Modern technology, it’s a two edge sword. Or, as the saying goes, “You can’t live with it, you can’t live without it”, don’t know what to do when it’s turned against us (I made that up, it seems fitting). We all remember the movies where the computers and robots we create turn against us.
Well that terrifying scenario no longer seems so farfetched. Charlie Miller and Chris Valesek proved, in 2013, how easy it was to hack and take over a car. Being able to do this was a monumental event that made the whole auto industry wake up to the fact that the vehicles they’re producing are extremely vulnerable to terrifying security breaches.
Miller and Valesek didn’t have malicious intentions, they only wanted to prove just how vulnerable today’s vehicles really are and what a serious security breach this really was.
The two researchers had the capability, by using only their laptops, to shut down the vehicle’s engine and shoot window washer fluid onto the windshield, which would be able to startle an unsuspecting driver, causing them to lose control of the car and crash.
The two researchers identified more than seven major categories of remote attack surfaces, based on their study of 20 models (2014 to 2015) from different manufacturers.
The research the two proved provoked the auto industry to take action with the help of FASTR (Future of Automotive Security Technology Research). FASTR recently released a manifesto, Toward Tomorrow’s ‘Organically Secure’ Vehicle, that declared its organisational and industry intentions to help enable the future of automotive security innovation.
FASTR, which was formerly “Automotive Security Review Board” (ASRB), founded by Aeris, Intel Security and Uber in 2016. FASTR is facilitating an industry-wide collaboration to drive cybersecurity across the entire automotive supply chain.
FASTR is a neutral, nonprofit consortium whose goal is to enable innovation in automotive security with a vision of self-healing vehicles. FASTR’s goal is to deliver the actionable applied and theoretical R&D needed to drive systematic coordination of cybersecurity across the entire supply chain and ensure trust in the connected and autonomous vehicle.
The total number of connected cars is expected to increase dramatically to an as many as 250 million connected cars on the roadways by 2020. However, FASTR says mass adoption of autonomous vehicles won’t happen without trust that these cars are cyber-secure.
Craig Hurst, FASTR’s executive director, said the societal benefits of connected and autonomous vehicles promise to be profound. However, with connectivity comes certain inherent risks, he warns. “Nearly every wireless communication interface in vehicles today has vulnerabilities,” he said.
The nature of the dramatic complexity of modern vehicle computing is creating a “system of systems” that introduces dependencies across systems. This means, a laptop connected to the internet, connected to poorly secured TCU (telematics control unit), connected to the brakes, he said.
“Security needs to be considered from an expansive, diverse perspective from the onset of vehicle system architecture design,” Hurst noted. “We are moving from a current state of limited but expanding vehicle connectivity (telematics, infotainment, etc.) to a highly complex, fully connected environment including vehicle to vehicle (V2V), vehicle to infrastructure control (V2I), or, more generally, vehicle to everything(V2X).”
Some of the systems that also showed vulnerability included remote keyless entry, unsecured Wi-Fi hotspots, OBD-11 (on-board diagnostic system) and USB. Intel Security in 2015 released a white paper in which it listed many of the most hackable and exposed attack surfaces on a next-generation vehicle.
When a hacker has gained access through one of these entry points, injection of controller area network (CAN) messages may be possible, to manipulate other systems in the vehicle, even safety-critical systems.
As recently as last year Miller and Valasek took their 2015 remote hack of a Jeep Cherokee to the next level, they proved they can control the accelerator, brakes, steering and electronic parking bake at more dangerous driving speeds.
“This is a new class of attacks against CAN messages, “ Miller said. “It’s still very basic in the types of messages you use“ to attack the car, he says. “It’s an easy attack.
In one attack, Miller and Valasek spun the steering wheel 90 degrees at 60 mph. They also controlled the acceleration pedal, as well as the brakes. “We can permanently lock the electronic parking brake so it’s permanently immobilised.
Even if you restart the car, the parking brake would be on and you would not be able to drive anywhere,” Miller said. “We disable all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering at any speed.”
Obviously, hacking a Jeep that is driving at high speeds makes an already serious issue tenfold. “Now you have scary levels of control,” Valasek said of the high-speed hacks.
Thank you for taking the time to visit my blog. I sincerely hope that my blog entertains, helps and gets you thinking. Please take a minute to leave a comment to start and interesting conversation, or add your interesting thoughts to an existing conversation.
For more thought provoking articles please check out: