Vehicle Telecommunication: Services and Security

26 07 2012

Auto manufacturers today are focusing on enhancing the connectivity and networking experience by embedding microcontrollers and communication capabilities in the vehicle. Features such as Bluetooth, Navigation system, in vehicle infotainment, remote commands, and Wi-Fi hotspot capabilities are becoming standard fitments. These are some of the services available today:

  • Companies like ‘Relay Rides’ are offering peer-to-peer car sharing service with the help of telecommunication service providers like OnStar, where a car owner can rent out their car to another Relay Ride subscriber [1]. Both parties don’t need to meet to hand over keys. Owner leaves the keys in the car, doors are unlocked remotely, renter uses the car for the duration as per rent contract and then leaves the car with keys inside and locks the car.
  • A stolen vehicle can be slowed down remotely on the advice of police, avoiding a high speed car chase.
  • Emergency services can be dispatched to locations even when the driver is unable to communicate.
  • One can send a vehicle lock or unlock request to their car which could be several hundred miles away, using a Mobile app.
  • Similarly, start the car or stop it using key fob or mobile app.
  • There are players who offer Wi-Fi hot spot in the car so that kids can stream their favorite videos relaxing at the rear seats on a long trip. Up to eight devices can be connected at once [2].
  • There are services available which read vehicle data and present it on mobile app or in an email. One doesn’t need to check the tire pressure using a gauge anymore; mobile app reads the tire pressure, gas remaining, mileage etc. for you.

There are several players in today’s market like GM’s OnStar, Ford’s SYNC, BMW’s Assist, Lexus’ Enform, Toyota’s Safety Connect, and Mercedes’ mbrace. There is a growing concern that the security features available, to protect these devices and services is not as robust as one would like it to be. There have been several instances of security breach. ‘Proof-of-concept’ software developed using homemade software and a standard computer port dubbed ‘Carshark’ was used to demonstrate that critical safety components of a vehicle can be hacked. Another situation where approx.. 100 vehicles were disabled from a ‘remote disable system’ that was installed by a car dealership. It was later found out that it was a disgruntled former employee who remotely disabled the cars and set off the horns. There was also a case where, an aftermarket GPS navigation service provider, recorded driver behavior and was selling that data to Dutch police to target speeding vehicles [3].

Swiss researchers tested scenarios of car hacking, with key fobs in close proximity to the vehicle (within range of the antenna). Using the two-antenna approach, cars were successfully hacked and driven away. Security researchers have cracked the keys used by multiple types of key fobs, including the Hitag 2 encryption key. The proprietary encryption keys used to transmit data between the key fob, receiver, and engine are not secure enough. Only a few car manufacturers use 128-bit Advanced Encryption Standard (AES) keys. Many use 40- or 48-bit keys, which security experts regard as ineffective [4]. Similar research was carried out on tire pressure gauges and found that wireless networks built in many cars did not perform authentication or input validation.

Automotive manufacturers have been focusing on security of these embedded devices. NXP Semiconductors, which is one of the solution providers, offers authentication capabilities based on device identity and service profiling. Their microcontrollers feature hardware cryptographic accelerators (ECC, RSA, AES, DES), and support a broad range of symmetric and asymmetric (public key) algorithms and protocols. One can enable access control to in-vehicle network ensuring messages from wireless interfaces and between ECUs, are authenticated and encrypted [5].

Conclusion: Several vehicle features and services are available today, using wireless communication involving private data. This attracts hackers so that they could gather data and sell them to prospective buyers. Automobile manufacturers and telecommunication service providers are coming up with technology to secure the connection, but a lot more needs to be done.

_______________

  1. Relay Rides. https://relayrides.com/onstar
  2. Audiusa.com Home page. http://www.audiusa.com/us/brand/en/owners/audi_connect/wifi_hotspot.html
  3. Shane McGlaun, Sept 7, 2011. Automotive Security.pdf http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
  4. Mathew J. Schwartz, http://www.informationweek.com/news/security/vulnerabilities/229000561
  5. NXP Semiconductors NV., http://www.nxp.com/campaigns/connected-mobility/technologies

 

Advertisements




Automotive Telematics/Infotainment Systems: Security Vulnerabilities and Risks

21 07 2012

Audi Chairman Rupert Stadler was spot on when he said:

 There is a revolution taking place. Some of the most exciting new consumer electronics aren’t the ones in your living rooms or in your offices. They’re the ones in your cars.” [1]

However with the rapid advancement in the development of vehicle telematics/infotainment systems and integration of numerous technologies in them the scope of security vulnerabilities in vehicles are exponentially expanding and the risk of potential hacker attack are rapidly growing.

A number of latest and upcoming telematics/infotainment systems in today’s automotive include the following features and technologies:

  • Vehicle Communication Systems: The main purpose of these systems is to establish an external data connection of the vehicle with telematics service provider using existing cellular technologies such as LTE, GSM, CDMA, etc. that practically makes the vehicle as a mobile node and provides it access to the cloud.
  • Radio User Apps: A number of new and almost all upcoming future vehicles are planned to be equipped with In-Vehicle Infotainment systems that support a wide variety of user apps. The user apps provide a variety of services that include audio/video services, access to social media, internet browsing capabilities, etc. A number of these app services are subscriptions based and typically contain sensitive user information.
  • Wi-Fi/Bluetooth/USB Mediums: A variety of connectivity mediums are supported in the latest vehicles that include Wi-Fi, Bluetooth and USB technologies that allow the vehicles to communicate and pair with external consumer devices such as user smart phones, cameras, entertainment systems, gadgets, etc. as well as with external data hotspots for internet access.
  • Web-Based Services: A number of web-based features are also available for the latest vehicles that offer services such as vehicle location capabilities, locking/unlocking vehicles remotely, remote start features, remote diagnostics, software updates, etc.

Now let’s look at some of the challenges and security vulnerabilities these services/features pose to the vehicle owner, service providers or the automotive manufacturers…

Firstly, when the vehicle is connected to the telematics service provider, it becomes a network/cloud node and usually gets assigned an IP address that allows it to communicate over the cellular link. This makes the vehicle as an interesting target for hackers as it can provide them with potentially free access to internet or backend systems through which they can perform all sorts of illegal cyber activities as well as allow them to potentially steal sensitive personal information of the user. Also, having a public IP address makes the car vulnerable to all sorts of cyber viruses and security attacks. Furthermore, a hacker can use networking hacking techniques such as port scanning, firewall loop holes, etc. to get unauthorized access to the vehicles as well as the service providers.

The other important security vulnerability is how the communication between the vehicle and telematics service provides is secured and protected. A hacker can potentially sniff the communication between the vehicle and backend service provider and can potentially steal sensitive user information such as account numbers, contact information, user names, and passwords along with other billing related information. This information can then be used by hacker on web based services to track user activities, vehicle usage, location of vehicle, etc.

Another interesting challenge/vulnerability that the new features pose is the management and storage of the static and dynamic data that is generated with the use of these telematics services in a secured manner. [2] The main challenge is to identify the different types of data services used and to manage them in a way that security of sensitive information (important personal data) is not compromised. If certain data is not stored in the automotive itself, the user needs to be notified where and how their data is getting stored and what security protocol is followed in order to address privacy concerns.

The other series of security vulnerabilities arise from the inclusion of a variety of web based apps in the infotainment systems on the vehicles. A number of apps included are supposed to provide access to social media sites to the user. Any unauthorized access to these apps can expose personal information of user to the hacker that may include usernames, passwords and other personal information. Also, a number of other apps are subscription based services that contain user information with respect to the purchased subscription. Any vulnerability or unauthorized exposure of this information to the hacker would allow him to use it in a way that would result in financial losses to the user.

The integration of different connectivity technologies brings another set of security vulnerabilities for the telematics/infotainment systems. For example, any security compromises in the Bluetooth protocol can result in the hacking of personal contacts information by the hacker or unauthorized access of user’s phone by the hacker. Any vulnerability in the USB stack can potentially result in hackers accessing the operating system of the telematics/infotainment systems that can expose sensitive system information of the user or vehicle.

Conclusion

In summary, the security vulnerabilities discussed above can result in the identity theft of vehicle users, loss of critical information such as usernames/passwords, unauthorized access to the internet by the hackers that can result in cybercrimes which can get the user in legal complications. Also, any loopholes or security weaknesses can result in legal complications and bad media publicity for the automotive manufacturers as users can potentially sue them if their security or privacy is breached or compromised.
____________

[1] Telematics Update. (Jan 12, 2011). Telematics and security: Protecting the connected car. Retrieved July 10, 2012 from < http://analysis.telematicsupdate.com/intelligent-safety/telematics-and-security-protecting-connected-car >

[2] Sastry Duri, Marco Grutese. (2002). Framework for Security and Privacy in Automotive Telematics. IBM Thomas J. Watson Research Center.





Is your vehicle safe?

20 07 2012

Problem

Everyone is starting to realize that modern vehicles have tons of computers inside them. By some counts, there are 30+ modules computing and performing different functions for your vehicle. Some control the vehicle’s engine and propulsion system, while others control various body functionalities. These computers can be hacked, just like any other. Vehicle hacking started out with people creating custom EEPROM chips that allowed racers and sports drivers to modify their vehicle’s performance for very little cost. While this could cost vehicle manufactures money it in warranty costs, it was generally of little interest, since, in some cases, it accounted for new sales—people who were interested in purchasing a car that could be easily modified. Racing and driving is already a dangerous sport, so it would be unlikely that someone modifying their vehicle’s performance would have any legal grounds to pursue against the manufacturer.

Twenty years later, today’s cars present a new problem. Modules don’t just control the performance; they can accelerate the car, turn the car, roll the windows up\down, disable propulsion, change gears, etc. Anyone with time and persistence can figure out how these work. Some information is even readily available for purchase from the OEMs, and tools can be found for around $500 US[1]. Additional users can cheat the system to reduce their costs[2]. Take, for example, OnStar, a paid service offered by General Motors that sends directions to your car, makes phone calls, connects you to a personal assistant, etc. If this system is hacked by an outside user, that person might gain the ability to send the driver bogus directions, or worse yet, disable the vehicle as it is driving 75MPH down the interstate.

These may seem like pretty rare problems or perhaps not even that serious, but picture the future of vehicles driving themselves[3]. If you tell your vehicle to go to Orlando, FL but you end up driving down a boat dock in Northern Michigan, you may end up, at the very least, pretty upset, or worse yet injured or even killed.  This is why we need to worry about tapping in!

Tapping in

How can this be possible, you ask? As any computer hacker will tell you, having access to the computer is critical, and we leave our cars parked and exposed out in the open all the time. If I told you someone could slip under your car, pinch a wire and know your driving habits or disable your car, you may not believe me. But you would be wrong. It is a very real possibility. Yesterday’s car problems were mechanical; today’s stem from software and electronics issues.

For the service community or the service savvy, it could be as simple as buying a vehicle connector and sending commands to your car. I can cite one example in particular, where on a cold weather trip, the passenger played a joke on the unaware driver by rolling the windows up and down from his laptop. Now, that just is a simple example of what can be done, but perhaps running the cruise control by

creating a gateway from your PC is another possibility. Essentially, if the hacker could pass through all messages until he starts to understand what each CAN message contains, and then slowly start to change the data between the two, this could definitely be done for cruise control and probably a few other distributed systems on today’s car.

It is the malicious few that we have to worry about and protect our vehicles against. It would be nice to know that if there was some attached module or gateway sending and changing the commands to modules, we would know about it.

Solutions

Encrypting the data could go very far in preventing most of these types of attack. Using both confusion and diffusion, bytes of messages could be scattered into multiple messages, making the message a discontinuous set of bytes rather than a set of 8,16 or 32 bit raw values. Encrypting the data using a key could also help in eliminating the values. Perhaps rather than speed going from 0-15, it goes from 0, 5,1,2 making the pattern unrecognizable, for the most, part as vehicle speed or something linear.

As to the service type attacks, these would need better passwords to protect the features they provide. Currently, these are done with fairly small numbers; let’s say a 16 bit password. Even at 16-bit, if one key is tried every three seconds, that will only take 28 hours. Three seconds is probably on the low end for someone that desperately wanted to figure that out. Not to mention, that is the max time to crack the code. In addition, the password, or “unlocking mechanism,” can be purchased through the OEM, due to legislated mandates to support your local mom and pop shops[4].

The service part is the most difficult to solve, as how does one know if the commands are coming from a legitimate user trying to fix their car or a rogue device that is going to roll down up your windows, lock your doors and turn the heat on full blast with you inside it? I would almost like to advocate that the owner of the car provides the locking key and provides it only to those he feels he can trust, rather than the key being randomly programmed at the factory and never changing over the vehicle’s life. Additionally, making the key longer will prevent much of the brute force attack, but where there is time, there is a way….





Infotainment Security – The Next Big Thing in Vehicle Telematics!

17 07 2012

Over the past few years, one of the most emerging and advanced technology in vehicle telematics is the rise of Infotainment. Infotainment basically takes your day-to-day electronic devices and integrates with your vehicle and empowers a driver to avoid driver distraction, provide hands free calling and navigation and other cool features such as touch screen, usability of Apps similar to a smartphone, Bluetooth connectivity, audio streaming, interactive messaging in case of emergencies and remote diagnostic notifications. All these features combined, provide the next best advancement in the automotive industry which is a new competitive edge for most car manufactures out there like GM with their OnStar and CUE, Ford with their Sync and MyTouch, Toyota with their Entune and Hyundai with their BlueLink systems to name a few.

But, as the saying goes, with great power comes more responsibility, is very true with these technological advancements. One of the key areas these automotive manufacturers are focusing on is security. Security plays a vital and an important role in our daily use of technology. Add to this picture, the mix of numerous electronic devices that can now be integrated with your systems and all of a sudden, all your personal data is now available to be accessed via the cloud, or through the cellular providers if one is using their data plans. One of the key challenges in the space of infotainment is, how to provide the best consumer experience for a driver from the moment they step in to their car and integrate their electronic devices such as their smart phones, MP3 players, notebooks, iPads etc. seamlessly yet keeping their information secure, private and confidential?

Some of the challenges companies face in this space is as follows:

  • Authenticating a user and their device to the vehicle, example: My personal phone is paired via Bluetooth in my vehicle and the moment I enter my vehicle the phone is paired but then, it also can access my entire contact list, last dialed calls and missed calls. The question to ask is this data being stored in the vehicle and if yes, what happens to this data when the vehicle is sold or stolen? If no, then how is my data being accessed and is it secure?
  • Authorizing the user to access and perform certain functions based on the features provided, example: most Infotainment radios in vehicle these days have embedded apps such as Pandora or Sticher. If I choose to enable these apps and stream them while driving, they are either using a Wi-Fi hotspot or my smart phone’s data plan to stream music. The question to ask is how is this data being accessed and what personal information is being used for authentication and authorization and how?
  • Providing real-time access to a backend system (use of web services and/or API’s) or cloud to share personal data (via the internet), access personal data or local settings and provide a rich consumer experience. This also plays in with the point above such that, the moment this data is on the internet, the IP address of the vehicle is now available for the open public and is vulnerable for internet attacks

One of such recent security threats was done by a group of research students from the University of Washington and California, who connected a laptop device to one of the GM Vehicles with OnStar Enabled and hacked through the OnStar Remote Link App and where able to remotely start and shut off the vehicle and honk horns and flash lights. This goes to show, if proper measures of security are not identified and implemented correctly, it’s a matter of time when actual thefts can occur causing these home based inventions.

Some ways of remediating these security threats and vulnerabilities are as follows:

  • In order to provide a secure access between the vehicle and an outbound network, it is critical to separate the two and ensure that there is constant monitoring on each of the different environments and also create a layer of security as another step between the two to restrict any attacks
  • In addition to the above, it is also critical to create a secure credential based authentication by enabling the driver to have a Username/Password to perform any basic functions such as running the apps, downloading them over the web, syncing them with the back end, deleting them etc. This can also provide a seamless experience from a website perspective if they do prefer to create and set their profiles online vs. in the vehicle.
  • Implementation of security tokens such as Auth, Access and SP tokens enables a secure transaction of data and credentials to authenticate and authorize a user
  • Ensuring all the web url’s for the web services and API’s being accessed are over HTTPS and other secure mechanisms
  • Enable root certificates and code signature level packets within all firmware files to ensure the right software goes with the right radio hardware

The above methods are among a few examples but there are a lot more other ways that are being researched in terms of security for in-vehicle telematics. The future direction of in-vehicle telematics is Vehicle-2-Vehicle communication and this is just the tip of the iceberg.

_______________

1.  EE Times, Article by: David Kleidermarcher, Green Hills Software, posted on 1/3/2012:

http://www.eetimes.com/design/embedded-internet-design/4233756/In-vehicle-infotainment-software-architecture–Genivi-and-beyond—Part-1

2.  Harmon, Infotainment Security:

http://www.harman.com/automotive/en-us/products-innovations/infotainment_systems/Pages/default.aspx

3.  Automotive IT, Article by: Hilmar Dunker, posted on 6/6/2012:

http://www.automotiveit.com/hackenberg-in-interview-explains-vws-new-infotainment-architecture/news/id-005987

4.  Gizmodo, Article by Jack Loftus, posted on 5/16/2010:

http://gizmodo.com/5540029/no-kidding-onstar-cars-can-be-hacked-remotely-controlled





Vehicle Systems Security in a Future of Vehicle-to-Vehicle Communications

13 09 2011

Imagine yourself in ten years, driving on a freeway at seventy miles per hour on your way to work. As you reach for your coffee, you notice the cars ahead of you are stopped. You let your foot off the throttle but don’t apply the brakes. After all, your car became aware of the stopped traffic many seconds before you could see them. In a few more seconds the vehicle will apply the brakes on its own and gently roll to a stop. Before the car slows, you order the vehicle’s entertainment system to play your favorite song. Unfortunately when you uploaded the song to the car’s storage the previous day, you did not realize it was actually a virus disguised as a song. The malware has already modified various electronic control units (ECUs) in your car, including the brakes. As you look up from your phone to check the road, you quickly realize your car is still traveling at seventy miles per hour and is mere yards away from the stopped traffic. You frantically mash the brakes, but the infected ECU ignores your input. It is too late.

As implausible as that scenario may seem, it is not impossible given the state of security in today’s vehicles. In 2010, researchers from the University of Washington and the University of California San Diego highlighted many known vulnerabilities by demonstrating the ability to “directly manipulate… all ECUs” in a test car, including safety critical ECUs such as those controlling anti-lock brakes or traction control. [1] This last August, the same group released another damning report by demonstrating the ability to remotely execute attacks on vehicle ECUs resulting in “complete control over the vehicle’s systems.” [2] Last week, McAfee and embedded software company Wind River released a report highlighting the emerging risks in vehicle security. [3]

If at first you are not convinced that these vulnerabilities pose a significant risk, then you would be correct to feel that way. To date, there have been no significant, malicious attacks on vehicle systems outside of academia. However, in 2010 a disgruntled former employee of a Texas car dealer was able to remotely disable over one hundred vehicles through unauthorized use of a vehicle immobilization program installed by the dealer to punish customers who fail to pay loans or meet lease requirements. [4] Although this attack required the software to be physically installed in the vehicle, it does demonstrate the real-world capability of an outside attacker to at least disable a vehicle.

The reason to be concerned about the current state of vehicle system security is the prospect of coming vehicle-to-vehicle and vehicle-to-infrastructure communication systems. In 1999, the FCC allocated spectrum in the 5.9GHz range to be used for future Intelligent Transportation Systems. [5] An industry standard based on IEEE 802.11 is currently being created. [6] Allowing vehicles to communicate with each other in a distributed network would introduce many new technologies. Vehicles could can trade information about road conditions, prevent accidents caused by distracted driving, or be alerted of incoming emergency vehicles. Such systems are currently in development by manufacturers and the US Department of Transportation, and have even been tested on roads in California. [7][8]

If such vehicle communication systems are to be implemented in the future, vehicle system security will have to be redesigned with security in mind. If vehicles are able to communicate with each other – or if an attacker is able to communicate with vehicles remotely – then the impact on vehicle security needs to have the same impact that the World Wide Web had on PC security. It might be the case that no high-profile attacks have yet been made on flawed vehicle systems because of a lack of motivation on the part of would-be attackers. However, networking vehicles together, and ultimately with the Internet, is sure to invite abuse given the potential results of any attacks – picture a highway in gridlock due to disabled vehicles. Clearly the vulnerabilities and threats posed to vehicle systems are real, but as recent reports indicate, there is still very much work to be done on behalf of manufacturers.

______________________________
[1] http://www.autosec.org/pubs/cars-oakland2010.pdf
[2] http://www.autosec.org/pubs/cars-usenixsec2011.pdf
[3] http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
[4] http://www.pcworld.com/article/191856/exemployee_wreaks_havoc_on_100_cars_wirelessly.html
[5] http://transition.fcc.gov/Bureaus/Engineering_Technology/News_Releases/1999/nret9006.html
[6] http://grouper.ieee.org/groups/802/11/Reports/tgp_update.htm
[7] http://newcarbuyingguide.com/index.php/news/main/5684/event=view
[8] http://www.its.dot.gov/research/v2v.htm