{"id":78083,"date":"2015-09-22T20:01:16","date_gmt":"2015-09-23T00:01:16","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2022-10-23T16:59:51","modified_gmt":"2022-10-23T20:59:51","slug":"how-safe-is-your-connected-car","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/how-safe-is-your-connected-car\/","title":{"rendered":"How Safe Is Your Connected Car?"},"content":{"rendered":"

\"How<\/a>There will be 250 million<\/strong> wirelessly connected cars<\/strong> on the road by 2020 according<\/a>\u00a0to Gartner<\/a> (IT<\/a>). The technical prognosticators believe<\/a> that 60% – 75% of them will be capable of consuming, creating, and sharing Web-based data. In light of predictions like these and highly publicized car network attack<\/a><\/strong> demonstrations car need more security. Intel<\/a> (INTC<\/a>) has established the Automotive Security Review Board<\/a><\/strong> (ASRB) to help mitigate cyber-security risks associated with connected automobiles.<\/p>\n

\"Intel<\/a>An Intel<\/strong> presser<\/a>\u00a0says ASRB researchers will do ongoing security tests<\/strong> and audits. They will codify best practices<\/strong> and design recommendations for advanced cyber-security solutions and products. Intel will publish automotive cyber-security best practices white papers, which the company will update based on ASRB findings. Chris Young<\/a>, senior vice president, and general manager of Intel Security said in the presser.<\/p>\n

We can, and must, raise the bar against cyberattacks in automobiles \u2026 Few things are more personal than our safety while on the road, making the ASRB the right idea at the right time.<\/em><\/p>\n

Secure car networks<\/h3>\n

It is the right time to secure the networks in cars. A study released by Atlanta-based PT&C|LWG Forensic Consulting Services<\/a>\u00a0looked at what made cars vulnerable to attacks<\/strong>.
\nRobert Gragg, a forensic analyst with PT&C|LWG told<\/a> CSO<\/a><\/em> cars with the highest risk of cyber threat tended to have the most features networked together, especially where radio or Wi-Fi networks are connected to physical components of vehicles<\/strong>.<\/p>\n

\"radio<\/a>Today’s modern automobile uses between 20 and 70 computers<\/strong>, each with its own specialized use. The article explains that engine control units<\/strong> oversee a wide array of electronic sensors and actuators that regulate the engine and maintain optimal performance. Vehicle manufacturers use the generic term “electronic control units” (ECUs) to describe the myriad of computers that manage various vehicle functions.<\/p>\n

For example, the author says ECUs control vehicle safety functions, such as antilock brakes and proximity alerts<\/strong>. The ECU which governs climate control systems receives temperature data from sensors inside the cabin and uses that to adjust airflow, heating, and cooling.<\/p>\n

\"modern<\/a><\/p>\n

What is a controller area network<\/h3>\n

Typically, all of a vehicle’s computer systems can be accessed over a vehicle’s controller area network<\/strong> (CAN) via the radio head unit, a computerized system that runs a car’s or truck’s communications and entertainment system.<\/p>\n

\"firmware<\/a>Many of today’s modern vehicles can be accessed via cellular, Bluetooth, or even WiFi connectivity<\/strong>. While no easy task, the CSO<\/em> article says, once a hacker gains access to the vehicle’s head unit, its firmware can be used to compromise<\/strong> the vehicle’s CAN, which speaks to all the ECUs. Then it\u2019s just a matter of discovering which CAN messages can control various vehicle functions.<\/p>\n

Car attacks<\/h3>\n

These attacks can happen at a distance. PT&C|LWG study estimated minimum distances from which a vehicle could be hacked according to the wireless communication protocol it is using.\u00a0For example, a passive\u00a0anti-theft system<\/strong>\u00a0could be access from 10 meters, a radio data system (or radio head unit) could be hacked from 100 meters, a Bluetooth system could be accessed from 10 meters, a\u00a0smart key<\/strong> from five to 20 meters, and a vehicle equipped with Wi-Fi\u2026 well, it could be hacked from\u00a0anywhere there\u2019s Internet access <\/strong>(rb-<\/strong>\u00a0I wrote about this vulnerability in\u00a02011<\/a><\/em>).<\/p>\n

That may be a problem. Increasingly, carmakers are coming out with vehicles that include Wi-Fi routers for Internet connectivity. PT&C|LWG\u2019s Gragg said.<\/p>\n

In more advanced vehicles \u2014 the ones that have infotainment systems \u2014 wireless security and wireless access points are all connected into the navigation system. So those are more susceptible to hacking because there are just more wireless access points \u2026 Anything open to wireless capabilities is susceptible to the hacking.<\/em><\/p>\n

rb-<\/em><\/strong><\/p>\n

In May, both\u00a0General Motors<\/strong>\u00a0(of\u00a0ignition switch cover-up<\/strong>\u00a0<\/a>infamy) and the\u00a0Auto Alliance<\/a><\/strong>, the car maker\u2019s\u00a0lobbyist,\u00a0testified against<\/a>\u00a0a proposed exemption in copyright law that would allow third-party researchers to get access to vehicle software. A decision in that matter could come any day from the U.S. Copyright Office.<\/em><\/p>\n

\"Ralph<\/a>The Auto Alliance has also threatened to run to Congress should the\u00a0Copyright Office<\/a>\u00a0rule in favor of the researchers to cover up<\/b>\u00a0threats to the consumer, like\u00a0Volkswagen<\/a><\/strong>\u00a0and GM. The\u00a0lobbying group<\/strong>\u00a0calls legitimate researchers attackers in a letter to a\u00a0Congressional subcommittee<\/a>\u00a0investigating the auto industry\u2019s ability to thwart cyber attackers; \u201cAutomakers are facing pressure from the organized efforts of technology pirates and anti-copyright groups to allow the circumvention of protected onboard networks, and to give hackers with the right to attack vehicles carte blanche under the auspices<\/em>\u00a0of research\u201d.<\/p>\n

This would set a dangerous precedent for devices connected to the\u00a0Internet of Things<\/a> (IoT) to be unregulated. If the automakers are successful in their\u00a0DMCA claims<\/a>, it would be deadly for everyone on the road too.\u00a0<\/em><\/p>\n

Who remembers \u201cUnsafe At Any Speed<\/a><\/strong>\u201c?<\/em><\/p>\n

\u00a0<\/em>\"PT&C|LWG<\/a>Related articles<\/p>\n