how to hack the increasingly connected car

How to Hack the Increasingly Connected Car

Praveen Chandrasekar

Research Manager

Automotive & Transportation

© 2014 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of

Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.

25th September 2014

Dr. Tao Zhang

Chief Scientist for Smart Connected Vehicles

Cisco Systems

2

Today’s Presenters

More than 10 years of automotive strategy consulting and research experience

• Telematics and Connected Car

• Active Safety and Automated Vehicles


Research Manager, Automotive & Transportation, Detroit, North America

http://in.linkedin.com/pub/praveen-chandrasekar/2/1b1/1b

Dr. Tao Zhang

Chief Scientist for Smart Connected Vehicles

Cisco Systems

Dr. Tao Zhang, a Fellow of the IEEE, has been Distinguished Engineer (Senior Director) and the Chief Scientist for Smart Connected Vehicles at Cisco Systems since 2012. For over 25 years, he has been directing research and product development in broadband, mobile, and vehicular networks. His leadership and technical work have resulted in new technology, standards, and products with broad impact. Dr. Zhang has co-authored two books “Vehicle Safety Communications: Protocols, Security, and Privacy” and “IP-Based Next Generation Wireless Networks” published in 2012 and 2004 respectively by John Wiley & Sons. He holds 38 patents and has published over 70 peer-reviewed technical papers on international journals and conferences

3

Focus Points

• Top Level Findings

• Areas of Vulnerability

• Threat Analysis

• Data Related Challenges

• Cisco’s Outlook on Cybersecurity

• Future Outlook

• Growth Opportunities and Key Conclusions

Today’s Agenda

4NE30-18

Key Findings

Source: Frost & Sullivan

1 There has been no real life incident on cybersecurity reported to date but the value proposition is huge as its risks the safety of passengers with over 50 vulnerable points in a car. Currently, cybersecurity is still a perceived threat as there haven’t been any incidents reported.

2 The value of electronics is about 20-25% to that of the value of present day car, this is likely to increase to 40-45% or more by 2020. If OEMs ignore the cybersecurity aspect they would be compromising their users, risking brand value and draw financial and moral liabilities towards themselves.

3 Cybersecurity has emerged as a key concern in the automotive industry as researchers across the world have demonstrated threats and risks by presenting various scenarios such as taking control of the car and turning off engines, head lights, disabling brakes, taking over steering control denial of services. However the industry cannot deal with this alone and would need to integrate with IT companies such as Cisco, CGI, IBM, etc.

4 With industry processing big data for features and services such as product planning, warranty and aftersales, marketing, connecting service providers and fleet related services, government bodies are framing laws which are working towards harvesting data ethically.

5 15 OEMs and 10 Tier 1 suppliers plan to deploy V2X application by 2015 in Europe, it is of utmost necessity to secure the communication channel. DSRC and mobile based technologies such as LTE and 4G will form a futuristic platforms. There is also a high potential for services such as smartphone application, and additional services in aftermarket OBUs and RSUs

5NE30-18

Security Threat MotivesSecurity threats are likely to manifest themselves from mere theft of cars to terrorist attacks if the industry does not take adequate steps to secure the cars.

�Manipulate firmware

�Spurious communication messages

�Activation of features

�Fake components

� Odometer Manipulation

� Extortion

� Theft

� Remote Unlock

� Stalking

� Copyrights

� Corporate Espionage

� Licenses /Agreements

Motive to steal valuable IP could lead to technology espionage. Original Equipment Manufacturers (OEMs) intelligence property could be spied on or stolen by competition, government agencies or third party

manufacturers

Modifying functionalities or manipulating equipment within a car could cause a significant damage to reputation of an OEM. This security threat through unauthorized access for OEMs will lead to loss of customers who keep away from the brand even after the issue is fixed.

Organized criminals can extort money by controlling car functionalities such as access to the car, speed , track PII, etc. Such organized crimes have access Electronic Control Unit (ECUs) or brake modules to manipulate the car .ECUs can be manipulated to change the performance of the vehicles.

Tracking locations and stalking lead to violation of privacy. VVIP, VIPs movements can be tracked for attacks. Tracking location and driving pattern information could add value for insurance companies.

Theft of vehicles can have financial gains. Most high end luxury cars today offer keyless entry and remote ignition systems which makes these cars vulnerable.

Cybersecurity Market: Security Threat Motives, Europe and North America, 2014


6NE30-18

Partial List of Vulnerable Access PointsCyber threats can be broadly classified as hacking through communication channel, physically accessing the vehicle communication bus and remotely accessing the car through various wireless technologies.

• Cellular/Telematics Connectivity –Telematics units are equipped with connectivity which is used for various functions provides access to internal networks and ECU

• Dedicated Short-Range Communication (DSRC) - An emerging technology a proposed standard for cooperative driving can potentially transmit malicious inputs to other cars causing damage.

• Wi-Fi - Introduction of Wi-Fi hotspots makes the car’s OBD II port vulnerable to attacks by connecting wirelessly..

• CDs, USB connectivity and physical interface for entertainment units -Entertainment systems and CAN bus connectivity to update Electronic Control Unit (ECU) firmware and interface with systems within the car.

• OBD II - OBD II port in modern vehicles provide adequate access to CAN buses to control key components

• RFID Keys– These keys are embedded with an RFID tag and a reader in the car. A car can be immobilized if the correct tag is not verified.

• Keyless Entry – Remote keyless entry used to open doors and activate alarms can be blocked by jammers and allow access to cars

• Tire Pressure Monitoring System (TPMS) – TPMS alert drivers about tire pressure readings. These can be manipulated to show inconsistent readings.

• Bluetooth – Bluetooth is used as a standard to support hands free calling. Paired with phones it can be a medium to download malicious software.

CommunicationChannel Hacking

In-car hacking Remote Hacking

Cybersecurity Market: Classification of Vulnerable Points, Europe and North America, 2014


7NE30-18

Recent University Efforts on Hacking a CarA university paper demonstrated the fragile system structure by introducing a range of potential risks in a vehicle. This has exposed the vulnerabilities in the internal bus communication in a car.

Source: University of Washington, University of California San Diego and Frost & Sullivan

Body Control Module Result Manual Over Ride

Continuously activates Lock Relay �

Windshield wipers are continuously on x

Pops Trunk x

Unlocks Doors �

Activates Horn x

Disables Headlights in Auto Light Control

x

Windshield fluid shoots continuously x

Control on horn frequency x

Control on dome light brightness x

Control on instrument brightness x

Brake or auxiliary light off x

Can force wipers off �

Engine Control Module Result Manual Over Ride

Initiate Crankshaft Re-learn �

Temporary RPM increase x

Disable cylinders, power steering or brakes

�

Kill engine �

Increase idle RPM x

Electronic Brake Control Module Result

Manual Over Ride

Engage front brakes x

Engage front right brake/ unlock front left

x

Unevenly engage right brakes x

Release brakes/ prevent braking x

Cybersecurity Market: Car Security Experiment, Europe and North America, 2014

The researchers demonstrated the hack through a combination of physical and wireless connectivity

Incase of a hack on the electronic brake control module there can be no manual over ride , this could lead to a fatal

accident.

8NE30-18

Initiative 4Research cybersecurity policies, rules and regulations

NHTSA’s Cybersecurity Research InitiativeConcern on cyber threats has prompted government bodies to initiate research projects and proactively frame laws which are similar cybersecurity laws in other industries.

Initiative 3Support developmental and implementation of voluntary standards, guidelines and best practices

Initiative 2Support developmental and implementation of voluntary standards, guidelines and best practices

Initiative 1Build automotive cybersecurity knowledge base

1Understand threats, use cases, impacts and prioritization of risks and counter measures

2 Develop systematic security assessment approach

3Collaborate on test environment, identify network security threats and cyber security gaps and develop a master collaboration plan

4Position NHTSA to establish cybersecurity requirements, explore certification approach, development of trust model and promote use of system engineering approach

5Gather findings from automotive cybersecurity studies, vehicle security assessment, and laboratory testing to detail industry minimum security requirements

Perform vehicle

cybersecurity requirement

analysis

Vehicle security

assessment analysis

Develop a vehicle cybersecurity test

and evaluation environment

Establish minimum vehicle

cybersecurity requirements

Develop cybersecurity

implementation guidance

12

43 5

Cybersecurity Market: NHTSA’s Research Initiative, Europe and North America, 2014

Source: NHTSA and Frost & Sullivan

9NE30-18

Personal Identifiable Information (PII)PII practices are key topic of discussion in North America and Europe as they try to establish norms on protecting consumer personal data.

Data Privacy

Personal Data:Information related to a person or data

attached to unique identifiers which can be identified directly or indirectly

Anonymous data : When no identity can be established by anyone with the right resources and correlation with other data sources

• Location Data• Vehicle Locator• Travel Direction

• Cell phone number

• Diagnostics Data• Automatic Update• Analytics Data,• Probe Data

US GAO’s Recommended Practices

• Providing disclosure to consumers about data collection, use and sharing

• Obtaining consent and providing controls over location data

• Having data retention practices and safeguards

• Providing accountability for protecting consumers data

EU Data Protection Elements

• Definition of personal data and understandable explanation

• Predefined purposes, time and volume limitation

• Balance of legitimate interest, consent and legal obligation

• Protect confidentiality and integrity

• Right to review, correct and object

Cybersecurity Market: Personal Identifiable Information, Europe and North America, 2014


10NE30-18

Location Privacy Protection Act of 2014 – Senator Al FrankenThe Location privacy protection act will prevent misuse of data by corporates but it does not address a crucial aspect of location tracking law enforcement. This is addressed separately in another legislation.

Loop holes misused by companies and stalkers

Stalking apps that are freely available in the market at least victimize 25,000 adults of

GPS stalking

Car companies such as Nissan and OnStar have disclosed their user movement to third

party without consent.

Top mobile device makers and operating systems have been found collecting and

sharing location data without users affirmative consent

GAO investigations have found that app companies and in-car navigation companies

give users little information on how their location information is being used or shared

Location Privacy Protection Act

Requires companies to get permission before collecting or sharing location data

from individuals smartphones, tablets, or in car navigation devices.

Ban on development, sale and operation of GPS apps used for stalking.

Requires the federal government to gather information about GPS stalking, facilitate reporting of GPS stalking and prioritize

grants for law enforcement.

Requires companies collecting location data from 1,000 or more devices to post online

the kinds of data collected, how it is shared and how individuals can stop collecting and

sharing data

Stall GPS stalking by restricting companies from collecting data in secrecy.

Cybersecurity Market: Location Privacy Protection Act of 2014, Europe and North America, 2014


11NE30-18

TomTom Case StudyTomTom uses location data in accordance to EU Data Protection Laws, informing users explicitly and also includes opt-in options.

ApplicationExamples of

Services Provided

Data Recipients

Location Data

Data retention period Customer Consent

TomTom

LIVE Services

• TomTom Traffic

• Mobile Speed Cameras

• Search & Go• Twitter• LIVE

QuickGPSfix• Weather

TomTom � • Erase LIVE Services

and HD Traffic journey history from internal systems within 20 minutes of switching off the device.

• No records of Location search requests, Twitter or other App use is kept

• Consent before collecting and using customer data

• Customer can switch on/off data collection on device

• The decision to send Map Share Changes or safety camera reports to TomTom is made by the customer.

Data Share Details shared Data Recipients

Integrated in-car navigation system

Contact details, identification of vehicle and navigation system and information of how TomTom has supported the customer

Car manufacturer

Customer Support and Product Repairs

Personal information Contracted business partners

Location Data Location data is shared in an aggregated form TomTom

Cybersecurity Market: TomTom Case Study, Europe and North America, 2014


12NE30-18

How is the Ecosystem Coordinated?Specialist cybersecurity companies are working across the ecosystem to support security needs but the future might involve OEMs integrating these companies as a part of their manufacturing level.

Automotive Cybersecurity Companies

IT Companies

OEMs

• Volvo and CGI are developing a certificate based solution that secures cars online services.

• To prevent tampering Ford has built in firewalls . • Apart from firewalls Toyota embeds security chips which

shrinks outside communications

• Harman added security layers by virtually separating the entertainment system from car’s network.

• Continental has partnered with IBM and Cisco to create firewalls and gateways to control communication and flow of information.

• Tesla which has the most advanced and connected car Model S rewards hackers with badges for detecting vulnerabilities.

• Students at the Technion Isreal Institute of Technology created a system that can prompt Waze navigation application to report traffic jams. The advisers notified Waze on the cyber attack.

• Toyota plans to visit the Black Hat conference which is the largest hacker conference.

• OEMs and other ecosystem participants involved in the evolution of new technologies such as DSRC are taking serious notice of cyber attacks and are looking for ways to make these communication channels secure.

OEMs Toyota, Ford, Volvo, Tesla

Tier 1 Suppliers Continental, Harman

IT companies Cisco, IBM, CGI, Mcafee

Cybersecurity companies

Arilou Technologies, Utimaco, Escrypt, Security Innovation, CA Technologies

Cybersecurity Market: Coordination of the Ecosystem, Europe and North America, 2014


13NE30-18

Future Value Chain Integration of Cybersecurity in CarThe future involves OEMs patenting cybersecurity technologies or acquire specialist cybersecurity companies to stay ahead of the competition.

Ford

Toyota

BMW

Tesla

Audi

Volvo

Ford

Toyota

BMW

Tesla

Audi

Volvo

Utimaco

Escrypt

Arilou Technologies

Cisco

CGI

Harman

Johnson Control

Continental

• Currently OEMs piece together a cybersecurity solution as potential standards are yet to be established .

• Tier 1 suppliers who are also working with companies like IBM and Cisco will be one stop shop in the future

Visteon

Present Future

• OEMs are coordinating with the cybersecurity value chain as their brand value is at stake in case of a cyber attack.

• Tier 1 suppliers are coordinating with the cybersecurity value chain to ensure they could build better relationships with OEMs to be a one stop shop.

Cybersecurity Market: Future Cybersecurity Value Chain, Europe and North America, 2014


14NE30-18

Hardware30%

Professional services

10%

Software15%

Integration15%

Others30%

OEMs will be pushed towards Cybersecurity SolutionsCybersecurity is a cost constraint to OEMs as it cannot be offered as a feature to the end consumer. OEMs today have to bare the cost of securing their cars.

3-5% Cybersecurity of the cost of electronics

Cybersecurity Market: Cost Split of a cybersecurity solution, Europe and North America, 2014


Hardware cost includes the cost of backend, additional chipsets, crypto, key management or plug in controlsIntegration costs include

implementation of business logic to a solution and integrating security critical operations and running the solution. Professional services cost

includes initial planning, architecting designing the system

Software development module includes programming the device.OEMs can participate in the development and implementation of the software module.

Others include operational services, managing critical

services, physically securing the solution and monitoring.

15NE30-18

OEM ActivitiesLuxury brands like BMW, Audi and Mercedes Benz are working with specialist companies to improve in vehicle security and Volvo, GM, and Ford are currently focusing on securing connectivity and infotainment systems.

OEM Activity Partnerships

Volvo Partnered with CGI for delivery of authentication certificates which provides with individual and secure access to online services.

CGI

General Motors

GM has developed a four – digit PIN lockout for infotainment systems available on some models.

Cisco

Ford Ford has built in firewalls to prevent malicious tampering. Not Available

Toyota Toyota is working internally towards securing DSRC connectivity and with Cisco to secure their cars through firewalls and gateways.

Cisco, and other core technology vendors

Delphi Automotive

Delphi Automotive, Battelle, Alliance of Automobile Manufacturers and the Association of Global Automakers have formed a coalition to understand cybersecurity issues.

Consortiums

Tesla Tesla approach to addressing vulnerabilities include connecting with hackers who spot weaknesses and rewarding them with a badge

Black hat hacker conferences.

BMW, Audi and

Mercedes Benz

The top three luxury vehicle brands - BMW, Audi and Mercedes Benz are working with specialist technology companies to address their cybersecurity issues and secure their cars

Cisco, Security Innovation, IBM and

other core technology vendors


Cybersecurity Market: OEM Activities, Europe and North America, 2014

16NE30-18

How is Aviation Industry Framing it’s Cybersecurity SolutionsThe aviation industry has complex design and architecture, the NIST, FIPS, ISO, ISACA COBIT, RTCA, EUROCAE, CIPAC, CSIRT, CERT, CERIAS and CAST are working together to standardize the system


Define design principlesEstablish a cybersecurity culture

Understand the threat

Understand the risk

Define operations principles

Conduct necessary research and development

Establish common cyber standards for aviation systems

Communicate threats and assure situational awareness

Provide incident response

Strengthen the defensive system

Ensure government and industry work together

Ensure government and industry work together

Cybersecurity Market: Aviation Industry Cybersecurity Framework, Europe and North America, 2014

17NE30-18

Secure Technology Layers that Address SafetyEngineers in the automotive industry are incorporating security solutions from design and production stages. This will take a considerable amount of time as there are no standardizations yet.

Hardware Operating System Virtualization Applications

• Digital certificates can verify authenticity of user messages. The applications can authenticate and respond to encrypted messages.

• Example: Certificates of authentication used with vehicle to vehicle communication.

• A secured operating environment or a hardened operating system will provide an added level of security. Such platforms can standardize communication and application platforms while ensuring security and reliability

Image Source: Wikipedia; Source: Frost & Sullivan

• Hardware security will protect software manipulation, secure boot and storage.

• Firewalls can be a separation between communication bus, remote interface and critical component such as the engine

• Example : EVITA “E-Safety Vehicle Intrusion Protected Application”

• With millions of codes in a car a microkernel has potential to find security lapse / weakness before deployment and can be used to verify a process.

• Virtualization partition layers such as a hardware which can run multiple operating systems over virtual machines.

• Example: OVERSEE “Open Vehicular Secure

Platform”

Cybersecurity Market: Security Layers, Europe and North America, 2014

18NE30-18

Strategic Recommendations

OEMs need to align their security goals with their business goals to ensure well thought out deployment of security solutions. There has to be a strategy in place on deploying cybersecurity based on car segments. It is highly likely that high end car models could be the first in line for such solutions.

There is a significant collaboration that needs to be worked out on the associated infrastrure in the industry. OEMs need to formulate strategies that are in line with the infrastructure. For example, DSRC technology is yet to be implemented on a commercial scale but being prepared in the security aspect will give OEMs a head start to that of the competitors.

Increasing connectivity has increased the need to establish a security standard similar to those in the software industry such as PCI standards. This is possible through collectively collaborating within the industry as the aim and goals are common.

1

2

3

Cybersecurity Market: Recommendations, Europe and North America, 2014


Cisco ConfidentialCisco IBSG © 2011 Cisco and/or its affiliates. All rights reserved. Internet Business Solutions Group 19

Tao Zhang, Ph.D., IEEE Fellow

Cisco Systems, Inc.

September 2014

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Connected Vehicles Conventional Devices and Networks on the Internet

Implications

Onboard hardware resources (CPU, memory) are limited, hard to change, but had to remain sufficient through a vehicle’s long lifespan

Abundant resources, easier to upgrade, and much shorter lifespans

• How to ensure adequate security over a vehicle’s long lifecycle with limited and capped onboard resources?

• How to balance onboard resources vs. communication load for threat defense?

Security operations (provisioning, updates, threat remediation, etc.) could cause significant inconvenience to vehicle owners

Negligible impact on users • How to minimize user inconvenience caused by vehicle security operations?

Information from vehicles is necessary for threat detection but can be untrustworthy

Network devices are typically in protected environments

• How to determine the trustworthiness of threat-related information from vehicles?

Vehicles can be easily compromised so their valid security credentials can be used to mount security attacks

“Insider attacks” are relatively rare and insider attackers are much easier to be found

• How to handle prevalent “insider attacks” in a large connected vehicle system?

Each spare ECU’s security credentials must interoperate with every authorized vehicle

Parts of PCs, smartphones, and routers/switches do not need to be protected individually

• How to manage security credentials for the huge number of spare ECUs while preventing successful attacks from scaling?

Solutions must be highly scalable: Secure connections, key/credential management

Up to 100s of thousands of employees, few need secure connections at any time

• How to support, for one carmaker, 10+ millions of vehicles, each with 10s of ECUs and requiring many spare parts?

Standard OBD ports allow everyone to access vehicle’s internal networks and update firmware on critical ECUs

Access to any critical asset is strictly controlled

• How to defend vehicles against malware when virtually anyone can update ECU firmware?

In-vehicle devices have widely varying

capabilities and use a multitude of legacy

networks

All devices support IP • How to secure in-vehicle devices, software, and

applications?


Signature-Based

• Heavy onboard processing

• Challenge to maintain malware signature database on vehicles• Can become too large, and

hard to predict how large it will become over vehicle’s long lifespan

• Heavy overhead to keep it up to date

• Need abilities to determine trustworthiness of threat information from vehicles

• Need abilities to determine which malware is relevant to vehicles

Heuristic-Based

• Heavy onboard processing

• Complex onboard implementation

• Heuristic algorithms, and their software implementations, need to be updated over vehicle’s lifespan

Cloud-Based

• Heavy vehicle-to-cloud communication overhead

• Long delays for file execution

• Need abilities to determine trustworthiness of threat information from vehicles

• Need abilities to determine which malware is relevant to vehicles


3. Security CloudAssist vehicles in threat defense, update vehicle

onboard security system, detect misbehaving vehicles, remove threats before they reach vehicles, remote

malware removal,……

2. Onboard Security ServicesSecure vehicle access, secure communications, malware

defense, onboard activity monitoring, onboard authentication and key management, …

2. Onboard Security ServicesSecure vehicle access, secure communications, malware

defense, onboard activity monitoring, onboard authentication and key management, …

5. Vehicle-Cloud Interactions:for Security Cloud to assist vehicles in threat defense

5. Vehicle-Cloud Interactions:for Security Cloud to assist vehicles in threat defense

ThreatInformation &

SuspiciousFiles

Updates & Threat

Defense Assistance

6. Remote ManagementProvisioning, key management, remote monitoring

6. Remote ManagementProvisioning, key management, remote monitoring

6. Remote Management

6. Remote Management

Public Clouds

PrivateClouds

EnterpriseClouds

AutomakerClouds

1. Vehicle System Security

1. Vehicle System Security

In-Vehicle NetworksECU HW/SW,

Applications, Sensors

4. Secure V2I Communications • Dynamically

established on demand at proper protocol layers

• Scalable to support 10+ M vehicles

4. Secure V2I Communications • Dynamically

established on demand at proper protocol layers

• Scalable to support 10+ M vehicles

Remote

Traffic

2’. Secure Local Communications, Secure V2V

2’. Secure Local Communications, Secure V2V


Thank you.

24

Poll Question

• Protection from malware and infected files

• Protection during fully and highly Automated driving modes

• Protection of user and user-specific location data

• Protection of mission-critical vehicle functional areas such as

powertrain, chassis and active safety

Where do you think the automotive industry needs maximum

attention from a security perspective?

25

Next Steps

Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or

join our GIL Global Community

Join our GIL Community NewsletterKeep abreast of innovative growth opportunities

26

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by “Rating” this presentation.

What would you like to see from Frost & Sullivan?

27

www.twitter.com/FS_Automotive

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/FrostandSullivan

http://www.linkedin.com/groups?gid=4480787&trk=hb_side_g

http://www.slideshare.net/FrostandSullivan

28

For Additional Information

Jennifer Carson

Corporate Communications


(210) 247-2450

[email protected]


Research Manager


(313) 515-0614

[email protected]

Cyril Cromier

VP Sales


+33 1 4281 2244

[email protected]

how to hack the increasingly connected car

Automotive

connected car active

automotive industry

cybersecurity isstill

cybersecurity aspect

tao zhangchief scientist

value of present day

value proposition

value of electronics