Cyber security is a common talking point within the modern automotive industry, but there remains ambiguity around what, or who, the vehicle and its associated data must be protected from. To date, the majority of security breaches have been research-led, with so-called ‘white hat hackers’ carrying out penetration testing—often at the request of the manufacturer in question.
Hackers have already shown how semi-autonomous driving systems can be tricked into thinking there is an object within the car’s path; the battery charging system of a plug-in hybrid has been hacked via its built-in Wi-Fi; and the throttle and brakes of a connected car have been controlled from a laptop. In February 2016, one researcher even managed to gain remote access to a UK-based Nissan Leaf all the way from Australia.
The concern is that eventually, such activities will be carried out maliciously for financial or even political gain. A vehicle’s acceleration, braking and steering can now be controlled electronically, and that creates an opportunity for drivers to be held hostage, or worse. Then there is the risk that private information stored in the vehicle may be compromised as more elements get connected. To the average consumer this may all seem far-fetched, but with advances in connectivity and autonomous driving technology, it is no longer only in the realms of science fiction.
“It is still very early days to know exactly how these attacks are going to roll in,” warns Robert Lambert, Head of Security Consulting North America at ESCRYPT. “For example, we haven’t seen ransomware reach this space yet, but as vehicles become more sophisticated, that is coming.”
Headquartered in Germany, ESCRYPT focuses on security for embedded devices, and particularly those in the mobility space. It is a subsidiary of ETAS, which in turn is wholly owned by Bosch. ESCRYPT may have ties to one of the world’s leading automotive suppliers, but being at arm’s length also provides the freedom to work directly with other Tier 1s. It currently provides global support for all of the leading automakers across North America, Europe and Asia.
How is security being tackled?
Cyber security may have taken some headlines in recent years, but it is not a new consideration for the automotive industry.
In July 2008, the EVITA project was launched as part of an effort to produce secure hardware components for vehicle ECUs. As part of that €6m (US$6.64m) programme, various classes of security hardware were defined, which later materialised in the form of Hardware Security Modules (HSMs). In essence, these HSMs provide hardware ‘roots of trust’ that enable secure boot of software, secure over the air (OTA) updates and secure messaging on in-vehicle networks, between vehicles and backend and tester infrastructure.
It is still very early days to know exactly how these attacks are going to roll in. For example, we haven’t seen ransomware reach this space yet, but as vehicles become more sophisticated, that is coming
Among other things, ESCRYPT provides a software stack for the many HSMs that can now be found in modern vehicles. This essentially provides a hardware anchor to the IT security within a vehicle network, and protects against unauthorised access and manipulation. The company describes HSMs as the “means of choice” for protecting vehicle networks today.
New attack vectors
Hackers have more opportunities than ever to gain access to a connected vehicle. Think of the vehicle as a house: each new connection to the internet represents another door or window being added to the home. To prevent intruders, all of those entry points need to be locked down.
“Think back to the 1990s when computers first became connected to the internet; there was a flurry of new products to shield companies from malicious attacks—things like VPNs and firewalls. That’s the stage we are at now with the vehicle,” said Lambert. “Vehicle connectivity was available in the past with low-speed mobile networks, but today’s models have all kinds of new entry points.”
Vulnerabilities can be found in even the most unlikely areas. Outside of the automotive industry, a casino was once hacked via a Wi-Fi enabled thermometer in a fish tank, while US retail giant Target was hacked following a data breach in its heating, ventilation and air conditioning (HVAC) contractor.
Digital signatures can be used to validate messages between vehicles. But those messages that flow from a vehicle could also be used to track that vehicle, so there is an element of privacy that comes in as well
As electric vehicles (EVs) proliferate, various communications will flow over those systems to gain access to the charger. Then there is the boom in remote diagnostics, which taps into data about the vehicle’s usage and state of health. Consider also the trend toward over-the-air updates, where vehicle software is refreshed on the fly. Although this will be pushed directly by the automaker, there remain risks that an update could be tampered with before it reaches the vehicle.
But there are solutions. “The firmware that is sent to the vehicle should ideally be signed to the roots of trust already in the vehicle,” said Lambert. “Ensuring that is done properly also requires some protection, and the HSM in the vehicle is often used as a hardware root of trust to ensure those signatures are valid and correct.”
A secure future of mobility
In the not too distant future, these connected vehicles will form part of a connected ecosystem, communicating with other connected cars, roadside infrastructure, wireless networks and other connected devices. The industry must ensure the messages pinging between those networks are tamper-proof, and do in fact carry the intended information—such as an alert sent from a roadside unit to warn an autonomous vehicle of a crash up ahead.
“Digital signatures can be used to validate messages between vehicles, but there is a caveat when you think about the messages that might be flowing between vehicles,” says Lambert. “You may be interested to know that the vehicle behind is accelerating and may be at risk of hitting you. But those messages that flow from a vehicle could also be used to track that vehicle, so there is an element of privacy that comes in as well. V2X systems employ many certificates for each vehicle, allowing messages to be sent under different certificates, promoting privacy.”
Clearly, there is a significant challenge ahead for automakers to keep up to speed with all of this. Securing the connected car is not a straightforward task when considering the vast range of communications in which it will be involved, and the expertise of dedicated cyber security firms cannot be overstated.
“As the leading provider of security for vehicles worldwide, we as ESCRYPT recognise that these technologies can improve the driving experience and reduce the mortality rate,” concludes Lambert. “But if messages can be sent to the vehicle that cause it to perform actions that could be harmful, it is extremely important that those messages are properly secured.”