Home / Blog / Smart cars security review

Smart cars security review

Posted on 08/18/2015, by INCIBE
Automobile Industry

The automotive sector, similar to many others, has evolved over time by adopting several technologies from other sectors as well as by incorporating its own.

At present we can say that an automobile is an industrial control system given that it has automation parts and, in many models, a great deal of its features are managed centrally by an on board controller that carries out HMI (human-machine interaction) functions. In this regard, one of the most striking advances that is increasingly marketed in models from different manufacturers is the automatic parking system. This system is made up of a variety of sensors and actuators that are also controlled by the on board computer. In some models it is even possible to connect additional devices such as USBs, mobile phones, etc., as well as integrate small computers into the console. At the same time, there are other systems within vehicles requiring certain control such as ESP, ABS, tyre pressure, traffic sign recognition, etc.; for these reasons, the need for communication, crisis management and road signs has increased significantly.

Protocol and information technologies applied to vehicles

Depending on the vehicle model and manufacturer, existing internal communications are carried out using different communications protocols such as CAN bus, LINbus, MOST, FLexRay, Ethernet, TPMS and Immobilizers . CAN bus and LINbus are currently the most widely used protocols.

When referring to communications between a vehicle and the outside, there are also several protocols that exist. These protocols depend on where the information is going when transmitting and receiving data:

  • V2V (Vehicle to Vehicle): The information being generated by a vehicle will be sent to another vehicle.
  • V2I (Vehicle to Infrastructure): The information being generated by a vehicle will be sent to an infrastructure (for example, to a car park which informs drivers as to whether or not there are available parking spots).
  • V2G (Vehicle to Grid): An electric vehicle communicates with the electric grid (notifying the grid that it needs to be charged).

Protocols V2V,V2I and V2G

- Automobile protocols that interact with the outside (V2G is only for electric vehicles) -

Due to the fact that security was not made a priority during development of these protocols, specialised experts in the automotive sector have now had to work against the clock in order to improve system protection and prevent possible risks.

There is no concrete methodology for reviewing or searching for vulnerabilities in the automotive sector. Each researcher follows his/her own guidelines, although lines of research are always more or less the same.

Review should start with an analysis of the vehicle’s internal and external communications. CAN Bus and LINBus are older protocols and do not offer security. Additionally, their low transfer rate is making them obsolete. These protocols are being substituted by others based on Ethernet, incorporating the security characteristics specific to this protocol.

vehicle communications

- Internal and external vehicle communications -

Once the vehicle’s communications have been reviewed, it is advisable to review the different vehicle components that have come from other manufacturers as well. One of the most important components tends to be the audio system. Thanks to its touch screen, this system is in charge of displaying warnings and also controls many functions in the majority of vehicles.

On the other hand, a fundamental aspect is inspecting the operating system - whether it be proprietary or not. Vulnerabilities must be searched for while keeping in mind those which are already known, since these are more susceptible to being exploited.

It is clear that the greater a system’s connectivity, the more opportunities there are for a potential attacker to try to exploit. Also, a system will therefore be more exposed, meaning that it is necessary to increase security measures in order to maintain an optimal level of protection. It is important to keep in mind that in the automobile industry, like in all others, no system is ever 100% secure, thus meaning that an attacker could take advantage of existing errors.

The attacks that manufacturers must deal with include: modifications to measurements taken, generation of codes or errors that the car interprets as dangerous to its functioning; or even more serious attacks such as have demonstrated researches in PoC making the braking of car or achieving absolute control over the vehicle, as was recently demonstrated by the researcher Charlie Miller.The most typical vulnerabilities look to gain remote code execution in order to carry out one of the previously described actions.

Another recent case on vulnerabilities found, has to see with the OBD2 port that uses the device C4 Mobile Devices, which contains multiple vulnerabilities among which access to active services by default (telnet, ssh and http) to which an attacker could connect remotely.

Attacks on TPMS

The Tyre Pressure Monitoring System (TPMS) uses a simple sensor which is located in the tyre’s interior. Thanks to this sensor, information can be obtained such as tyre air pressure as well as other measurements (rotation, temperature, etc.), making this system quite important.

We will now describe some of the possible attacks that could be carried out on this system:

  • Vehicle tracking: These devices have a unique 32-bit identifier registered in the ECU (Engine Control Unit). Thanks to this identifier, it is possible to track a vehicle after having previously configured different sensors around different points in the city, for example. The TPMS transmits a signal every 60 to 90 seconds. If this is not the case, the signal is produced by radio wave emission.
  • Spoofed activation: Using the unique identifier, an attacker can instigate additional crises when he/she is near the vehicle. An attack could result in automatic vehicle actions such as activation of ESP, lights, etc. 
  • Packet spoofing: An attacker could manipulate vehicle parameters or functioning. This type of attack typically causes a light on the control panel to switch on. However, it can also activate other systems in the car and even end up causing an accident

Cutting edge automotive technology

In the world of Formula 1, vulnerabilities are also under investigation given that these cars possess much more power - not only in their motors, but also in their electronics and intelligence.

Since Formula 1 is a high-end competition, both the equipment in these single seater vehicles as well as the resources necessary for everything to go as planned must be of the highest quality. Thus, these vehicles contain over 300 high-precision sensors scattered all over the car so that different measurements can be taken. The sensors send all of the data received to the ECU. From the ECU, said data is then sent to personnel in the boxes using wireless technology - all in less than 2 ms.

The sensors register more than 0.5 Mb of data per second, meaning that more than 2 GB of data is received per race, totalling more than 3 terabytes of data received during a year of races. With such a large amount of data being transmitted over the air and the need to keep said data secure, it is truly a challenge to make sure that communication between the car’s driver and the car’s engineer sitting up in the box is not lost. Incorrect information in a sensor could produce an error not only in telemetry, but also in one of the car’s components, thus requiring a driver to unnecessarily withdraw from a race. Misinformation could even provoke an accident.

In addition to being accurate, it is also important that this data is encrypted when being sent and received. This way, race car parameters which are crucial to the final outcome of the race are not revealed to the rest of the competitors. We must also keep in mind that there have been espionage controversies in the competition, although the case here had little or nothing to do with communications in the race car.

Growth and the future

Currently, it is estimated that there are 1.2 million vehicles in the world, of which a small proportion are starting to have the intelligence to become self-driving cars. Vehicle outlook for the year 2035 estimates that there will be 2 million cars in the world, thus causing us to anticipate a greater number of intelligent vehicles as well. Will we be safe if we purchase a cutting edge car with all of the features that expose it to a cyber-attack?

Luckily, some manufacturers are already taking action to mitigate the vulnerabilities that have been found in addition to investing more in security, thus protecting the new features that their models are offering.