how to hack the increasingly connected car
TRANSCRIPT
How to Hack the Increasingly Connected Car
Praveen Chandrasekar
Research Manager
Automotive & Transportation
© 2014 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of
Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.
25th September 2014
Dr. Tao Zhang
Chief Scientist for Smart Connected Vehicles
Cisco Systems
2
Today’s Presenters
More than 10 years of automotive strategy consulting and research experience
• Telematics and Connected Car
• Active Safety and Automated Vehicles
Praveen Chandrasekar
Research Manager, Automotive & Transportation, Detroit, North America
http://in.linkedin.com/pub/praveen-chandrasekar/2/1b1/1b
Dr. Tao Zhang
Chief Scientist for Smart Connected Vehicles
Cisco Systems
Dr. Tao Zhang, a Fellow of the IEEE, has been Distinguished Engineer (Senior Director) and the Chief Scientist for Smart Connected Vehicles at Cisco Systems since 2012. For over 25 years, he has been directing research and product development in broadband, mobile, and vehicular networks. His leadership and technical work have resulted in new technology, standards, and products with broad impact. Dr. Zhang has co-authored two books “Vehicle Safety Communications: Protocols, Security, and Privacy” and “IP-Based Next Generation Wireless Networks” published in 2012 and 2004 respectively by John Wiley & Sons. He holds 38 patents and has published over 70 peer-reviewed technical papers on international journals and conferences
3
Focus Points
• Top Level Findings
• Areas of Vulnerability
• Threat Analysis
• Data Related Challenges
• Cisco’s Outlook on Cybersecurity
• Future Outlook
• Growth Opportunities and Key Conclusions
Today’s Agenda
4NE30-18
Key Findings
Source: Frost & Sullivan
1 There has been no real life incident on cybersecurity reported to date but the value proposition is huge as its risks the safety of passengers with over 50 vulnerable points in a car. Currently, cybersecurity is still a perceived threat as there haven’t been any incidents reported.
2 The value of electronics is about 20-25% to that of the value of present day car, this is likely to increase to 40-45% or more by 2020. If OEMs ignore the cybersecurity aspect they would be compromising their users, risking brand value and draw financial and moral liabilities towards themselves.
3 Cybersecurity has emerged as a key concern in the automotive industry as researchers across the world have demonstrated threats and risks by presenting various scenarios such as taking control of the car and turning off engines, head lights, disabling brakes, taking over steering control denial of services. However the industry cannot deal with this alone and would need to integrate with IT companies such as Cisco, CGI, IBM, etc.
4 With industry processing big data for features and services such as product planning, warranty and aftersales, marketing, connecting service providers and fleet related services, government bodies are framing laws which are working towards harvesting data ethically.
5 15 OEMs and 10 Tier 1 suppliers plan to deploy V2X application by 2015 in Europe, it is of utmost necessity to secure the communication channel. DSRC and mobile based technologies such as LTE and 4G will form a futuristic platforms. There is also a high potential for services such as smartphone application, and additional services in aftermarket OBUs and RSUs
5NE30-18
Security Threat MotivesSecurity threats are likely to manifest themselves from mere theft of cars to terrorist attacks if the industry does not take adequate steps to secure the cars.
�Manipulate firmware
�Spurious communication messages
�Activation of features
�Fake components
� Odometer Manipulation
� Extortion
� Theft
� Remote Unlock
� Stalking
� Copyrights
� Corporate Espionage
� Licenses /Agreements
Motive to steal valuable IP could lead to technology espionage. Original Equipment Manufacturers (OEMs) intelligence property could be spied on or stolen by competition, government agencies or third party
manufacturers
Modifying functionalities or manipulating equipment within a car could cause a significant damage to reputation of an OEM. This security threat through unauthorized access for OEMs will lead to loss of customers who keep away from the brand even after the issue is fixed.
Organized criminals can extort money by controlling car functionalities such as access to the car, speed , track PII, etc. Such organized crimes have access Electronic Control Unit (ECUs) or brake modules to manipulate the car .ECUs can be manipulated to change the performance of the vehicles.
Tracking locations and stalking lead to violation of privacy. VVIP, VIPs movements can be tracked for attacks. Tracking location and driving pattern information could add value for insurance companies.
Theft of vehicles can have financial gains. Most high end luxury cars today offer keyless entry and remote ignition systems which makes these cars vulnerable.
Cybersecurity Market: Security Threat Motives, Europe and North America, 2014
Source: Frost & Sullivan
6NE30-18
Partial List of Vulnerable Access PointsCyber threats can be broadly classified as hacking through communication channel, physically accessing the vehicle communication bus and remotely accessing the car through various wireless technologies.
• Cellular/Telematics Connectivity –Telematics units are equipped with connectivity which is used for various functions provides access to internal networks and ECU
• Dedicated Short-Range Communication (DSRC) - An emerging technology a proposed standard for cooperative driving can potentially transmit malicious inputs to other cars causing damage.
• Wi-Fi - Introduction of Wi-Fi hotspots makes the car’s OBD II port vulnerable to attacks by connecting wirelessly..
• CDs, USB connectivity and physical interface for entertainment units -Entertainment systems and CAN bus connectivity to update Electronic Control Unit (ECU) firmware and interface with systems within the car.
• OBD II - OBD II port in modern vehicles provide adequate access to CAN buses to control key components
• RFID Keys– These keys are embedded with an RFID tag and a reader in the car. A car can be immobilized if the correct tag is not verified.
• Keyless Entry – Remote keyless entry used to open doors and activate alarms can be blocked by jammers and allow access to cars
• Tire Pressure Monitoring System (TPMS) – TPMS alert drivers about tire pressure readings. These can be manipulated to show inconsistent readings.
• Bluetooth – Bluetooth is used as a standard to support hands free calling. Paired with phones it can be a medium to download malicious software.
CommunicationChannel Hacking
In-car hacking Remote Hacking
Cybersecurity Market: Classification of Vulnerable Points, Europe and North America, 2014
Source: Frost & Sullivan
7NE30-18
Recent University Efforts on Hacking a CarA university paper demonstrated the fragile system structure by introducing a range of potential risks in a vehicle. This has exposed the vulnerabilities in the internal bus communication in a car.
Source: University of Washington, University of California San Diego and Frost & Sullivan
Body Control Module Result Manual Over Ride
Continuously activates Lock Relay �
Windshield wipers are continuously on x
Pops Trunk x
Unlocks Doors �
Activates Horn x
Disables Headlights in Auto Light Control
x
Windshield fluid shoots continuously x
Control on horn frequency x
Control on dome light brightness x
Control on instrument brightness x
Brake or auxiliary light off x
Can force wipers off �
Engine Control Module Result Manual Over Ride
Initiate Crankshaft Re-learn �
Temporary RPM increase x
Disable cylinders, power steering or brakes
�
Kill engine �
Increase idle RPM x
Electronic Brake Control Module Result
Manual Over Ride
Engage front brakes x
Engage front right brake/ unlock front left
x
Unevenly engage right brakes x
Release brakes/ prevent braking x
Cybersecurity Market: Car Security Experiment, Europe and North America, 2014
The researchers demonstrated the hack through a combination of physical and wireless connectivity
Incase of a hack on the electronic brake control module there can be no manual over ride , this could lead to a fatal
accident.
8NE30-18
Initiative 4Research cybersecurity policies, rules and regulations
NHTSA’s Cybersecurity Research InitiativeConcern on cyber threats has prompted government bodies to initiate research projects and proactively frame laws which are similar cybersecurity laws in other industries.
Initiative 3Support developmental and implementation of voluntary standards, guidelines and best practices
Initiative 2Support developmental and implementation of voluntary standards, guidelines and best practices
Initiative 1Build automotive cybersecurity knowledge base
1Understand threats, use cases, impacts and prioritization of risks and counter measures
2 Develop systematic security assessment approach
3Collaborate on test environment, identify network security threats and cyber security gaps and develop a master collaboration plan
4Position NHTSA to establish cybersecurity requirements, explore certification approach, development of trust model and promote use of system engineering approach
5Gather findings from automotive cybersecurity studies, vehicle security assessment, and laboratory testing to detail industry minimum security requirements
Perform vehicle
cybersecurity requirement
analysis
Vehicle security
assessment analysis
Develop a vehicle cybersecurity test
and evaluation environment
Establish minimum vehicle
cybersecurity requirements
Develop cybersecurity
implementation guidance
12
43 5
Cybersecurity Market: NHTSA’s Research Initiative, Europe and North America, 2014
Source: NHTSA and Frost & Sullivan
9NE30-18
Personal Identifiable Information (PII)PII practices are key topic of discussion in North America and Europe as they try to establish norms on protecting consumer personal data.
Data Privacy
Personal Data:Information related to a person or data
attached to unique identifiers which can be identified directly or indirectly
Anonymous data : When no identity can be established by anyone with the right resources and correlation with other data sources
• Location Data• Vehicle Locator• Travel Direction
• Cell phone number
• Diagnostics Data• Automatic Update• Analytics Data,• Probe Data
US GAO’s Recommended Practices
• Providing disclosure to consumers about data collection, use and sharing
• Obtaining consent and providing controls over location data
• Having data retention practices and safeguards
• Providing accountability for protecting consumers data
EU Data Protection Elements
• Definition of personal data and understandable explanation
• Predefined purposes, time and volume limitation
• Balance of legitimate interest, consent and legal obligation
• Protect confidentiality and integrity
• Right to review, correct and object
Cybersecurity Market: Personal Identifiable Information, Europe and North America, 2014
Source: Frost & Sullivan
10NE30-18
Location Privacy Protection Act of 2014 – Senator Al FrankenThe Location privacy protection act will prevent misuse of data by corporates but it does not address a crucial aspect of location tracking law enforcement. This is addressed separately in another legislation.
Loop holes misused by companies and stalkers
Stalking apps that are freely available in the market at least victimize 25,000 adults of
GPS stalking
Car companies such as Nissan and OnStar have disclosed their user movement to third
party without consent.
Top mobile device makers and operating systems have been found collecting and
sharing location data without users affirmative consent
GAO investigations have found that app companies and in-car navigation companies
give users little information on how their location information is being used or shared
Location Privacy Protection Act
Requires companies to get permission before collecting or sharing location data
from individuals smartphones, tablets, or in car navigation devices.
Ban on development, sale and operation of GPS apps used for stalking.
Requires the federal government to gather information about GPS stalking, facilitate reporting of GPS stalking and prioritize
grants for law enforcement.
Requires companies collecting location data from 1,000 or more devices to post online
the kinds of data collected, how it is shared and how individuals can stop collecting and
sharing data
Stall GPS stalking by restricting companies from collecting data in secrecy.
Cybersecurity Market: Location Privacy Protection Act of 2014, Europe and North America, 2014
Source: Frost & Sullivan
11NE30-18
TomTom Case StudyTomTom uses location data in accordance to EU Data Protection Laws, informing users explicitly and also includes opt-in options.
ApplicationExamples of
Services Provided
Data Recipients
Location Data
Data retention period Customer Consent
TomTom
LIVE Services
• TomTom Traffic
• Mobile Speed Cameras
• Search & Go• Twitter• LIVE
QuickGPSfix• Weather
TomTom � • Erase LIVE Services
and HD Traffic journey history from internal systems within 20 minutes of switching off the device.
• No records of Location search requests, Twitter or other App use is kept
• Consent before collecting and using customer data
• Customer can switch on/off data collection on device
• The decision to send Map Share Changes or safety camera reports to TomTom is made by the customer.
Data Share Details shared Data Recipients
Integrated in-car navigation system
Contact details, identification of vehicle and navigation system and information of how TomTom has supported the customer
Car manufacturer
Customer Support and Product Repairs
Personal information Contracted business partners
Location Data Location data is shared in an aggregated form TomTom
Cybersecurity Market: TomTom Case Study, Europe and North America, 2014
Source: Frost & Sullivan
12NE30-18
How is the Ecosystem Coordinated?Specialist cybersecurity companies are working across the ecosystem to support security needs but the future might involve OEMs integrating these companies as a part of their manufacturing level.
Automotive Cybersecurity Companies
IT Companies
OEMs
• Volvo and CGI are developing a certificate based solution that secures cars online services.
• To prevent tampering Ford has built in firewalls . • Apart from firewalls Toyota embeds security chips which
shrinks outside communications
• Harman added security layers by virtually separating the entertainment system from car’s network.
• Continental has partnered with IBM and Cisco to create firewalls and gateways to control communication and flow of information.
• Tesla which has the most advanced and connected car Model S rewards hackers with badges for detecting vulnerabilities.
• Students at the Technion Isreal Institute of Technology created a system that can prompt Waze navigation application to report traffic jams. The advisers notified Waze on the cyber attack.
• Toyota plans to visit the Black Hat conference which is the largest hacker conference.
• OEMs and other ecosystem participants involved in the evolution of new technologies such as DSRC are taking serious notice of cyber attacks and are looking for ways to make these communication channels secure.
OEMs Toyota, Ford, Volvo, Tesla
Tier 1 Suppliers Continental, Harman
IT companies Cisco, IBM, CGI, Mcafee
Cybersecurity companies
Arilou Technologies, Utimaco, Escrypt, Security Innovation, CA Technologies
Cybersecurity Market: Coordination of the Ecosystem, Europe and North America, 2014
Source: Frost & Sullivan
13NE30-18
Future Value Chain Integration of Cybersecurity in CarThe future involves OEMs patenting cybersecurity technologies or acquire specialist cybersecurity companies to stay ahead of the competition.
Ford
Toyota
BMW
Tesla
Audi
Volvo
Ford
Toyota
BMW
Tesla
Audi
Volvo
Utimaco
Escrypt
Arilou Technologies
Cisco
CGI
Harman
Johnson Control
Continental
• Currently OEMs piece together a cybersecurity solution as potential standards are yet to be established .
• Tier 1 suppliers who are also working with companies like IBM and Cisco will be one stop shop in the future
Visteon
Present Future
• OEMs are coordinating with the cybersecurity value chain as their brand value is at stake in case of a cyber attack.
• Tier 1 suppliers are coordinating with the cybersecurity value chain to ensure they could build better relationships with OEMs to be a one stop shop.
Cybersecurity Market: Future Cybersecurity Value Chain, Europe and North America, 2014
Source: Frost & Sullivan
14NE30-18
Hardware30%
Professional services
10%
Software15%
Integration15%
Others30%
OEMs will be pushed towards Cybersecurity SolutionsCybersecurity is a cost constraint to OEMs as it cannot be offered as a feature to the end consumer. OEMs today have to bare the cost of securing their cars.
3-5% Cybersecurity of the cost of electronics
Cybersecurity Market: Cost Split of a cybersecurity solution, Europe and North America, 2014
Source: Frost & Sullivan
Hardware cost includes the cost of backend, additional chipsets, crypto, key management or plug in controlsIntegration costs include
implementation of business logic to a solution and integrating security critical operations and running the solution. Professional services cost
includes initial planning, architecting designing the system
Software development module includes programming the device.OEMs can participate in the development and implementation of the software module.
Others include operational services, managing critical
services, physically securing the solution and monitoring.
15NE30-18
OEM ActivitiesLuxury brands like BMW, Audi and Mercedes Benz are working with specialist companies to improve in vehicle security and Volvo, GM, and Ford are currently focusing on securing connectivity and infotainment systems.
OEM Activity Partnerships
Volvo Partnered with CGI for delivery of authentication certificates which provides with individual and secure access to online services.
CGI
General Motors
GM has developed a four – digit PIN lockout for infotainment systems available on some models.
Cisco
Ford Ford has built in firewalls to prevent malicious tampering. Not Available
Toyota Toyota is working internally towards securing DSRC connectivity and with Cisco to secure their cars through firewalls and gateways.
Cisco, and other core technology vendors
Delphi Automotive
Delphi Automotive, Battelle, Alliance of Automobile Manufacturers and the Association of Global Automakers have formed a coalition to understand cybersecurity issues.
Consortiums
Tesla Tesla approach to addressing vulnerabilities include connecting with hackers who spot weaknesses and rewarding them with a badge
Black hat hacker conferences.
BMW, Audi and
Mercedes Benz
The top three luxury vehicle brands - BMW, Audi and Mercedes Benz are working with specialist technology companies to address their cybersecurity issues and secure their cars
Cisco, Security Innovation, IBM and
other core technology vendors
Source: Frost & Sullivan
Cybersecurity Market: OEM Activities, Europe and North America, 2014
16NE30-18
How is Aviation Industry Framing it’s Cybersecurity SolutionsThe aviation industry has complex design and architecture, the NIST, FIPS, ISO, ISACA COBIT, RTCA, EUROCAE, CIPAC, CSIRT, CERT, CERIAS and CAST are working together to standardize the system
Source: Frost & Sullivan
Define design principlesEstablish a cybersecurity culture
Understand the threat
Understand the risk
Define operations principles
Conduct necessary research and development
Establish common cyber standards for aviation systems
Communicate threats and assure situational awareness
Provide incident response
Strengthen the defensive system
Ensure government and industry work together
Ensure government and industry work together
Cybersecurity Market: Aviation Industry Cybersecurity Framework, Europe and North America, 2014
17NE30-18
Secure Technology Layers that Address SafetyEngineers in the automotive industry are incorporating security solutions from design and production stages. This will take a considerable amount of time as there are no standardizations yet.
Hardware Operating System Virtualization Applications
• Digital certificates can verify authenticity of user messages. The applications can authenticate and respond to encrypted messages.
• Example: Certificates of authentication used with vehicle to vehicle communication.
• A secured operating environment or a hardened operating system will provide an added level of security. Such platforms can standardize communication and application platforms while ensuring security and reliability
Image Source: Wikipedia; Source: Frost & Sullivan
• Hardware security will protect software manipulation, secure boot and storage.
• Firewalls can be a separation between communication bus, remote interface and critical component such as the engine
• Example : EVITA “E-Safety Vehicle Intrusion Protected Application”
• With millions of codes in a car a microkernel has potential to find security lapse / weakness before deployment and can be used to verify a process.
• Virtualization partition layers such as a hardware which can run multiple operating systems over virtual machines.
• Example: OVERSEE “Open Vehicular Secure
Platform”
Cybersecurity Market: Security Layers, Europe and North America, 2014
18NE30-18
Strategic Recommendations
OEMs need to align their security goals with their business goals to ensure well thought out deployment of security solutions. There has to be a strategy in place on deploying cybersecurity based on car segments. It is highly likely that high end car models could be the first in line for such solutions.
There is a significant collaboration that needs to be worked out on the associated infrastrure in the industry. OEMs need to formulate strategies that are in line with the infrastructure. For example, DSRC technology is yet to be implemented on a commercial scale but being prepared in the security aspect will give OEMs a head start to that of the competitors.
Increasing connectivity has increased the need to establish a security standard similar to those in the software industry such as PCI standards. This is possible through collectively collaborating within the industry as the aim and goals are common.
1
2
3
Cybersecurity Market: Recommendations, Europe and North America, 2014
Source: Frost & Sullivan
Cisco ConfidentialCisco IBSG © 2011 Cisco and/or its affiliates. All rights reserved. Internet Business Solutions Group 19
Tao Zhang, Ph.D., IEEE Fellow
Cisco Systems, Inc.
September 2014
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Connected Vehicles Conventional Devices and Networks on the Internet
Implications
Onboard hardware resources (CPU, memory) are limited, hard to change, but had to remain sufficient through a vehicle’s long lifespan
Abundant resources, easier to upgrade, and much shorter lifespans
• How to ensure adequate security over a vehicle’s long lifecycle with limited and capped onboard resources?
• How to balance onboard resources vs. communication load for threat defense?
Security operations (provisioning, updates, threat remediation, etc.) could cause significant inconvenience to vehicle owners
Negligible impact on users • How to minimize user inconvenience caused by vehicle security operations?
Information from vehicles is necessary for threat detection but can be untrustworthy
Network devices are typically in protected environments
• How to determine the trustworthiness of threat-related information from vehicles?
Vehicles can be easily compromised so their valid security credentials can be used to mount security attacks
“Insider attacks” are relatively rare and insider attackers are much easier to be found
• How to handle prevalent “insider attacks” in a large connected vehicle system?
Each spare ECU’s security credentials must interoperate with every authorized vehicle
Parts of PCs, smartphones, and routers/switches do not need to be protected individually
• How to manage security credentials for the huge number of spare ECUs while preventing successful attacks from scaling?
Solutions must be highly scalable: Secure connections, key/credential management
Up to 100s of thousands of employees, few need secure connections at any time
• How to support, for one carmaker, 10+ millions of vehicles, each with 10s of ECUs and requiring many spare parts?
Standard OBD ports allow everyone to access vehicle’s internal networks and update firmware on critical ECUs
Access to any critical asset is strictly controlled
• How to defend vehicles against malware when virtually anyone can update ECU firmware?
In-vehicle devices have widely varying
capabilities and use a multitude of legacy
networks
All devices support IP • How to secure in-vehicle devices, software, and
applications?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Signature-Based
• Heavy onboard processing
• Challenge to maintain malware signature database on vehicles• Can become too large, and
hard to predict how large it will become over vehicle’s long lifespan
• Heavy overhead to keep it up to date
• Need abilities to determine trustworthiness of threat information from vehicles
• Need abilities to determine which malware is relevant to vehicles
Heuristic-Based
• Heavy onboard processing
• Complex onboard implementation
• Heuristic algorithms, and their software implementations, need to be updated over vehicle’s lifespan
Cloud-Based
• Heavy vehicle-to-cloud communication overhead
• Long delays for file execution
• Need abilities to determine trustworthiness of threat information from vehicles
• Need abilities to determine which malware is relevant to vehicles
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
3. Security CloudAssist vehicles in threat defense, update vehicle
onboard security system, detect misbehaving vehicles, remove threats before they reach vehicles, remote
malware removal,……
2. Onboard Security ServicesSecure vehicle access, secure communications, malware
defense, onboard activity monitoring, onboard authentication and key management, …
2. Onboard Security ServicesSecure vehicle access, secure communications, malware
defense, onboard activity monitoring, onboard authentication and key management, …
5. Vehicle-Cloud Interactions:for Security Cloud to assist vehicles in threat defense
5. Vehicle-Cloud Interactions:for Security Cloud to assist vehicles in threat defense
ThreatInformation &
SuspiciousFiles
Updates & Threat
Defense Assistance
6. Remote ManagementProvisioning, key management, remote monitoring
6. Remote ManagementProvisioning, key management, remote monitoring
6. Remote Management
6. Remote Management
Public Clouds
PrivateClouds
EnterpriseClouds
AutomakerClouds
1. Vehicle System Security
1. Vehicle System Security
In-Vehicle NetworksECU HW/SW,
Applications, Sensors
4. Secure V2I Communications • Dynamically
established on demand at proper protocol layers
• Scalable to support 10+ M vehicles
4. Secure V2I Communications • Dynamically
established on demand at proper protocol layers
• Scalable to support 10+ M vehicles
Remote
Traffic
2’. Secure Local Communications, Secure V2V
2’. Secure Local Communications, Secure V2V
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Thank you.
24
Poll Question
• Protection from malware and infected files
• Protection during fully and highly Automated driving modes
• Protection of user and user-specific location data
• Protection of mission-critical vehicle functional areas such as
powertrain, chassis and active safety
Where do you think the automotive industry needs maximum
attention from a security perspective?
25
Next Steps
Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or
join our GIL Global Community
Join our GIL Community NewsletterKeep abreast of innovative growth opportunities
26
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by “Rating” this presentation.
What would you like to see from Frost & Sullivan?
27
www.twitter.com/FS_Automotive
Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter
http://www.facebook.com/FrostandSullivan
http://www.linkedin.com/groups?gid=4480787&trk=hb_side_g
http://www.slideshare.net/FrostandSullivan
28
For Additional Information
Jennifer Carson
Corporate Communications
Automotive & Transportation
(210) 247-2450
Praveen Chandrasekar
Research Manager
Automotive & Transportation
(313) 515-0614
Cyril Cromier
VP Sales
Automotive & Transportation
+33 1 4281 2244