In parallel with all the recent optimistic chatter about the future of self-driving cars, a number of stories have highlighted the downside of all this built-in automotive smarts. Namely, the growing danger of car hacking – the hijacking of the wide-ranging networks, sensors and computers that make modern cars go. In one particularly dramatic scenario, Lesley Stahl, a correspondent for CBS News' 60 Minutes, participated in a frightening drive in a test car as a hacker demonstrated on camera his ability to disable or take control of multiple systems, including brakes.
To date, actual hacks of vehicle systems seem to be unknown or at least unreported. However, many experts agree there are worrisome vulnerabilities which could be particularly enticing targets for individuals intent on causing harm.
Partly defined by on-board diagnostics specifications in OBD-II, and partly defined by individual brands and component manufacturers, over the past decade, cars have quickly become “rolling networks,” says Todd Inskeep (left), a 20-year information security veteran and advisory board member for the RSA Conference.
A controller area network (CAN bus) is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.
For example, most recent car systems are equipped with a controller area network (CAN bus), which enables microcontrollers and devices to “talk” to each other in applications without a host computer. It is a message-based protocol, designed originally for automotive applications but with no inherent security provisions.
Features...but security lacking
Like many other new technologies, these networks weren't originally designed with security as a priority. “There was no threat modeling, no review of attack surfaces and no static or dynamic analysis of code,” says Inskeep. Further, few practices for building and designing security into systems were followed. “Instead, the focus on features and functions gave us integrated touch screens, GPS maps, quieter cabins and more automated safety.”However, he warns, the cost of this race for features is now surfacing as the security and privacy of our automotive travels. For example, insurance companies are using that same OBD-II network bus to base insurance costs on our actual driving habits, while potentially seeing where and when we drive. Researchers, such as the ones employed by 60 Minutes, have also plotted attacks against a diverse range of cars and systems – some attacks have involved remote activation of a car's network. “The potential danger, especially as we move to driverless cars and automated highway systems, is obvious and critical,” says Inskeep.
“It's like the great SCADA [supervisory control and data acquisition] migration of years ago when everyone embraced the internet for control system traffic because it was cheaper,” notes Steve Santorelli (left), director of intelligence and outreach at Team Cymru, an IT security firm based in Lake Mary, Fla. “It was cheaper, but now we've come to realize the folly of that as we try to retrofit security into these very exposed systems,” he adds.
To be sure, the government is no longer ignoring the challenge. According to a spokesperson providing information ”on background,” the National Highway Traffic Safety Administration (NHTSA) is engaged in an intensive effort to determine potential security vulnerabilities related to new technologies and will work to ensure that manufacturers cooperate and address issues in order to keep motorists safe. Furthermore, she noted, “Congress previously directed NHTSA to prepare a report on cybersecurity policy options. The public comment period for that report was just completed and we are analyzing the more than 40 comments we received as part of finishing our report to Congress.”
Even politicians are getting into the act. For instance, Senator Edward Markey (right), D-Mass., insists new standards are needed to plug security and privacy gaps in cars and trucks. His office has issued a report, “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” detailing the threats and potential cures. According to a survey of manufacturers conducted by the senator's staff, there have been no reported instances of hacking to date. However, one manufacturer acknowledged that, “An application was developed by a third party and released for Android devices that could integrate with a vehicle through the Bluetooth connection.” Although a security analysis did not indicate any ability to introduce malicious code or steal data, the manufacturer had the app removed from the Google Play store as a precautionary measure, according to the report.
Still, says Thilo Koslowski, vice president, distinguished analyst and automotive practice leader at Gartner, the Stamford, Conn.-based information technology research and advisory firm, the situation is not as grave as some might suggest. As a practical matter, he insists, many of the hacks being tested or proposed are too complicated to actually execute in the real world. “If you really wanted to do something to somebody you would be better off slashing their tires,” he says.
That's for now, where the current CAN systems are all independent. “You have one for infotainment and another for the engine, ” he says. But if one has the equivalent of Ethernet in the car, where a hacker could potentially communicate with a central computer, then the threat becomes more viable, he says.
In fact, Koslowski (left) says, in the not-too-distant future, as the industry moves to increasingly centralized and shared technology, the threat could grow. In that emerging environment, the same processors will be shared across infotainment and driving systems and may even control the self-driving car. “That transition is shaping up in the next five years, and it is something we have to take more seriously,” he says.
In that particular scenario, a hacker could potentially move from the infotainment stack to other critical systems, causing serious operational difficulties. Furthermore, a hack might be able to proliferate across cars of the same specific model or manufacturer, he notes.
Avoidable risks
Fortunately, auto manufacturers have woken to this danger, establishing internal teams and putting a focus on system security, according to Inskeep. Inskeep points to the work of I am the Cavalry, a grassroots organization focused on issues where computer security intersects public safety and human life. With automotive, existing and emerging capabilities “can malfunction or be abused, potentially subverting driver control or monitor location and conversations,” the group reports.
It recently issued a “Five Star Automotive Cyber Safety Framework.” Among its recommendations, related to practices regarding system isolation and segmentation, the document points out that, “If systems share the same memory, computing, and/or circuitry, these systems allow for loss of life and limb. Such risks are entirely avoidable and merit a higher standard of care.”
For instance, a malicious infotainment application or a compromise over Bluetooth or wireless should never have the ability to take control over critical functions, such as disabling the brakes, deploying airbags or turning the steering wheel, the group points out ay.
The upshot of all this, according to Koslowski, is that the issue is being taken more seriously, with companies hiring chief security officers and tasking their IT departments with acquiring the expertise needed to address the issue. “I do believe, because of increased complexity, there will be some bad news in the future, but nothing as bad as a big assault or mass mayhem,” he says.
