IoT | ShareTechnote

Connected Car - Cyber Security

What is it ?

Simply put 'Automative Cyber Security is a topics / technologies that are trying to provent any types of hacking on your Car'. When you think of hacking with your PC or other computer system in your company, it usually be associated to stealing some digital information from your PC or system. However, Hacking a Car can be more serious because it can not only steal some digital information from your car but also physically hijack the car itself or physically manipulate the car in the way that you didn't intend. (You can find various videos on Youbube showing how they can hack into your car and manipulate the car against the driver's intention).

At early stage of automobile where the car is made up of purely mechnical component. The only way you can hack the car would be physically rob/steal the car.

But at the introduction of digital electronics (e.g, ECU) controlling various parts of the car, it introduced the possibility of hacking the car without physically stealing the car. For example, you can put a small electronic device attached to the car manipulating the command from the electronic controller to various parts of the vehicle.

After that internal communication network connecting the multiple control units in the car (like CAN bus or Vehicle Ethernet), it became possible that once you hijact the control of any one point in the car, you can hijact other parts of the car via the internal CAN bus or Ethernet.

Recently we got to have many components that are manipulated purely by the software and has connection to other part of control units that are physically manipulating the car. So once you can hack into those software based module and you can eventually hack into other control units that are physically manipulating various parts of the car.

Now a lot of Cars has various wireless modules that can communicate not only with various parts in side of the car but also with things out side of the car and some communicate miles, miles away from the car. What if somebody can use these wireless/cellular communication to hack into any one part of your car and hijack all the other parts through the internal car network.

Simply put, every components of the car are now connected internally and externally at the same time as illustrated below. Preventing all of those hacking is the subject of Automative Cyper Security. (The parts labed in Red is claimed to be the common targets of the automative hacking and the possibility of hacking those parts became extremly high even from far away from the physical location of the car using the wireless networks marked in Green Arrow)

What kind of Attack ?

First, I would recommend you to see this video (Reference [7],[8],[9],[10]). You will see a lot of real examples of the attack for the research purpose and exiting presentation. This will show you all the tricks to attack using CAN Bus.

Then, see this video (Reference [11]) and it will give you some insight on Cryptography in terms of hacking cars.

Reference :

[1] Automotive Security - Best Practices

[2] Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles

[3] NHTSA’S AUTOMOTIVE CYBERSECURITY RESEARCH by Arthur Carter, Frank Barickman, NHTSA

[4] Automotive Cyber Security - P3 Group

[5] BROADCOM TACKLES 5 QUESTIONS ON ETHERNET IN CARS

[6] 2014 Connected Car Expo: Automotive Cybersecurity: A frank discussion

[7] The Current State of Automotive Security

[8] Car Hacking with Chris Valasek - Duo Tech Talk - January 2014

[9] Charlie Miller - Car Hacking

[10] DEFCON 15: Hack Your Car for Boost and Power !