Technical Insight
SECURING A CONNECTED CAR Mushabbar Hussain KPIT Technologies (UK)
ABSTRACT The influx of digital transformation and advancements in technology have enabled the automakers to develop cars that are cleaner, safer, smarter and more energy-efficient. This revolution is being driven by the convergence of connectivity, electrification and demanding customer needs. Today’s cars employ a series of intelligent technologies such as Blind spot detection, Adaptive headlights, Lane keep assist, Collision warning, Adaptive cruise control, Reversing camera, Hill assist, Crash-imminent braking. Further with everyone wanting to stay connected all the time, car designers are making cars in line with this growing trend. This makes the modern-day automobiles more sophisticated, extremely complicated and highly connected systems. While the Connected autonomous technologies are expected to make the cars more safer, more energy efficient, and more intelligent systems the highly connected nature of these cars make them extremely vulnerable to cyber-attacks. By gaining access to the car, hackers can compromise safety critical functions endangering life of the passengers seated in the car. The objective of this article is to discuss about the potential cybersecurity threats in modern vehicles, their impact and the possible counter measures to safeguard the vehicle against potential attacks
navigation systems etc. Now as cars became more and more interactive, they get connected to the Internet, with each other (V2V), and with the infrastructure (V2X) they become more vulnerable than ever to attackers and hackers. Thus, a modern car architecture provides a broad internal attack surface with each component having at least implicit access to every other component on the bus. A compromised infotainment system can offer an effective vector for attacking safety critical ECU’s connected to the In-vehicle network. Once a hacker gains access to the in-vehicle network of the car, they could control everything; from controlling the acceleration, to applying or releasing brakes, locking or unlocking the doors. Therefore, security attacks are not just limited to theft or disclosure of information, but also affect safety of the passengers seated inside the car Recent studies and Experiments conducted by Independent research organizations from EUROPE/US (Stephen Checkoway et. al] have demonstrated that once a hacker gain access to the in-vehicle network of the car, could control everything; from controlling the acceleration, to applying and releasing brakes, locking/ unlocking the doors. These experiments demonstrate the importance of security in automotive systems.
INTRODUCTION
Security Attacks Overview
Unlike the classic cars, the modern vehicles are software-intensive, more complex, and highly connected systems. They can have about 70-100 embedded microcontrollers onboard running millions of lines of code within them. These ECU’s control almost every function of the car including safety-critical vehicle applications such as braking, engine control, steering, airbag functions,
The Security attacks can be broadly classified into Active attacks and Passive attacks. The figure below provides an overview of attacks an automotive system can be subjected to
34 | Telematics Wire | November 2020
How A Connected Car Can Be Hacked? A modern automotive can be hacked either by physical access or by remote
access of the In-Vehicle-Network. Direct physical access to the car internal network is possible via OBD port, Debug ports or Digital multimedia ports. Remote access to car is possible via a broad range of attack vectors such as CD/DVD players, Short-range wireless access – Bluetooth, RFID(remote Keyless entry, vehicle immobilizers, Tire Pressure Monitoring System), Dedicated ShortRange Communications and Longrange wireless access – WiFi, Cellular Technologies(LTE, GSM, CDMA) Connected vehicles use a combination of wireless technologies such as Radar, Lidar, GPS and other advanced sensors for its operation. These cars are expected to have a permanent connection to the Internet and to the cloud for fetching various kinds of information such as road speed limit, current traffic situation, weather conditions, traffic light status etc. They can also communicate with other smart devices, other cars and roadside infrastructures for collecting real-time data to make certain decisions. Attacker can intercept and manipulate the messages or send forged messages to the ECU causing them to mal function. Therefore, it is important to understand the various threats a connected car can be subjected to and necessitate the use of robust security measures using modern day crypto techniques to protect the sensitive data from unauthorized access and manipulation Here are some of the potential attack vectors in a Connected car: Telematics Control Unit: Telematics units on a vehicle are the connecting point to the outside world. They support a variety of wireless technologies such as Wi-Fi, Bluetooth, and Cellular Technologies such as LTE, GSM, CDMA. These technologies