As cars become smarter and even drive themselves, we are increasingly vulnerable to having our vehicles hacked.
Today’s automobile is a smart device and is highly sophisticated.
A modern car typically has more than 100 microprocessors, 50 electronic control units, and 100 million lines of software code. To put this sophistication in perspective, that’s 10 times more lines of code than the Boeing 787 Dreamliner, one of the most high-tech aircrafts now in use.
Software size (Millions lines of code)
Late model vehicles also are connected devices: Bluetooth links the car with cell phones, and many cars have built-in cellular communication and Wi-Fi capabilities. This connectivity enables remote start and many other features and will increase with the addition of smart infrastructure in which the road, signals and other components communicate with the vehicle and wider adoption of self-driving vehicles.
This technology and connectivity also makes cars targets for hackers who potentially could compromise a vehicle’s control and safety systems. Functions such as automatic emergency braking and remote starting would take on a completely different character if they were controlled by a remote opponent.
Connectivity means wide attack surfaces for hackers.
Car cyber security is not something you do once and then you’re done. It is a continuous process that should be part of everything you do. However, no one has the resources to do everything perfectly.
Thus, your goal should be set towards constant improvement.
Improving starts with understanding the risks and the threat landscape: understanding your adversaries, their objectives, and how they carry out their attacks.
Cyber attacks are comprised of 5 steps:
The attacker’s first goal is to identify potential targets for their mission.
Attackers are often motivated by financial gain, access to sensitive information or damage to brand. The attacker may collect information about a target company or individual from LinkedIn and the corporate website, map the supply chain, get building blueprints, gather fleet management intell, information on security systems and available entry points. They may even visit the company building, an event or call the secretary. The attacker might set up a fake company, register domains and create fake profiles for social engineering purposes. Once the attacker determines what defenses are in place, they choose their weapon. The selected vector is often impossible to prevent or detect. It can be a zero-day exploit, a spear-phishing campaign or bribing an employee. Usually there is a minimal business impact. Finally, the attacker is ready to plan an avenue of attack.
2. Intrusion and Presence
The assaillant leverages the vulnerability
At the second phase of a cyber-attack, the attacker seeks to breach the car perimeter and gain a persistent foothold in the internal environment. They may have breached the OEM FOTA platform to gain credentials, used valid credentials to download their malware as an innocent update to remote ECU. Alternatively, they may have infiltrated through the car’s infotainment, using the bluetooth-connected smartphone as access point. This is virtually untraceable. It is very typical that the targeted organization is unable to detect or respond to the attack. The initial intrusion is expanded to persistent, long-term, remote access to either the OEM’s or the company’s fleet environment.
3. Lateral Movement
The attack is spreading
Once the attacker has established an access to the internal car network like CAN or Ethernet, they seek to compromise additional networks and systems. Their goal is to expand the foothold and identify the ECUs responsible for critical functionalities. The attacker is often impersonating a legitimate component. Therefore it is very difficult to spot the intruder in this phase.
4. Privilege Escalation
The hacker is taking over the critical ECU
The attacker seeks to identify and gain the necessary level of privilege in order to achieve their objectives. They have control over access channels and credentials acquired in the previous phases.
Finally the attacker gains access to the target ECU, and is able to either run malicious code or interfere with existing one. Critical functionalities like gas, breaks and wheel steering are compromised.
5. Complete Mission
The attack goes live
The attacker reaches the final stage of their mission. They either attack passengers while driving, putting their life at risk, or corrupt critical systems and disrupt business operations. The attack can be either OEM or company targeted, and can significantly harm their brands, in addition to direct attack costs, tallying to amounts no insurance policy will cover. That’s why you need to stay alert at all times.
With cyber security, you are never done.
In our next blog posts we’ll dive deeper into each of the attack phases, and explain how we can stop the attackers.