In last decade, car and internet…
Not too long ago, securing a car meant popping the faceplate off the CD player, slapping a Club over the steering wheel, and locking the doors. As vehicles’ electronic systems evolve, however, automobiles are starting to require the same protection as laptop computers and e-commerce servers.
While there are no reported cases of cars being maliciously hacked in the real world, in 2010, researchers affiliated with the Center for Automotive Embedded Systems Security (CAESS—a partnership between the University of California San Diego and the University of Washington) demonstrated how to take over all of a car’s vital systems by plugging a device into the OBD-II port under the dashboard.
It gets worse. In a paper that’s due to be published later this year, those same researchers remotely take control of an unnamed vehicle through its telematics system. They also demonstrate that it’s theoretically possible to hack a car with malware embedded in an MP3 and with code transmitted over a Wi-Fi connection.
Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
Vital system for protection on Car’s is…
Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.
So the possibility now exists for platoons of cars to go rogue at the command of computer-savvy terrorists, crazed exes, and parking attendants with Ph.D.s in computer science. But the truth is that hacking a car takes a lot of time, effort, and money—three resources automakers are using to fight back.
At Chrysler, where optional infotainment systems are integrated with hard drives and mobile internet hot spots, company spokesman Vince Muniga says a data breach of an individual automobile is “highly unlikely.” That doesn’t mean the company is ignoring the problem. “It’s an ongoing engineering issue,” he says. “You want to stay one step ahead of what these guys might do.” Rich Strader, Ford’s director of information technology security and strategy, says the automaker has been steadily strengthening in-vehicle systems, but the threat is always evolving. He says the difficulty with security is that “you can’t honestly say something is impossible.”
Presently, automakers are beginning to take steps to secure networks the same way the information-technology sector now locks down corporate servers. “Just like the internet in its early days, car networks don’t employ very much security,” says Brad Hein, a programmer who accessed vehicle data from his 2006 Chevy Impala on an Android phone using code he’d written. “As more people start to access car networks,” Hein says, “I expect that the auto industry will start beefing up the security.”
New age of Auto Moto Industry
We’re entering an incredibly exciting time for the automotive industry. The connected car in all its forms is now very much a reality. By 2020 it’s expected there will be nearly a quarter of a billion of them on the world’s roads and that means we’re poised for something of a revolution.
The rise of the connected car is bringing about some fascinating new opportunities for in-car entertainment and communications. Beyond that, it promises a whole new world where cars can talk to each other, as well as to other devices and the infrastructure around them. You can already control your household devices from the car or ask it to find the nearest available parking lot. And that’s just the start. The possibilities are huge.
But with those possibilities come new challenges. Fundamentally, all communication paths into the car have to be secured to prevent malicious intrusion. That includes the car’s own wireless links, plus connected devices such as mobile phones and tablets. They need to be robust against forced entry, as well as malicious software hitch-hiking on legitimate service updates.
Risks when you are connected…
Consumers are already well aware of these risks. A report from McKinsey found that around 43% of buyers in the US were concerned about people hacking into their car and manipulating it, while in other regions the figure was as high as 59%.
It’s not hard to imagine criminals attempting to apply so-called ‘ransomware’ to cars. This could mean drivers being prevented from starting their cars – or even being denied control of a moving vehicle – until a sum of money is paid. The most extreme scenario is perhaps a widespread terror attack. This would be the hardest to orchestrate, but with the prospect of cars becoming linked to infrastructure – for instance traffic light control – it’s no longer out of the question.
The ability to respond to new threats for our car?
So how do we go about combating these threats? Our focus has always been around two key parts of the solution – detection and prevention, and OEMs are already looking to apply these solutions to existing and new vehicles. Take for example TCUSHIELD which provides double-perimeter intrusion detection and prevention solution (ID/PS) for telematics units and infotainment systems. TCUSHIELD works on two layers, with the first layer of defence seeking to block intrusions from the car’s wireless interfaces, while the second layer is designed to prevent any intrusion spreading to the car’s internal network.
Another solution from HARMAN’S Cyber Security portfolio is ECUSHIELD, an embedded software component for the car’s ECUs, which can search for any unusual communication patterns on the car’s internal network. Rather than applying an ‘anti-virus’ modus operandi, where the system must be updated regularly when new threats emerge, ECUSHIELD would detect ANY sign of irregular activity that might suggest an attack. Crucially, it’s also able to combat such threats in real-time.
This 2 systems is easy for instal…
Adoption will only happen if the OEMs can apply the technology and fast whilst interest is high. Both these systems can be installed without any hardware modifications, even on vehicles currently on the road. TCUSHIELD operates on the vehicle’s existing telematics unit, while ECUSHIELD can operate from any module connected to the CAN network (typically a central gateway). They’re also platform-agnostic, so it doesn’t matter what operating system is used for the car’s own functions, but perhaps more importantly – it allows manufacturers to retrofit them to existing vehicles, rather than waiting years for a planned refresh.
The ability to respond to new threats is going to be an increasingly important one as the degree of connectivity in our cars (and our lives in general) becomes ever greater. HARMAN is proud to be playing a pioneering role in automotive cyber security and looks forward to seeing what the future has to offer. It’s going to be an exciting ride.