In 2015, American journalist Andy Greenberg from Wired reporter was driving around 70 mph in a Jeep Cherokee in St Louis. In his words: “The Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip-hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
This would be terrifying to any commuter, however, Greenberg was expecting it. In fact, he had journeyed to St Louis to be a test subject for ethical hackers Charlie Miller and Chris Valasek, to test the research they had carried out over the last year.
The result of their labours was a hacking technique, using what is known as a zero-day exploit, that had the potential to target Jeep Cherokees and give the attacker wireless control, via the Internet, to any number of these vehicles on the road. Scary stuff.
The reason this incident stood out, is that it exposed the vulnerability of vehicles, and shone the spotlight on how cars could not only be targeted by hackers, but could be an impediment to the development of cyber security.
After all, anything that can be connected to the internet is a potential target – as vehicles can be considered part of the internet of things (IoT). The difference, is that hacking a fridge or a wearable could be economically and even physically inconvenient, while hacking a car can put lives at risk, and even be used to target high-profile individuals for assassination attempts.
In the years that follows, it has emerged that automotive is one of the sectors in which digital transformation is happening most rapidly. It was estimated that by this year, a staggering 25% of vehicles in the global car fleet would be connected to the internet, and that number is set to soar to 86% by 2025.
There’s no doubt that the digitisation of transport is a surefire sign of progress, as it enhances the capabilities of vehicles – particularly when it comes to control and safety, it catapults autonomous driving into the next level, and it provides better experiences to drivers by harnessing the power of telematic services and smart mobility.
However, every piece that connects a car to a network widens the potential attack surface, and serves as a potential foot in the door for digital attackers. The problem is exacerbated if we take into account the vastly extended perimeter and billions of data points shared between vehicles, applications, and networks.
Today’s vehicles are configured using approximately 100 million lines of code that the manufacturers store in an electronic control units (ECUs). This controls every element of the vehicle, from the electronics and brakes, to the cameras, sensors, and safety features. The ECU communicates and analyses the roads via a controller area network (CAN) which is either connected or spliced to external nodes.
Unfortunately, this means that bad actors have the ability to can gain access to a vehicle via a USB, Bluetooth, navigation consoles, wireless or cellular signals, as well as a full range of monitoring systems. Naturally, this is a major concern for drivers and car manufacturers alike, considering that a vast amount of data is gathered by a moving vehicle, through its sensors, GPS, radars, cameras, and the system in general.
Sensors are a particular danger, because autonomous vehicles use them to establish the condition of the environment because they lack drivers who are in control. Sensors include light detection and ranging (LIDAR), radar systems, GPS, visual and ultrasonic sensors, not have drivers to control them. The sensors used are the radar system, and more. All these sensors enable a self-driving car to avoid collisions, navigate securely, and pinpoint pedestrians and other obstacles around them. If sensors are controlled by malicious actors, the results could be catastrophic.
It’s not all bad news though, the recent UNECE R155 regulation requires automotive manufacturers to assess whether any implemented cyber security measures are able to effectively withstand emerging cyber threats and known vulnerabilities. In addition, they are mandated to provide relevant data to support the analysis of any attempted or successful attacks.
Cyber security firm Sababa has Automotive Analysis of Compromise which provides an extensive review of all of this data to help automotive manufacturers fulfil the requirements in terms of these current regulations.
The solution has a range of features, including investigation of cyber security incidents on vehicles and vehicle infrastructures, conducted across open source, deep web and dark net sources. It offers detailed reports with all the necessary information on the attacker, including their tactics, techniques, and procedures.
Sabada believes the answer to these risks is called Vehicle-SOC, often abbreviated as V-SOC. These are Security Operation Centers which are dedicated to the identification of specific anomalies by employing AI technologies developed specifically for the automotive industry.
Today’s V-SOCs contain a range of technologies, processes, and highly specialised personnel, who are able to integrate threat intelligence focused specifically on the automotive sector, to help detect anomalies, and develop the necessary response workflow in the event of an accident or breach of the IT systems.