Is your vehicle safe?

20 07 2012

Problem

Everyone is starting to realize that modern vehicles have tons of computers inside them. By some counts, there are 30+ modules computing and performing different functions for your vehicle. Some control the vehicle’s engine and propulsion system, while others control various body functionalities. These computers can be hacked, just like any other. Vehicle hacking started out with people creating custom EEPROM chips that allowed racers and sports drivers to modify their vehicle’s performance for very little cost. While this could cost vehicle manufactures money it in warranty costs, it was generally of little interest, since, in some cases, it accounted for new sales—people who were interested in purchasing a car that could be easily modified. Racing and driving is already a dangerous sport, so it would be unlikely that someone modifying their vehicle’s performance would have any legal grounds to pursue against the manufacturer.

Twenty years later, today’s cars present a new problem. Modules don’t just control the performance; they can accelerate the car, turn the car, roll the windows up\down, disable propulsion, change gears, etc. Anyone with time and persistence can figure out how these work. Some information is even readily available for purchase from the OEMs, and tools can be found for around $500 US[1]. Additional users can cheat the system to reduce their costs[2]. Take, for example, OnStar, a paid service offered by General Motors that sends directions to your car, makes phone calls, connects you to a personal assistant, etc. If this system is hacked by an outside user, that person might gain the ability to send the driver bogus directions, or worse yet, disable the vehicle as it is driving 75MPH down the interstate.

These may seem like pretty rare problems or perhaps not even that serious, but picture the future of vehicles driving themselves[3]. If you tell your vehicle to go to Orlando, FL but you end up driving down a boat dock in Northern Michigan, you may end up, at the very least, pretty upset, or worse yet injured or even killed.  This is why we need to worry about tapping in!

Tapping in

How can this be possible, you ask? As any computer hacker will tell you, having access to the computer is critical, and we leave our cars parked and exposed out in the open all the time. If I told you someone could slip under your car, pinch a wire and know your driving habits or disable your car, you may not believe me. But you would be wrong. It is a very real possibility. Yesterday’s car problems were mechanical; today’s stem from software and electronics issues.

For the service community or the service savvy, it could be as simple as buying a vehicle connector and sending commands to your car. I can cite one example in particular, where on a cold weather trip, the passenger played a joke on the unaware driver by rolling the windows up and down from his laptop. Now, that just is a simple example of what can be done, but perhaps running the cruise control by

creating a gateway from your PC is another possibility. Essentially, if the hacker could pass through all messages until he starts to understand what each CAN message contains, and then slowly start to change the data between the two, this could definitely be done for cruise control and probably a few other distributed systems on today’s car.

It is the malicious few that we have to worry about and protect our vehicles against. It would be nice to know that if there was some attached module or gateway sending and changing the commands to modules, we would know about it.

Solutions

Encrypting the data could go very far in preventing most of these types of attack. Using both confusion and diffusion, bytes of messages could be scattered into multiple messages, making the message a discontinuous set of bytes rather than a set of 8,16 or 32 bit raw values. Encrypting the data using a key could also help in eliminating the values. Perhaps rather than speed going from 0-15, it goes from 0, 5,1,2 making the pattern unrecognizable, for the most, part as vehicle speed or something linear.

As to the service type attacks, these would need better passwords to protect the features they provide. Currently, these are done with fairly small numbers; let’s say a 16 bit password. Even at 16-bit, if one key is tried every three seconds, that will only take 28 hours. Three seconds is probably on the low end for someone that desperately wanted to figure that out. Not to mention, that is the max time to crack the code. In addition, the password, or “unlocking mechanism,” can be purchased through the OEM, due to legislated mandates to support your local mom and pop shops[4].

The service part is the most difficult to solve, as how does one know if the commands are coming from a legitimate user trying to fix their car or a rogue device that is going to roll down up your windows, lock your doors and turn the heat on full blast with you inside it? I would almost like to advocate that the owner of the car provides the locking key and provides it only to those he feels he can trust, rather than the key being randomly programmed at the factory and never changing over the vehicle’s life. Additionally, making the key longer will prevent much of the brute force attack, but where there is time, there is a way….

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: