, detour directions and blind-spot assist, while simultaneously keeping the kids entertained with video and take-out menus. Yet as more systems and sensors are integrated into cars, the potential for data security threats also rises.
The result is a new arena for cyber warfare, one with the potential to place millions of drivers in the technological crosshairs. Once the promise of fully automated vehicles is fulfilled—perhaps in the next 10 years—automotive manufacturers will need to have robust cybersecurity measures in place to prevent car technology from becoming a hacker's prime target.
To date, there have been few instances of automobiles being maliciously compromised by a remote threat. In March 2010, a disgruntled ex-employee in Texas used dealership software to “brick" (that is, immobilize) 100 autos. The software, known as Webtech Plus, is an alternative to repossession that offers dealerships remote control of vehicle ignition, but cannot affect steering, braking or acceleration.
Virtually all other instances of hacked cars have taken place in controlled settings to demonstrate the possibilities of this nascent threat. Hacking current-generation automobiles is difficult to do. Therefore, the typical driver has little to worry about in the near future.
“It's not likely to happen in the next two years or five years, but at some point in time it's going to be feasible," says Egil Juliussen, research director for IHS Automotive. "That's really what the average driver should worry about."
One factor that has kept automotive hacking from becoming more of a threat is the notion of repeatable profit. Currently, the data that can be mined from a car offers no clear path to monetization and profit.
In the PC industry, for example, the value of hacking is to acquire data that can be used to steal money, identity or something else of value, Juliussen says. “There really isn't anything equivalent to that in the car."
As a result, one of the few reasons for taking remote control of someone's car would be to orchestrate a "hit" to specifically cause injury or death. Car theft also seems an unlikely scenario, since a hacker would be unable to keep the stolen car on the road for long, and most cars must sense the presence of the key fob before ignition.
However, the rise in ransomware (that is malware that limits system access until a ransom has been paid), could be just the sort of revenue model that hackers seek. A person locked out of their car by ransomware faces three options: accept immobility, pay the ransom or have the problem fixed by a mechanic (an option that might cost as much as the ransom). Ransomware is a nuisance and a crime, but the peril is relatively low.
Angles of Attack
Several factors determine how vulnerable an auto is to hacking. First and foremost, automobiles can include 20 or more wired and wireless communication interfaces, each providing a path to a car's electronics (see the accompanying illustration). Vehicle architecture requires certain links between electronic control units (ECUs) and infotainment networks via the controller area network (CAN) bus—this link is what turns the stereo volume up or increases wiper rate as a car accelerates. By uploading a Trojan MP3 to the car's media center or intruding on a cellular connection, a hacker can gain access to vehicle controls.
Although network architecture varies between car models, most vehicles provide unfettered access between ECUs and other systems. Most wireless connections are well encrypted, but wired connections—particularly on-board diagnostic (OBD) ports—provide easy, virtually unprotected access points.
Second, data security measures for automobiles as a whole have been sparse. This was exhibited when researchers from the U.S. Defense Advanced Research Projects Agency (DARPA) intruded on a vehicle through the OnStar telematics system. Once in, the DARPA team took control via a buffer overflow exploit, a relatively low-effort hacking exercise in which an oversized data packet is used to confuse the computer while a separate code is deployed to take control; the result was a completely enslaved vehicle. This allows hackers to track a vehicle's location, eavesdrop on the cabin or even take control of driving operations.
Third, cars that have been programmed to execute maneuvers such as parallel parking or traffic jam piloting require additional code. Hackers could, say, initiate these cyberphysical commands with a person behind the wheel in rush hour traffic, one of the most dangerous scenarios imaginable. Code also has inherent flaws, so by default a car with more code has more flaws to be exploited.
Crash Course in Cybersecurity
In many ways, automotive cybersecurity today is similar to the first waves of Internet-connected PCs in the 1990s; hacking then was considered an accepted risk. Protocols and best practices were established, but tactics could not be improved until foot soldiers clashed along virtual front lines. Despite manufacturers' hesitancy to discuss hacking countermeasures, development likely is being done behind the scenes; after all, intelligence is a valuable commodity.
“I hope that there is work going on in the automotive field that they're not making people aware of," says Joe Grand, a "white hat" hacker and entrepreneur. Grand rose to prominence as a member of L0pht Heavy Industries, a collective that in 1998 told the U.S. Congress that it could shut down the Internet in 30 minutes.
One solution, Grand says, is to improve hardware security by closing access points such as OBD ports and implementing auto-focused hardware security modules (HSMs) to prevent and detect network intrusions, especially for ECUs with external communication. Users will have to ensure that data introduced to vehicle networks is secure and virus-free.
Grand recalls that when he was asked to extract code from an ECU that was sent to him, "the designers were like, 'well, this is a piece of electronics that is so deeply embedded in the car, you have to take all sorts of stuff apart to get to it, so why should we implement security on it?'"
Significant software improvements also will be required. Over-the-air software upgrades direct from the manufacturer may become necessary to patch security holes. A private cloud network could prove to be essential as public clouds are too vulnerable. Embedded modems and virtual private networks also may become a necessity. One danger is that security upgrades could overwhelm CANs. As a result, Ethernet may be a solution.
Cars will likely need to come with anti-virus software that locates and eliminates malware, just like a PC. Manufacturers also may need to be careful about what applications they accredit for use in their vehicles. Finally, enlisting a strong network of white hats and programmers to identify cyber threats is seen as a proactive approach.
“With white hats and security researchers, I feel like they're the good guys," says Grand, “And when you have a researcher do a presentation or a public conference to talk about a problem, those are the people that you want to work with instead of going after."
Auto manufacturers have some advantages, especially financial. The industry has shown a willingness to cooperate on this issue, such as when 13 manufacturers publicly agreed to data security standards in November 2014. The International Organization for Standardization also maintains ISO 26262, which standardizes some software security risks. Automakers have the opportunity to invest in cyber security, before threats become commonplace, forcing them to play catch-up. What's more, the auto industry has a history of public policy engagement. Laws that specifically address automotive hacking could deter some potential hackers.
Cyber Security and Autonomous Vehicles
Recent reports estimate there will be more than 51 million fully autonomous cars on the road in 20 years. To achieve this, the number of systems built into vehicles will need to be expanded. Yet without cybersecurity safeguards to sooth the average driver's peace of mind, that goal may remain out of reach.
Autonomous cars could offer hackers a clearer path to profit. Not only could a corrupted self-driving auto conceivably be delivered to a chop shop with a few taps of the keyboard, but more personal financial information may be exposed to autos, raising the profit motive for hackers. For example, a passenger who does some online shopping via the car's WiFi will expose their information just as they do when accessing any other network.
Additionally, autonomous cars will depend on an array of sensors. Rather than target data systems, it may be easier to force a car off the road by interfering with its data collection, either by providing fake responses or preventing data transfer altogether. GPS jammers may be used to obstruct a car's mapping programs. Laser illuminated detection and ranging (LIDAR) can be fed false signals. One safeguard to these threats is for data collection redundancies, but twice the systems could mean twice the cost. Suddenly, the autonomous vehicle future just became much more expensive.
There is no hack-proof car in the immediate future. Some inherent risk likely will always exist. Automotive innovation is headed toward a model that resembles a computer on wheels. Safety—including that of passengers, people outside the car and physical property—raises the stakes of this possible cyber threat.
Ultimately, the risk will be a personal decision: either a car piloted by a distracted and error-prone human, or a car navigated by steadfast electronics that has a chance—albeit slight—of being corrupted.