hacking your connected car: what you need to know now
TRANSCRIPT
Hacking Your Connected Car : What you need to Know Now
Kapil Kanugo
Twitter: @kapilkanugo
Smart Cars
Cars these days are 90% controlled by
electronics and 10% using mechanics. The average new car already contains around 20 individual processors to monitor and control various functions — everything from the transmission’s shift points to the operation of the defroster — with about
60 megabytes of software code.
Connected Cars
Many new cars are as “wired” as a home office — with onboard GPS navigation and wireless communications networks including Bluetooth, Wi-Fi or Internet run on Embedded OS's which run on converged Electronics to control these actions.
Seriously??
What if modern car’s onboard
electronics be “hacked” or infected by a computer virus introduced through a wireless device that might corrupt or disable or controlled by a Hacker sitting at home?
Connected Car Teardown
Connected Car Eco system
• Drivers• Smartphone Revolution• Embedded Open Operating Systems and Application Stores
• Innovation, Time-to-Market, and Cost
• Third Party Developer Ecosystem
• Electrical Vehicles
• Barriers• Safety Concerns and Risks• Government Regulation• Cellular Connectivity Cost and Coverage
• Telematics Applications• Emergency Calling (eCall)
• Roadside Assistance (bCall)
• Remote Control• Remote Diagnostics• Vehicle Tracking, Geofencing, and Driving Behavior Monitoring
• Infotainment Applications
• Multimedia• Turn-by-Turn Navigation• Social Location Applications
• Information and Content
• Communication Channels
• Customizable Dashboard Clusters
• Theft Prevention Camera Application
• Safety and Security Applications• Emergency Calling (eCall)• Roadside Assistance/Breakdown
Call (bCall)• Stolen Vehicle Tracking and
Recovery/Geofencing• Driver Behavior Monitoring• Connected Infotainment
Applications• Off-Board and Hybrid Navigation• Concierge Services• Online Services and Multimedia• Pay-as-You-Drive Insurance• Convenience Applications• Remote Diagnostics and
Maintenance• Electronic Toll Collection and
Congestion Charging• Remote Door Lock/Unlock
• Smartphone Applications• Standalone Smartphone-Based Solutions
• Smartphone Applications Linked with In-car Display, Audio, and User Interface Systems
• Use of Smartphones as Remote Controls for Embedded Systems
• Hybrid Systems• Embedded Applications
Automotive
Application Type
Consumer Telematics Services
Market Drivers
and Barriers
Automotive
Application
Categories
Types of attacks on smart cars
What types of Attacks are Are possible on
Smart Cars
Insider Attacks
Attacker can be legitimate owner w/ extended access rights
Attacker can prevent emergency protection mechanisms or security updates
Attacker doesn’t care about legal penalties
Offline attacks
Attacker has virtually unlimited time
Attacker has virtually unlimited trials
Attacker and attack are hard to detect
Physical Attacks
Asset manipulation or reads via debug interfaces, probing, side channels, decryption
Disabling, manipulating or any physical inputs, outputs and processing like brakes failure and force engine to not start
Logical Attacks
Less securely validated software attack
Less Validated hardware attackOver the network attackOver the application level
attack
Privacy Attacks
Track Vehicle movementCompromise Driver personal info or identity theft, credit card info
Manipulate traffic and GPS info for traffic
Jams or accidents
Services under Attack:
eCalleTollRemote Car ControlRemote DiagnosisDanger WarningFlashing Firmware
Where do they attack?Automotive Interfaces
Direct Interfaces
OBD-II
CAN
OEM and Hybrid Telematics Systems
Cellular
Bluetooth
USB
Wi-Fi
Connected Cars: Questions before us..
Ecosystem Drivers/Barriers ?
Usage Models ?Case Studies?
Security Arch ?1. Data Security (credit
card, personal info, location)
2. Privacy Protection and deployment of solution
3. Security as service Business models
Risk Mitigation Strategy?
Honeypots?
Enable Businesses save
cost ?Business Model ?
Where are we today?
Where do we have to go?
What YOU need to know
Prevention• Privacy Theft• Disaster Deterrence• Cryptographic
Encryption
Detection• Intruder detection• Internal security and
confidentiality
Deflection• Honeypots
Countermeasures
Risk mitigation
Recovery• Backups, • Updates, • self correcting
Five Pillars of Security Management in Vehicles:
How to safeguard
Car as a black box for defining Security and Privacy policies.
Service oriented and Layered protocol design
External data communication based on
verification if its trustworthy
Safeguard against malwares, rootkits, ROP for x86,ARM etc platforms
Connected Car Security
Connected Car
Vehicle Platform (ECU)
Portal at Automotive company delivering services
Communication link between
portal and Vehicle
Scalability
Flexible configuration and secure updates
Deployment of security policies and privacy
Security Architecture
Identity Protocol• Key Pair• Certificate• Psedonyms• Security Manager• Key Management• Security Daemon• Application Layer• Network Layer• Device Layer
Test Management Center
• Certificate Management
• Certificate Revocation
TCP/IPSecure tunnel
Internet
Security Central Control
Internet
Roadside StationsSecurity Daemon
Communication Control Layer
IEEE 802.11gWPA2 protected
Secure tunnel
Secure tunnel
Decision basis for Cryptographic Algorithms• Privacy• Key Distribution• Verification time• Security Overhead per
message• Authentication• Active revocation necessary• Security Risk• Standards and Regulation• Security header in Message
Payload transmitted
Encapsulation and abstraction
Overall on-board security architecture
Centralized maintenance of dedicated security modules.
Security API for Application developers
Static and Dynamic configuration of security policies and privacy credentials
Addition of Security payload data for each MAC transaction.
Need Modular (cost-) efficient security for:
In vehicular devices: sensors, actuators, ECU’s
HW and SW architecture securing SW apps based on HW modules
In order to
Enforce ECU s/w protection against SW attacks
Provide reliable ECU/ HW/SW configuration and protection
Based on:
Hardware based security
Security software layer
Market Trend: Use cases
Facets of Connected Car Data
Mobile Operating Systems 1. Open Source vs. Proprietary Operating Systems2. iPhone and iPod Touch1. Android2. Nokia-Symbian
and MeeGo3. Blackberry4. Java5. Windows Mobile
• Dock and Transfer of Credentials
• Media Content
• Web• Widgets• Audio• Conferencin
g• Facetime• Browsing• Searching• Maps
3G Service Provider, App Developer,
HW/SW OEM, 3rd Party
Protection Services for Your Car
1.Multi-function security bundle
2.Privacy Protection Services
3.Protection services for Cloud farm
4.Self Managed and monitored firewall service
5.Identity Protection services
6.Intrusion prevention and detection service
7.Security services for unified threat management (mass attack)
Protect software security mechanisms by:
Providing trustworthy security anchor for upper SW layers
Secure generation, secure storage and secure processing of security critical material from all malicious SW
Establish secure sessions between ECU and External entity over the network for secure communication
Reduce security costs and overhead on high volumes by:
Applying highly optimized circuitry instead of costly general purpose hardware
Business Continuity and Resiliency Services
Business continuity is vital to business success, and in today's interconnected world, virtually every aspect of a company's operation is vulnerable to disruption.
Managed Web security
Provide real-time scanning of traffic against known virus and spyware definitions
Provide an easy-to-use, Web-based policy administration that establishes appropriate usage and identifies prohibited sites, content and file types
Filter Web traffic according to your usage policy and helps block inappropriate traffic from reaching your network
Allow forwarding of "clean" Web traffic to the end user with no noticeable delay in performance
Help protect your network from new and undiscovered vulnerabilities using advanced analyses that identify suspicious activities
Include Help Desk services, security advisories, and access to the incident response team
Steps to Take
Help manage compliance with security initiatives by scanning for and classifying vulnerabilities
Provide remediation steps and data to assess and manage security risks to help reduce threat exposure
Help reduce cost and complexity of security maintenance through Intel cloud security services
Vulnerability management can detect vulnerabilities across network devices, servers, web applications and databases to help reduce risk and better manage compliance requirements. And because solution is cloud-based, customers can save on licensing fees and security operations maintenance costs