Vehicle Systems Security in a Future of Vehicle-to-Vehicle Communications

13 09 2011

Imagine yourself in ten years, driving on a freeway at seventy miles per hour on your way to work. As you reach for your coffee, you notice the cars ahead of you are stopped. You let your foot off the throttle but don’t apply the brakes. After all, your car became aware of the stopped traffic many seconds before you could see them. In a few more seconds the vehicle will apply the brakes on its own and gently roll to a stop. Before the car slows, you order the vehicle’s entertainment system to play your favorite song. Unfortunately when you uploaded the song to the car’s storage the previous day, you did not realize it was actually a virus disguised as a song. The malware has already modified various electronic control units (ECUs) in your car, including the brakes. As you look up from your phone to check the road, you quickly realize your car is still traveling at seventy miles per hour and is mere yards away from the stopped traffic. You frantically mash the brakes, but the infected ECU ignores your input. It is too late.

As implausible as that scenario may seem, it is not impossible given the state of security in today’s vehicles. In 2010, researchers from the University of Washington and the University of California San Diego highlighted many known vulnerabilities by demonstrating the ability to “directly manipulate… all ECUs” in a test car, including safety critical ECUs such as those controlling anti-lock brakes or traction control. [1] This last August, the same group released another damning report by demonstrating the ability to remotely execute attacks on vehicle ECUs resulting in “complete control over the vehicle’s systems.” [2] Last week, McAfee and embedded software company Wind River released a report highlighting the emerging risks in vehicle security. [3]

If at first you are not convinced that these vulnerabilities pose a significant risk, then you would be correct to feel that way. To date, there have been no significant, malicious attacks on vehicle systems outside of academia. However, in 2010 a disgruntled former employee of a Texas car dealer was able to remotely disable over one hundred vehicles through unauthorized use of a vehicle immobilization program installed by the dealer to punish customers who fail to pay loans or meet lease requirements. [4] Although this attack required the software to be physically installed in the vehicle, it does demonstrate the real-world capability of an outside attacker to at least disable a vehicle.

The reason to be concerned about the current state of vehicle system security is the prospect of coming vehicle-to-vehicle and vehicle-to-infrastructure communication systems. In 1999, the FCC allocated spectrum in the 5.9GHz range to be used for future Intelligent Transportation Systems. [5] An industry standard based on IEEE 802.11 is currently being created. [6] Allowing vehicles to communicate with each other in a distributed network would introduce many new technologies. Vehicles could can trade information about road conditions, prevent accidents caused by distracted driving, or be alerted of incoming emergency vehicles. Such systems are currently in development by manufacturers and the US Department of Transportation, and have even been tested on roads in California. [7][8]

If such vehicle communication systems are to be implemented in the future, vehicle system security will have to be redesigned with security in mind. If vehicles are able to communicate with each other – or if an attacker is able to communicate with vehicles remotely – then the impact on vehicle security needs to have the same impact that the World Wide Web had on PC security. It might be the case that no high-profile attacks have yet been made on flawed vehicle systems because of a lack of motivation on the part of would-be attackers. However, networking vehicles together, and ultimately with the Internet, is sure to invite abuse given the potential results of any attacks – picture a highway in gridlock due to disabled vehicles. Clearly the vulnerabilities and threats posed to vehicle systems are real, but as recent reports indicate, there is still very much work to be done on behalf of manufacturers.





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: