In 2015, American journalist Andy Greenberg from Wired reporter was driving around 70 mph in a Jeep Cherokee in St Louis. In his words: “The Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip-hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
This would be terrifying to any commuter, however, Greenberg was expecting it. In fact, he had journeyed to St Louis to be a test subject for ethical hackers Charlie Miller and Chris Valasek, to test the research they had carried out over the last year.
The result of their labours was a hacking technique, using what is known as a zero-day exploit, that had the potential to target Jeep Cherokees and give the attacker wireless control, via the Internet, to any number of these vehicles on the road. Scary stuff.
The reason this incident stood out, is that it exposed the vulnerability of vehicles, and shone the spotlight on how cars could not only be targeted by hackers, but could be an impediment to the development of cyber security.
After all, anything that can be connected to the internet is a potential target – as vehicles can be considered part of the internet of things (IoT). The difference, is that hacking a fridge or a wearable could be economically and even physically inconvenient, while hacking a car can put lives at risk, and even be used to target high-profile individuals for assassination attempts.
In the years that follows, it has emerged that automotive is one of the sectors in which digital transformation is happening most rapidly. It was estimated that by this year, a staggering 25% of vehicles in the global car fleet would be connected to the internet, and that number is set to soar to 86% by 2025.
There’s no doubt that the digitisation of transport is a surefire sign of progress, as it enhances the capabilities of vehicles – particularly when it comes to control and safety, it catapults autonomous driving into the next level, and it provides better experiences to drivers by harnessing the power of telematic services and smart mobility.
However, every piece that connects a car to a network widens the potential attack surface, and serves as a potential foot in the door for digital attackers. The problem is exacerbated if we take into account the vastly extended perimeter and billions of data points shared between vehicles, applications, and networks.
Today’s vehicles are configured using approximately 100 million lines of code that the manufacturers store in an electronic control units (ECUs). This controls every element of the vehicle, from the electronics and brakes, to the cameras, sensors, and safety features. The ECU communicates and analyses the roads via a controller area network (CAN) which is either connected or spliced to external nodes.
Unfortunately, this means that bad actors have the ability to can gain access to a vehicle via a USB, Bluetooth, navigation consoles, wireless or cellular signals, as well as a full range of monitoring systems. Naturally, this is a major concern for drivers and car manufacturers alike, considering that a vast amount of data is gathered by a moving vehicle, through its sensors, GPS, radars, cameras, and the system in general.
Sensors are a particular danger, because autonomous vehicles use them to establish the condition of the environment because they lack drivers who are in control. Sensors include light detection and ranging (LIDAR), radar systems, GPS, visual and ultrasonic sensors, not have drivers to control them. The sensors used are the radar system, and more. All these sensors enable a self-driving car to avoid collisions, navigate securely, and pinpoint pedestrians and other obstacles around them. If sensors are controlled by malicious actors, the results could be catastrophic.
But there is also good news: the recent UNECE R155 regulation requires car manufacturers to introduce cybersecurity measures from the design phase of the electronic components that operate a vehicle and may be vulnerable to cyber attacks. In addition, they are required to provide relevant data to support the analysis of any attempted or successful attacks.
So how do we ensure security throughout the entire vehicle lifecycle? For Sababa Security, the answer lies in the Vehicle-SOC, a Security Operation Center dedicated to 24×7 security monitoring and anomaly identification using AI technologies developed specifically for the automotive industry.
Today’s V-SOCs contain a range of technologies, processes, and highly specialized personnel, who are able to integrate threat intelligence focused specifically on the automotive sector, to help detect anomalies, and develop the necessary response workflow in the event of an accident or breach of the IT systems.
But what are the challenges? Wanting to compare an IT SOC with a Vehicle SOC, the work on a vehicle turns out to be much more complex in several aspects. As anticipated, securing a vehicle happens throughout the entire supply chain, starting from the design and construction stages, to multiple aftermarket service providers, thus calling into question an extremely wide perimeter involving not only OEMs, but also after-market suppliers and providers. However, without the application of a security-by-design concept, it will in no way be possible to ensure the security of the car throughout its entire life cycle.
Second, similar to that of IT endpoints, an automotive SOC must monitor and correlate different types of data to return meaningful information in terms of security to the analyst in charge of monitoring. The challenge, in the case of cars, is figuring out which data to collect, because the information from the vehicle is not all necessary for security purposes. Therefore, ML and AI mechanisms should be used to build behavior baselines and develop a playbook by which to distinguish malicious activities and potential compromises from lawful or harmless activities, so as to ensure an effective response in the event of an attack.
The other huge difference between an IT SOC and a Vehicle SOC lies in the volume of data to be managed in real time. Think of the number of vehicles on the road and the number of new ones that are purchased daily. Collecting information is a huge issue in itself, and it is even more of a problem if the vehicle’s software and hardware cannot connect to the SOC due to shortcomings of the OEM and the wide chain of third-party suppliers that made the individual components.
Last aspect not to be underestimated is the length of the life cycle of a vehicle’s components, which can remain in use for 10 to 15 years – a time frame in which technologies, types of attachments, suppliers, and more completely change.
The challenge that Sababa Security sets out to overcome is daunting, especially since this is a largely unexplored environment. But one thing is certain: vehicle security is now indispensable and can no longer be underestimated.
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|