The Changing Face of Automotive Cyber Attacks
Over the last few years, automotive cybersecurity has become a hot topic of discussion within the automotive industry and it may be a surprise to learn that it is far from a new subject. We asked Andrew Till, an experienced industry executive, to be our guest editor for this blog.
The history of automotive cyber attacks on vehicles can be traced back to the late 1990s, with the introduction of the OnBoard Diagnostics port (ODB) into vehicles which, for the first time, provided direct access to engine management systems.
Of course, in those days to attempt to hack a vehicle you needed expensive hardware, direct access to it in order to connect to the ODB port and proprietary software. Even then, it was far from simple, as you had to have an understanding of the Control Area Network bus (CANbus) control codes, which are typically unique to each vehicle model. Furthermore, as systems were predominantly isolated on different bus topologies, just having access to one bus would not allow you to easily access other electrical sub systems. Back in the early 2000s, what we know today as the In-Vehicle Infotainment (IVI) system was typically a proprietary piece of hardware running a Real Time Operating System (RTOS) and had very limited functionality in comparison to today’s advanced Android-based systems.
As vehicles became more sophisticated, so did the methods of attack. These ranged from “man in the middle” attacks extending the range of key fobs to broadcasting false traffic information over RDS systems to try and make cars re-route.
The Connected Car Age Changes Everything
As we move into the age of connected vehicles, the landscape for automotive cyber security is once again changing. Tens of millions of cars are already on the road with embedded connectivity capabilities. Juniper Research predicts that as many as 775 million connected cars will be on the road by 2023 (via telematics modules or via consumer apps). As a result, a whole new set of challenges will face the industry moving forwards.
However, this is not the only change that is taking place. We are seeing an evolution in the design of internal vehicle architectures. Consumers are demanding more capable experiences within the vehicle, with their expectations being driven by developments in the mobile and tablet arenas. OEMs are responding and are now implementing more advanced experiences These can include streaming content services (everything from traffic updates to Spotify or Netflix), support for digital assistants such as Google and Alexa as well as advanced software updating capabilities. These changes are taking place at the same time as the industry is moving to implement electrification of the power train, deployment of advanced driver assistance systems (ADAS) and moving to level 2 autonomous systems. All of these changes combined are driving the need for new internal vehicle architectures that can support 100’s of the microprocessors that are now standard inside modern vehicles. Ethernet (and specifically Ethernet-AVB) is now becoming a common solution within vehicles, to provide greater bandwidth and timing synchronisation together with support for gateways that allow different bus architectures to communicate with each other in ways that were not possible 10-15 years ago.
For hackers, the most significant change is the removal of the need to have physical access to the vehicle, as they can now target the embedded connectivity modules and, therefore, vehicles that are in motion. This was first highlighted back in 2015 with the infamous Jeep hack (Miller and Valasek).
Whilst that hack was performed under controlled conditions with the intent of providing valuable insights for OEMs (called a White Hat attack), they did demonstrate that, theoretically, they could have remotely achieved control of the vehicle. With today’s telematics units not only connected to the CANbus but also to IVI and other sub-systems, the potential for a remote hacker to cause driver distraction, or even to influence the vehicle itself, is a key concern. This has indeed been proven to be the case over the last few years, with 2019 marking a key milestone for the industry. Last year, there were more black hat attacks on vehicles than white hat attacks.
Technologies such as Wi-Fi and Bluetooth are also now commonplace in vehicles and these also facilitate the potential for remote attacks. For example, embedded Wi-Fi 33 modules are being used as private networks, replacing complex, expensive and heavy wiring harnesses between sub-systems in order to both reduce cost and also improve fuel efficiency. Vehicle users are often not even aware that these systems exist or maybe exposed to hackers.
Another source of attack is on the back-end cloud platforms that vehicles are connecting to in order to download content, software updates or to upload diagnostic logs etc. Whilst this does not directly enable a hacker to take control of a vehicle, it could, for example, allow them to track where a vehicle is or to retrieve user information and credentials. It could also enable them to embed malicious content into updates being sent to the vehicle, which could then force an IVI or telematics unit to reset, thereby causing distraction for the driver.
Another consideration is the widespread move towards Linux-based platforms such as Android or GenIVI. This presents two key challenges:
1. Common platforms = more developers
In the past, OEMs would normally use RTOS platforms such as QNX or iTron. These were highly specialised for the automotive industry and hence, if you did not work in the industry it was very unlikely that you would develop the expertise or have access to tools to carry out an attack against a vehicle. However, with the move towards repurposing server, desktop and mobile platforms for automotive, this is increasing the potential number of developers that have the expertise to work on these platforms. This is both positive and negative. While OEMs can harness more development talent to work on their projects, they are now also using platforms that are widely understood by hackers and are commonly targeted by them. While there are specific Linux releases, such as the SELinux Kernel enhancements, that focus on enhanced security, they do not cover all aspects of security and still require additional hardening of the operating system.
2. The Application Challenge
One of the attractions of moving to Linux-based platforms is the ability to support 3rd party applications and services that can be pre-installed or added by vehicle users. While this undoubtedly has many potential benefits for all parties concerned, it does open-up additional attack vectors. We have seen the impact of developers embedding malicious code into applications and downloadable in the desktop and mobile world and the devastating impact this can have, from rendering devices unusable to ransomware attacks. While OEMs will be able to limit what applications and services are made available to vehicles, using platforms that are widely understood by black hat hackers will focus their attention on this area. Already in 2019, according to Upstream Security Ltd, 13% of reported automotive cyber attacks were conducted via mobile applications.
New automotive cyber attacks need new thinking
As the design of in-vehicle networks becomes increasingly complex and customers seek progressively advanced features, a new approach will be required to providing robust cyber security. This will be a fundamental requirement in building the trust needed for customers to make the investments in buying these capabilities and also to engage with the OEMs’ digital services throughout the lifetime of the vehicle.
Automotive cyber security has, until now, been largely viewed as a “bolt-on” solution to existing hardware and software platforms. This will need to change – to a situation where security becomes a central part of the automotive design process, for both hardware and software. Another core change will be the move away from viewing security as a set of isolated solutions, to it being an end-to-end chain of trust that spans the vehicle, devices bought into the vehicle, the cloud and any third party services that are delivered in to the vehicle.
Working with the team at Trustonic, we believe that Trusted Execution Environments (TEEs) will play a key role in ensuring that both vehicles and the devices that they interact with, will remain safe and secure. This is critical for both their occupants and their interaction with their environments (such as smart city infrastructure or other vehicles). By implementing a TEE into the core chipsets being used inside the vehicle, OEMs can validate the integrity of the operating system every time the vehicle is started.
Furthermore, trusted applications can be developed, running inside the TEE, that provide support for advanced security features, such as the biometric authentication of the vehicle user or provision of secure access to new features and functionality within the vehicle. Another core application is the validation that software updates sent to a vehicle are, in fact, from the server / author they claim to be from.
As the same TEE environment can also exist in mobile devices such as mobile phones and tablets (the Trustonic TEE has already shipped in c.2 billion mobile devices), the same technology can be used to create a secure end-to-end connection between a phone and a car for the exchange of secure information. A common use case is the utilisation of a phone as a digital key that can unlock a vehicle.
The cybersecurity landscape for vehicles is changing rapidly as new technologies and customer experiences are added to vehicles and the automotive industry moves towards a fully connected future. Recognising the potential new threat surfaces that these changes present, will enable the automotive industry to embrace a new approach to cyber security which places security at the heart of vehicle and service design. Building security into the heart of the vehicle and the devices they interact with, will enable automotive companies to build the trust-based relationships with the customers that will enable them to extract value from these innovations and build digital-based revenues streams to power the next wave of innovation.
Control Area Network bus (CANbus)
A vehicle bus standard that allows microcontrollers and devices to communicate with each other’s applications without a host computer.
Ethernet-Audio Video Bridging (AVB)
A set of technical enhancements to Ethernet that provide improved synchronization, low-latency and reliability. Specifically designed to support high definition multimedia content distribution.
The GENIVI Alliance is a non-profit automotive industry alliance committed to driving the broad adoption of open source, In-Vehicle Infotainment (IVI) software and providing open technology for the connected car.
In-Vehicle Infotainment (IVI)
The multimedia system that is normally embedded into the dashboard of a vehicle, providing functionality such as music, navigation, telephony and control over the vehicles software related settings.
A Japanese RTOS platform that was widely used for embedded electronic devices in the 1980s, 1990s and 2000s.
OnBoard Diagnostics port
A hardware connectivity port that provides access to diagnostics information from various vehicle sub-systems.
A “like real-time” operating system designed primarily for use in embedded systems. QNX has widely been used in the automotive industry for several decades.
Real Time Operating System (RTOS)
An operating system designed to process data and applications in real-time as it comes into the OS. Processing of data or applications must be performed within specific time-based limits, thus providing the developer with guarantees in terms of system performance.