For example, an attacker could exploit the TPMS connection to, among other things, send an impossible condition to the Advanced Driver Assistance System (ADAS) ECU, causing a fault that could then be exploited; trick the ADAS into overcorrecting for spoofed road conditions; put the TPMS receiver or the ECU into an unrecoverable state that might cause a driver to pull over to check for a reported flat or that might even shut down the vehicle and more.
And you don’t need to be an expert hacker or top-flight mechanic to do that. Instructions on how to remotely hack a connected vehicle’s TPMS, infotainment system, USB, Bluetooth connection and much more are all available online.
That connected vehicles, like any other connected system, are eminently hackable should come as no surprise. By 2025, 80% to 90% of new vehicles will be connected. With such an attack surface, it’s just a matter of time before hackers begin turning serious attention to connected vehicles.
Because connected vehicles are essentially internet-connected computers on wheels, it’s not unlikely that hackers will have the same level of success with them as they have had with IT systems. The only difference, of course, is that connected vehicles will be moving at 40, 50, 60, or more miles per hour—and thus constitute a danger to both the people in them, and the people around them.
OEMs and nameplates realize they have a problem; the question is what are they doing about it? The Alliance of Automobile Manufacturers, an association of 12 vehicle manufacturers including BMW, Fiat Chrysler, Ford, GM, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Porsche, Toyota, VW and Volvo have developed a Framework for Automotive Cybersecurity Best Practices.
By nature, manufacturers will have the most control and impact on the manufacturing process. According to the Best Practices Framework, “The automotive industry is already incorporating security into the vehicle development process, including by designing security features into hardware as protective functions for vehicle control system and communications-based functions like navigation satellite radio, and telematics.”
With that, there are things the manufacturers cannot control. “Intrusion detection and mitigation capabilities also apply to third parties, such as suppliers, dealers, repair partners, and others in the vehicle ecosystem,” according to the framework. “Those entities, while not directly under the control of automobile manufacturers, may represent channels by which cyber-attackers can penetrate vehicles or manufacturer systems.”
Among those entities, for example, are the makers of connected apps and other hardware and software that require internet connections. And as we’ve seen, hackers can readily invade connected systems in vehicles through any number of attack surfaces.
Using those connections, they can download malware to the various vehicle systems, which will allow them to take control of any number of systems. It’s already happened; and a study by antivirus firm Kaspersky shows that many apps are not secure, sending unencrypted data to and from servers.
The problems with connected vehicles are similar to those facing all advanced systems that utilize network communications. While anti-malware systems can help prevent attacks against known threats, they aren’t helpful against zero-day threats—and since connected car technology is still developing, many of the attacks are likely to be new ones that we have not seen before. How will we defend against those?
One solution could entail manufacturers installing an intrusion detection system that would check the activities of the autonomous and smart systems controlling vehicles—or any other smart devices or systems—to make sure that they operate properly, even after they leave the factory. The system would ideally check multiple layers of the vehicle, including hardware (USB, storage, physical interfaces, etc.), software, and communications and sensors, detecting communication or operational anomalies that could indicate that malware is being installed or has already filtered through and is active.
For example, if a hacker attempts to install malware into the ECU that only later will actively try to control one of the vehicle’s systems, the intrusion detection system might register a small jump in the number of bytes transferred to the vehicle over the network that, based on what is supposed to be happening, should not be there, thus recognizing the anomalous activity in the ECU itself. The security system could then take steps to neutralize the threat, inform the security operation center that there is a problem, or guide drivers to stop the vehicle, etc.
The need for a zero day-proof security system is urgent, because the attack surface of a connected vehicle is so vast—and the potential consequences so frightening. As new features are deployed in connected vehicles—designed to further enhance the safety of drivers and passengers—you can be sure hackers will be there, figuring out new exploits and updating their online guides. The industry understands this, and hopefully its best practices will evolve to reflect this need.
This post was also published on Security Boulevard.