“Security is always struggling to keep up with innovation and connectivity”
An increasing demand is being put on automobile manufacturers to move to autonomous vehicles or connected cars that require connectivity to back-end systems for pushing updates to the car’s computer system that previously required a trip to your local dealership. We talked to Alissa Valentina Knight, Group Managing Partner, Brier & Thorn Inc; Managing Director, Brier & Thorn Germany, GmbH and W-JAX speaker, about the challenges and vulnerabilities of connected cars.
JAXenter: The discussions about autonomous cars have been around for years – in your view, what are the biggest challenges for the future? And how will they change the whole industry?
Alissa Valentina Knight: The biggest challenge I see is Joe consumer trusting a car to drive itself with his family in the car. While consumers want connectivity and technology, the safety of one’s family will always take front seat. The first generation of autonomous vehicles will still come equipped with a steering wheel for the driver to take over, but as we’ve seen with recent news, is there enough time to take over before a crash?
Another challenge the automobile industry faces is the fact that there are multiple stakeholders in the building of a car. What consumers don’t understand is TCUs and ECUs are typically a bastardized “hodgepodge” of different manufacturers. How does the automobile industry protect its brand when a long supply chain could potentially introduce vulnerabilities the automaker isn’t aware of. At the end of the day, it’s the automaker who will be blamed by the court of public opinion, not an ECU or TCU manufacturer if the car is hacked. Look at recent news reports of Jeep and other car makers. It’s the maker of the car, not the head unit that we discuss having been hacked.
Another challenge is the growing number of ECUs being added to cars and the bandwidth limitations imposed by old technologies such as CAN. Larger and larger bandwidth requirements are being demanded by the addition of all these new telematics systems and ECUs getting added to cars that requires higher bandwidth throughputs that current technology can not keep up with
JAXenter: Let’s talk a bit about hacking connected cars, from their infotainment system to control units: Can you outline the vulnerabilities?
Alissa Valentina Knight: Connected cars rely on a communication infrastructure to the outside world. Vulnerabilities lie in that communication infrastructure. Most TCUs have cellular connectivity for communication to the backend, which inherently trusts any communication from the cellular tower/base station it receives data from. This leaves it vulnerable to man-in-the-middle attacks, authentication of data, and other types of vulnerabilities current IPv4 protocol standard experiences.
VANNETs (vehicle-to-vehicle communication) are ad-hoc networks created between vehicles as they pass by each other on the road to communicate safety hazards and other information from one car to another. This uses standard wireless/WLAN technology. This leaves it vulnerable to the same vulnerabilities published in WLAN technologies in traditional computer networks.
In most cases, and some not, TCUs will use encryption between the backend and the TCU in the car to encrypt the data in transit. Key lifetime values must be a consideration for these OEMs. Many of the vulnerabilities we’ve found in our tests use symmetric keys that don’t expire for 12-24 months.
JAXenter: In your session abstract, you claim that security is an afterthought to design and functionality. What do you mean by that?
Alissa Valentina Knight: Unfortunately, history repeats itself. We’ve seen this before over the past 15-20 years where features and functionality are developed first and security isn’t thought about. For example, the case of one manufacturer who was using HTTP (not HTTPS) for communication with the car leaving it vulnerable to sniffing and man-in-the-middle attacks. In other tests, we’ve found that encryption wasn’t being used for SMS text messages which carried commands to/from the TCU from the manufacturer, relying only on the security offered by the cellular network. Security, unfortunately, is always struggling to keep up with innovation and connectivity to meet consumer demands. In another test, the system had hard-coded filenames for importing data that could be tricked into loading a backdoored version of the file.
JAXenter: How can you combine security, design, and functionality?
Alissa Valentina Knight: The same security principles apply in developing applications for the web (OWASP TOP 10). Harden ECU/TCU applications the same way you would web applications for traditional servers.
- Ensuring that security is woven into the SDLC process
- Engineers/developers must be given secure code training
- Secure code review
- Layered security model
- Static code analysis of ECU and TCU applications
- Eliminating trust between parts – authenticate all transmissions
JAXenter: The Global System for Mobile Communications, GSM in short, is a connectivity standard. Is it ready for areas outside of mobile telephony?
Alissa Valentina Knight: Unfortunately, the automobile industry is experiencing “vulnerability spill-over” of exploits published on vulnerabilities in GSM for the purposes of intercepting phone calls and SMS text messages and creating free GSM mobile networks using rogue base stations. These same vulnerabilities open up an attack surface to any connected car leveraging GSM for connectivity with the OEM. Automakers and OEMs must come together with the telcos to address the vulnerabilities in GSM in collaboration so the different industries are working together to create a more secure automobile. It isn’t just up to the automakers to fix these issues, silos must be bridged between all of these different markets in order to treat these risks.
Thank you very much!
Alissa Valentina Knight will be delivering one talk at W-JAX which will focus on teaching participants about hacking connected cars and autonomous vehicles through GSM.