The Dark Side of "Smart" Cars (Part II)

JAN 19 2017

AUTHOR

Kumar Ritesh

In part 1 of this post, I outlined the potential cyber risks for NextGen vehicles and their implications for the larger automotive ecosystem. To wrap up, I’ll cover how attackers using direct and indirect approach can hack a vehicle and the larger ecosystem, and outline a comprehensive cybersecurity approach.

As discussed previously, NextGen vehicles are highly dependent on the supporting infrastructure and corresponding ecosystems (mobile communication, travel and passenger information management, city traffic management, smart interscan, schedule and location management, vehicle-to-vehicle communication, toll management, etc.).

While these technologies offer numerous benefits to car owners, manufacturers and communities, they also create a huge attack surface across all components of the NextGen vehicle ecosystem. Thus, cyberattackers can leverage a vulnerability in any component of the ecosystem to propagate attacks against other components in the ecosystem. Attackers can take two basic approaches:

Direct attack: Example: Hackers compromise one electronic control unit (ECU) in a vehicle, which opens a channel for malware to infect every other ECU in the vehicle. Once the channel is available, the hackers can control not just the vehicle’s critical functions, but also use vehicle-to-vehicle communication to disseminate malware to other vehicles.

Indirect attack: Example: Hackers compromise a public cellular network and mimic server commands sent to telematics units (embedded systems that control certain functions in vehicles) and the vehicle’s infotainment system. Through this method, they can potentially manipulate the vehicle’s brakes, steering, airbags and transmission; eavesdrop on conversations in the car; steal personal information and credit card details; and even manipulate advanced features like autonomous driving and collision-prevention functions.

These two methods highlight the need for a comprehensive, multi-layered cybersecurity approach that leverages both proactive and reactive security capabilities.

To create a holistic solution that protects the entire ecosystem, we need to implement a defense-in-depth strategy to ensure that each component of the ecosystem can address its specific security challenges.

In other words, we must secure everything from the most basic units—the ECUs of each vehicle—to the highest levels where the behavior of the overall ecosystem is continually monitored and analyzed for anomalies. This approach provides multiple levels of defense and ensures that there are no weak links in the chain.

I recommend the following technologies and techniques to:

  • 1. Secure the vehicle
    • Secure processing units (including transceivers) with firmware protection
    • Segregate components so that if one is hacked, attackers will not be able to easily hack other components
    • Secure inbound and outbound connections to/from external and internal components
    • Secure messaging between different components within the vehicle. Example: Component A, which sends a signal or message to component B, should be secured with proper authenticity and integrity checks
    • Strict reconfiguration management: Any configuration change from baseline must be properly authenticated
    • Securely stored keys and data by applying the securing data at rest concept
    • Tamper detection and protection: No changes allowed to any configuration or components
    • Continuous and regular cyber risk assessments of technologies onboard next-gen vehicles
    • Data protection to secure any exfiltration of vehicle-specific data
    • Behavior anomaly detection system to monitor for abnormal behavior within each component
  • 2. Secure the surrounding ecosystem
    • Standard security controls for external centralized ecosystem like traffic control, mobile communication and smart interscan management systems that include data, communication, identity, asset security
    • Secure point-to-point communication between vehicle and centralized ecosystem using secure messaging
    • Identity impersonation protection. Example: Prohibiting vehicle A from pretending to be vehicle B
    • Fast cryptographic services where encryption is enabled on demand
    • Secure vehicle-to-vehicle communication requiring authentication before vehicles can “talk” to each other
    • Behavior and anomaly detection system to monitor for abnormal behavior coming from or going to the external ecosystem
    • Rogue command and control center detection and protection using unique factor authentication with vehicles
    • Privilege access management: Multi-check access grant system that allows components to communicate only with appropriate entities. Example: Prohibiting direct communication from a satellite to a bus station
    • Data protection capability to secure data exfiltration from centralized ecosystem
    • Continuous and regular cyber risk assessment on external ecosystem and communication systems

Because a chain is only as strong as its weakest link, it is imperative that automobile manufacturers, third parties, ecosystem service providers and regulators work closely to implement a multi-layered defense approach that secures all components — and, ultimately, the entire ecosystem. The time is now.