Since last year, there has been no doubt about the possibility of taking control over a connected car remotely. So, isn’t it a little odd that we’ve yet to see any hacked cars, racing around the streets? Is it just a real threat or just a hypothetical possibility?
Judging by the discussions going on at RSA 2016, the answer is complex. Right now the real threat is minimum however this will only increase over time. In several years, the situation will be far more complicated and dangerous than we currently see. What’s worse, the car industry is organised in such a way that manufacturers would probably be solving these fundamental problems for decades. So if we don’t want to lose the rush completely, it’s high time to act. Fortunately, many manufacturers are beginning to understand this as well.
No need for panic…
In the video, you’ll find the Wired editor Andy Greenberg, driving a brand new Jeep. At the same time Miller and Valasek remotely hack Andy’s car: they turn on the radio and the wipers, slow or stop the car and do their best to show, that the steering, wheels, pedals and brakes are remotely controllable. Because they’re not directly connected (instead there’s a lot of built-in computer systems on the way from one control element to another) they are vulnerable to hackers.
Luckily, only a few modern cars can be tricked in such a way. According to Kelley Blue Book experts, who reported this issue at RSA, the average car driven on US roads are 11 years old. That’s why the majority of cars are not equipped with Internet or Bluetooth connection and various devices, which could let the hackers in. In a sense, old cars are like old phones: dumb.
— Kaspersky Lab (@kaspersky) August 7, 2015
A criminal would have to study a lot of technologies and devices to hack a connected car. It’s a big and complicated task. That’s not the all: they would also need to invest money into the work as well as some special equipment. For example, Miller and Valasek studied this topic for four years and in the end learned how to hack only a handful of car models.
PCs mostly have the same type of processor units (Intel) and only a few Operating Systems (like Windows, OSX, Linux). A cars computer system consists of dozens of different specialised computers that interconnect via CANbus.
From one point of view this is bad as such architecture makes it difficult to implement standard security measures, but it also protects it from criminals, who’ll need to spend a great amount of time to understand what is what.
Black Hat and DEF CON: Hacking a chemical plant – https://t.co/KSnCTtLt5U
— Kaspersky Lab (@kaspersky) August 19, 2015
There is no room for complacency
Of course, this plateau period will not last forever. The number of connected cars is constantly increasing. According to Kelley Blue Book, for the last 5 years the amount of cars models connected by default, increased from 2 to 151.
Besides, there are a lot of devices with Internet access, which can be built into even old cars via CANbus. For example, insurance and logistics companies often install trackers that monitor how well people drive, where and how often they stop over and other things such things. Such devices can be hacked as well to gain the remote access to CANbus and critical car systems.
— Kaspersky Lab (@kaspersky) January 27, 2015
The positive dimension is that the number of experts who study this problem is increasing as well. For example, the Open Garages project studies cheap or free hardware and software solutions, which let a user to analyse data from automobile network and interfere into its work. Besides, OpenGarages has contacts of garages, where you can find autos, tools and other infrastructure for testing new software and ideas.
The simplest equipment for CANbus study are based on Raspberry Pi or Arduino. Together with accessories, they cost about $100. There are even open source apps for that of different functionality range; some of them are even free. This means, that the number of known vulnerabilities and decrypted sub-network control protocols will increase. Malicious application of this nature is only a matter of time.
Time to act
There are no simple solutions for this problem like install an antivirus to the main computer system. CANbus is a standard protocol, which originates from the 80s. It allows all the systems interconnect without authentication. If you want to improve it you’d have to change almost all the systems in the car. This work is more than likely to be done at some point however as CANbus will soon become a bottleneck for manufacturers.
Another problem for manufacturers is that, as Kelley Blue Book reports, the majority of surveyed people think that manufacturers should provide the security system, not the auto dealer or a third party organisation.
Fiat Chrysler Recalls 1.4 million Cars After Software Bug is Revealed: https://t.co/0G9HKy10DI
— Kaspersky Lab (@kaspersky) July 24, 2015
At the same time the car industry has little to no experience in developing protective solutions for their autos. The situation is the same for manufacturers of car components, who also face the same problem.
Fortunately, security experts and companies are familiar with these problems, as they have already gone down that path during the last ten years. The IAmTheCavalry project recommends to accept a five-star safety program, which gives a star for every security measure, implemented properly. So we can say that there are five major problems to be solved:
1. Secure Software Development Lifecycle, or safety by design
This means that you develop a car following basic security principles: your projects are standard based to ensure more predictable, normalised and comprehensive practices. Your hardware and software supply chains are all well-governed and traceable to make it easier to remedy any defects. The attack surface and complexity of your code is systematically reduced. And finally, you regularly invite specialists for independent, adversarial resilience testing.
— Kaspersky Lab (@kaspersky) January 6, 2016
2. Third party collaboration
This means that all researchers who have found a vulnerability, should know what’ll come after they report their findings. They must not be threatened by court. Instead, rewards and bounty programs are much welcomed. For example, Tesla already rewards experts who find vulnerabilities in their cars but it’s not yet a widespread practice in the car industry.
— Kaspersky Lab (@kaspersky) August 10, 2015
3. Evidence capture
Until a car has a “black box”, it will be hard to investigate an incident and gather any proof of hacking. Such black boxes should keep the records of CANbus data exchange. At the same time, privacy concerns should also be taken into account: this data should not be transferred anywhere.
— Kaspersky Lab (@kaspersky) November 12, 2015
4. Security updates
If your car is vulnerable to hackers, you can solve this problem, however you need to visit a car dealership in order to do this. Of course, this complicates the update process and as such, a number of people did not install the updates at all. That’s why OpenGarages recommends that manufacturers create an “over the air” update system — just like the Apple’s solution, implemented in their phones.
5. Segmentation and isolation
Critical and non-critical systems should be independent, so that criminals could not break the whole car by hacking an entertainment application, for example. It’s also necessary to implement techniques that indicate when a system has been compromised.
Fortunately, all these measures can be implemented in cars that will be developed in a the next few years. However, with more and more connected cars on the roads, manufacturing should be looking to secure cars now.
We at Kaspersky Lab take part in the development process as well. We are open for cooperation with car parts manufacturers and auto-mobile makers to help them develop cars that are secured by design.