How cybersecurity safe is your vehicle?
Just as our personal computers and phones can be vulnerable to cyber attacks, so can connected and autonomous vehicles. With vehicles becoming more connected, the risk of cyber threats increases, making cybersecurity essential to protect both the car and its passengers.
Xiaojie Lin, a participant in iMOVE’s Industry PhD Program, has completed her project, Strengthening cybersecurity in vehicular networks, and is expected to submit her thesis later this year.
And it’s not only the cyber safety of vehicles themselves that is a concern here. Vehicles in the future – and in some instances this is already happening – are connected to Intelligent Transport Systems. One example of this is Vehicle-to- Everything (V2X), in which individual vehicles are connected to V2X infrastructure, collecting and sharing information via roadside sensors which is then uploaded to cloud servers.
In short, the ecosystem of vehicle connectivity offers great advances in road safety, in-car entertainment, ad much more, but also, without careful attention, has the potential to be a honeypot for all manner of unwanted and nefarious cyber intrusion, ensuring that as we step into a future of smarter and safer transportation.
CAN, communications, and connections
Modern vehicles are a veritable collection of connections, separate systems and subsystems, but brought to work together by the widely-used Controller Area Network (CAN), developed by Bosch in 1986.CAN is the internal messaging system, collecting and sharing data within the vehicle allowing the subsystems to work together.
Amongst the many things managed by CAN are engine control, power steering, advanced driver assistance systems (ADAS), airbags, and much, much more, via of course CAN and associated In-Vehicle Netork (IVN) Protocols, such as Ethernet, FleRay, Local Interconnect Network, and Media Oriented System Transport
Amongst the many things managed by CAN are engine control, power steering, advanced driver assistance systems (ADAS), airbags, in-car entertainment, and much, much more.
What CAN was not designed for was communication from sources external to the vehicle. However, in addition to internal systems it is via CAN that vehicles now communicate with external systems to enable the nascent capabilities of such things as autonomous driving and connectivity with intelligent transport systems.
This reliance on CAN is a concern, as firstly, “Due to its outdated design, which lacks authentication and encryption, CAN is susceptible to complex cyber attacks. There is a pressing need for researchers and engineers to examine CAN to identify automotive cybersecurity challenges.
Clearly that’s a huge red flag, an area demanding research and solutions. However, CAN’s decoding specifications are proprietary to Original Equipment Manufacturers (OEM), making the research demanded extremely difficult.
For this problem, for this project, Xiaojie and her team therefore had to reverse-enginee CAN in order to see exactly how CAN communicated with external sources. The product of that reverse engineering is ByCAN, which “… serves as an effective tool for the initial stages of automotive cybersecurity research, aiding researchers and engineers in further exploring vehicle communications.”
Why is securing car data and systems important?
As more vehicles allow access to external networks there are high expectations that they will become more of a honeypot for bad operators. As mentioned above we only have to look at the exponential rise in both ownership and cybercrime via mobile phones as a pointer to the dangers of vulnerable system.
Threats to connected vehicles via CAN include:
- hardware and software attacks
- infrastructure attacks,
- privacy attacks
- data trust attacks
Resulting in such specific vehicle hacks as:
- remote control of vehicles
- stealing and tracking location data
- brute force attacks on the authentication process allowing attackers to obtain multimedia-screen access
- security flaws that enable potential thieves to clone a key fob in seconds
- hackers use of a rideshare account with a stolen credit card to launder money
- rollback of odometer to display false mileage
- control of the data that autonomous vehicles sensors detect
Table – Types of IVN attacks
ATTACK | DESCRIPTION | ACCESS TYPE | IMPACT | PRIORITY |
---|---|---|---|---|
PassThru device attack | PassThru device enables clients to connect wirelessly to CAN bus. Attacker injects PassThru device with malicious code. | Wireless | Allows the attcker to fully control the car. | High |
Bus-off attack | Attacker can transit an ECU to the bus-off state by using a bit error. Bus-off state means transmission of an ECU is blocked and malicious message is injected. | Physical / Wireless | Transmission of an ECU is blocked. | High |
Malware or malicious appliance install | Could be installed by USB device. | Physical | Displays false dta on infotainment console and grants access to CAN bus network | Mid |
Blurtooth execute code into infotainment unit | Hacker can upload code from close-by vehicle to infotainment unit without the ECU control. | Wireless | Causes bug on infotainment unit or other applications. | Mid |
Bluetooth access point clone | Exploit Bluetooth protocol to detection system. | Wireless | Data transformed over the link. | High |
Hijack and modify the protocol data on OTA | Send malicious message to CAN bus on the service. | Wireless | Loss of vehicle control while driving. | High |
User's location track | Attacker can track the vehicle's movement via cellular network. | Wireless | User's location can be exposed. | Low |
CANbus eavesdropping | Normally it is a passive attack that does not interfere with communication. | Physical | Steal driver's information and impact privacy. | Mid |
Data insertion | Frame injection, replay attack and frame falsifying could be achieved by a laptop connected to OBD-II port. | Physical | Manipulate data in the vehicle system and display false data to the driver. | High |
DoS attacjk | Attacker could implement different DoS attacks on CAN bus physical layer,, | Physical | Attacker would be able to interrupt arbitrary functions in the target device. | High |
What ByCAN allows
After decoding CAN messages, and converting them into the readable ByCAN system, Xiaojie and the team at IAG were able to perform penetration testing and assess vehicle cybersecurity vulnerabilities.
From this access, the team were able to build a Penetration Testing Web App, the only such working tool in Australia. The web app can be plugged into vehicles’ On-Board Diagnostics port, allowing engineers to easily decode CAN messages and then send manipulated CAN messages to test not only vulnerabilities, but also solutions.
In addition to protecting against these vulnerabilities, the use of ByCAN allows the investigation of messaging in car accidents, which would be helpful in determining fault, and to prevent fraudulent insurance claims. It would also allow fleet managers to keep tabs on safe driving practices (though of course this perhaps crosses over into issues around privacy).
Conclusions and future work
Adversaries can infer drivers’ activities by collecting and analysing sensor data. Modern cars collect huge amounts of personal data over which the drivers have little control, especially for those cars with advanced AI or ADAS capability.
Sophisticated adversaries can hack cars to temporarily disable the normal functionalities of a car, which poses a serious safety risk to drivers and pedestrians. All of this leads to a new era of vehicle risk that is no longer only at the physical level but the invisible automotive cybersecurity aspects.
Real-world Incidents over the past 10 years, plus of course Xiaojie’s work here, proves beyond doubt that these vulnerabilities are a serious concern. The penetration testing web app developed through her work presents a breakthrough in addressing the unseen demands placed upon the mid-1989s CAN technology.
In future work ByCAN can be used to enable wider penetration testing of vehicle systems, and explore defence mechanism for existing and newly-discovered vulnerabilities.
Expected project impacts
“Outcomes from this project will enable rapid and efficient vehicle security assessment for business users, reinforce security awareness of the vehicle industry, and enhance vehicle security,” said Dr Xu Wang, Xiaojie’s PhD supervisor at the University of Technology Sydney.
“They will also assist the autonomous vehicles industry and lay a secure foundation for smart and sustainable transportation systems in the long term.”
Contact Xiaojie about her work
If you’d like to contact Xiaojie about her work, then her LinkedIn profile might be the best place to start.
You can also see more of her published work on her Google Scholar profile.