The Race for Autonomous Cars
|Back to Investigation|
|Junko Yoshida||August 4th 2016|
In last year’s hack, which led to Chrysler’s recall for 1.4 million vehicles, Miller and Valasek focused on pulling off “wireless attack” on the Jeep.
The two at that time exploited a Harman “head unit,” which offers a Wi-Fi hot spot — in a 2014 Jeep Cherokee — to get into the vehicle’s network. Later the hackers invaded the car through its cellular connection, via Sprint’s wireless network.
This year, the security experts turned their attention to injecting rogue messages into a vehicle’s CAN bus, which resulted in a full-speed attack on the Jeep’s steering and acceleration.
Instead of getting into the guts of a car wirelessly, Miller and Valasek this year used a laptop directly plugged into the Jeep’s CAN network through a port under its dashboard. They confirmed that they used the patched Jeep for this hacking.
In writing a story for Wired prior to the duo’s presentation at Blackhat, a reporter reached out to Chrysler’s parent company Fiat Chrysler Automobiles (FCA).
The auto maker asserted that Miller and Valasek’s attack could not have been performed remotely. The company responded in a statement stressing, “This demonstration required a computer to be physically connected into the vehicle’s onboard diagnostic (OBD) port and present in the vehicle.” It added, “While we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles.”
Chrysler also added: “It is highly unlikely that this exploit could be possible…if the vehicle software were still at the latest level.”
Chrysler couldn’t have been more wrong.
Whether Miller and Valasek’s car attack was done wirelessly or via OBD-II port is beside the point. Although Chrysler created a patch for the Jeep last year, it did not by any means close all avenues to wireless car attacks.
When EE Times inquired Wednesday (August 3) David Uze, CEO of Trillium in Tokyo about this, he said, “What the second Jeep attack proved this year is that there are a large number of vehicles out there still unprotected.”
Chrysler’s patch is a firewall for the Jeep’s infotainment system, the attack surface Miller and Valasek exploited.
But “it’s absolutely wrong” for carmakers to think there won’t other ways to penetrate that firewall, Uze explained.
“For example, when you bring your car to a repair shop and leave it for a little while, there is always a chance that an independent access could be made to your vehicle, with someone leaving a hard-to-spot, small device attached to the OBD-II port.”
Uze cited, as an example, a hack performed by a 14-year-old who built an electronic remote auto communications device with $15 worth of Radio Shack parts.
This took place at the Battelle CyberAuto Challenge in the summer of 2014.
The teenager ’s wireless device created an ad hoc wireless connection which, through a wireless SIM card, served as a backdoor to CAN networks inside a vehicle, Uze explained.
Layered approach needed
The lack of security solutions for ECU networks poses a real safety problem, he said, because CAN networks are directly tied to a vehicle’s actuation — brakes, steering, etc. By his count, “85 percent of actuation occurs on the CAN networks.”
Without authentication, encryption or cryptographic key management, the CAN network is the weakest link in the entire security chain, he stressed.
To protect cars from hackers, the automotive industry needs a layered approach, noted Uze.
First, if authentication is done on the network, it allows only a legitimate member to participate in CAN bus communications, said Uze.
Second, by adding encryption to a CAN bus, a rogue message, in order to be recognized as legitimate, would have to emulate everything from encryption to key exchange and authentication code.
The third element is an asymmetric solution for key exchange. When all legitimate members on the network – 50 ECUs, for example – are white-listed, then when the 51st pops up, “you know it isn’t legitimate.”
Trillium, a two-year-old start-up founded by Uze in Japan, has developed a technology called SecureCAN — “a CAN bus encryption and key management system for protecting payloads less than 8bytes.”
Historically, the assumption among automakers and tier ones was that protecting the CAN bus is impossible, due to limits in the ECU’s processing power and in-vehicle bandwidth.
With SecureCAN, Trillium claims it can offer authentication, encryption or cryptographic key management to the CAN bus. No other technology company is offering this yet.
However, this isn’t the panacea. In order to protect the CAN bus and cars at large, Uze said, “You also need intrusion detection and prevention system (IDS/IPS) that can create a feedback loop to detect anomalous traffic on the bus, and secure OTA software update solutions.” Trillium’s goal is a range of security technologies developed “under one roof with a unified API.”
Meanwhile, companies like Harman, Augus Cyber Security, Symantec and Intel are running a fierce race to add different pieces of technology to automotive security. The finish line is not in sight.
Junko Yoshida is Chief International Correspondent, EE Times.