Vehicle Telecommunication: Services and Security

26 07 2012

Auto manufacturers today are focusing on enhancing the connectivity and networking experience by embedding microcontrollers and communication capabilities in the vehicle. Features such as Bluetooth, Navigation system, in vehicle infotainment, remote commands, and Wi-Fi hotspot capabilities are becoming standard fitments. These are some of the services available today:

  • Companies like ‘Relay Rides’ are offering peer-to-peer car sharing service with the help of telecommunication service providers like OnStar, where a car owner can rent out their car to another Relay Ride subscriber [1]. Both parties don’t need to meet to hand over keys. Owner leaves the keys in the car, doors are unlocked remotely, renter uses the car for the duration as per rent contract and then leaves the car with keys inside and locks the car.
  • A stolen vehicle can be slowed down remotely on the advice of police, avoiding a high speed car chase.
  • Emergency services can be dispatched to locations even when the driver is unable to communicate.
  • One can send a vehicle lock or unlock request to their car which could be several hundred miles away, using a Mobile app.
  • Similarly, start the car or stop it using key fob or mobile app.
  • There are players who offer Wi-Fi hot spot in the car so that kids can stream their favorite videos relaxing at the rear seats on a long trip. Up to eight devices can be connected at once [2].
  • There are services available which read vehicle data and present it on mobile app or in an email. One doesn’t need to check the tire pressure using a gauge anymore; mobile app reads the tire pressure, gas remaining, mileage etc. for you.

There are several players in today’s market like GM’s OnStar, Ford’s SYNC, BMW’s Assist, Lexus’ Enform, Toyota’s Safety Connect, and Mercedes’ mbrace. There is a growing concern that the security features available, to protect these devices and services is not as robust as one would like it to be. There have been several instances of security breach. ‘Proof-of-concept’ software developed using homemade software and a standard computer port dubbed ‘Carshark’ was used to demonstrate that critical safety components of a vehicle can be hacked. Another situation where approx.. 100 vehicles were disabled from a ‘remote disable system’ that was installed by a car dealership. It was later found out that it was a disgruntled former employee who remotely disabled the cars and set off the horns. There was also a case where, an aftermarket GPS navigation service provider, recorded driver behavior and was selling that data to Dutch police to target speeding vehicles [3].

Swiss researchers tested scenarios of car hacking, with key fobs in close proximity to the vehicle (within range of the antenna). Using the two-antenna approach, cars were successfully hacked and driven away. Security researchers have cracked the keys used by multiple types of key fobs, including the Hitag 2 encryption key. The proprietary encryption keys used to transmit data between the key fob, receiver, and engine are not secure enough. Only a few car manufacturers use 128-bit Advanced Encryption Standard (AES) keys. Many use 40- or 48-bit keys, which security experts regard as ineffective [4]. Similar research was carried out on tire pressure gauges and found that wireless networks built in many cars did not perform authentication or input validation.

Automotive manufacturers have been focusing on security of these embedded devices. NXP Semiconductors, which is one of the solution providers, offers authentication capabilities based on device identity and service profiling. Their microcontrollers feature hardware cryptographic accelerators (ECC, RSA, AES, DES), and support a broad range of symmetric and asymmetric (public key) algorithms and protocols. One can enable access control to in-vehicle network ensuring messages from wireless interfaces and between ECUs, are authenticated and encrypted [5].

Conclusion: Several vehicle features and services are available today, using wireless communication involving private data. This attracts hackers so that they could gather data and sell them to prospective buyers. Automobile manufacturers and telecommunication service providers are coming up with technology to secure the connection, but a lot more needs to be done.

_______________

  1. Relay Rides. https://relayrides.com/onstar
  2. Audiusa.com Home page. http://www.audiusa.com/us/brand/en/owners/audi_connect/wifi_hotspot.html
  3. Shane McGlaun, Sept 7, 2011. Automotive Security.pdf http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
  4. Mathew J. Schwartz, http://www.informationweek.com/news/security/vulnerabilities/229000561
  5. NXP Semiconductors NV., http://www.nxp.com/campaigns/connected-mobility/technologies

 

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: