The Threat of Hacker Attacks

By Bill Moore

Posted: 18 May 2010

Our plug-in hybrid, dubbed 'LIVN GRN,' has been hacked. But in our case, it's a good thing. Kim Adelman and his colleagues used their know-how to let our 2009 Prius run up to speeds of 70 mph (112km/h) in EV-mode, as well as operate in three blended hybrid modes by intercepting data packets flowing through the car's elaborate computer network and sending new instructions when needed. This lets what was once a standard 50 mpg motor hybrid achieve fuel economies well in excess of 100 mpg for the first 20-40 miles.

But what happens if someone finds a way to maliciously manipulate those data packets, not for good, but for ill? It can happen, as researchers at the University of Washington in Seattle and University of California at San Diego have discovered. Their peer-reviewed paper, Experimental Security Analysis of a Modern Automobile, explains what can happen if hackers, up to no good, can get into your car's onboard computer network.

And since virtually all modern automobiles now rely extensively on computer controls for a host of their functions, from anti-lock braking to improved engine efficiency, the consequences could be catastrophic. States the UW/SCSD paper..

Today’s automobile is no mere mechanical device, but contains a myriad of computers. These computers coordinate and monitor sensors, components, the driver, and the passengers. Indeed, one recent estimate suggests that the typical luxury sedan now contains over 100 MB of binary code spread across 50-70 independent computers -- Electronic Control Units (ECUs) in automotive vernacular -- in turn communicating over one or more shared internal network buses.
And as they state, worryingly, "it is not clear whether vehicle manufacturers have anticipated in their designs the possibility of an adversary."

Until I read their paper this morning, I had assumed, incorrectly, that most cars were invulnerable to such remote attacks. Maybe a hacker could find a way to get into a GM car equipped with OnStar, but non-Net-connected cars, even one as sophisticated as mine, were probably safe as long as my car didn't have telematics incorporated into it like OnStar or Ford's SYNC system, among others. I was wrong. There are any number of ways hackers might gain access, it turns out.

The researchers found two key "vectors" through which access can be achieved: physical access, essentially through the cars OBD-II port. This is under-dash port into which I plug my laptop on my Prius to access information about PICC's plug-in hybrid kit. It's also where, on my Chevy S10, I plug in my MPG monitor, which I use to improve my driving technique and, thereby, fuel economy. Anyone who can gain access to the car's interior can get to this port, even for the briefest period of time.

The attacker may leave the malicious component permanently attached to the car’s internal network or, as we show in this paper, they may use a brief period of connectivity to embed the malware within the car’s existing components and then disconnect. A similar entry point is presented by counterfeit or malicious components entering the vehicle parts supply chain — either before the vehicle is sent to the dealer, or with a car owner’s purchase of an aftermarket third-party component.

The other vector is via the numerous wireless interfaces implemented in the modern automobile. In our car we identified no fewer than five kinds of digital radio interfaces accepting outside input, some over only a short range and others over indefinite distance.

Is your car equipped with Bluetooth, so you can take and make cellular phone calls hands-free? You're vulnerable. Have wireless tire pressure censors or keyless door locks like those on my Prius? We're vulnerable. And what the researchers learned is that a hacker doesn't have to thoroughly understand the car's operating protocol to seriously mess things up for you. Under the subsection, "Attack Methodology," they discovered...

...much to our surprise, significant attacks do not require a complete understanding or reverse-engineering of even a single component of the car. In fact, because the range of valid CAN packets is rather small, significant damage can be done by simple fuzzing of packets (i.e., iterative testing of random or partially random packets). In- deed, for attackers seeking indiscriminate disruption, fuzzing is an effective attack by itself.

Here is just some of what the researchers were able to do remotely using a program they wrote called CarShark.

Even more disconcerting and dangerous, the teams were able to also gain control of the car's drive system; and remember we talking about virtually any modern car, not just hybrids or electric cars.

Combining our control over various BCM components, we created a “Self-Destruct” demo in which a 60-second count-down is displayed on the Driver Information Center (the dash), accompanied by clicks at an increasing rate and horn honks in the last few seconds. In our demo, this sequence culminated with killing the engine and activating the door lock relay (preventing the occupant from using the electronic door unlock button).

They were also able to program the car's lights to turn off when the vehicle drove faster than 40 mph. Image driving at night on a darkened highway and having your lights suddenly go off and you've not way to respond, especially if they've also locked you out of the ability to control the throttle or shut off the engine. Recall that GM proudly talks about OnStar's ability to slow and stop a stolen vehicle already. What if a malicious hackers takes this to the extreme for antisocial purposes.. or for money?

Ironically, the same day I read the research paper, GM's PR firm sent me an email about OnStar's latest app for the Volt : the ability to send Google map directions from a cellular phone wirelessly to the extended-range electric vehicle's onboard navigation system. We can only hope that their programmers are now aware of the security problem and are reviewing any potential holes through which a hacker might gain access.

In conclusion, the authors of the report expressed their surprise at the ease with which they could gain access to their two test vehicles' networks, then manipulate and disrupt their functionality, noting "we found existing automotive systems—at least those we tested—to be tremendously fragile." This is likely to result in carmakers attempting to "lock down" their systems to prevent access, which not only would make it more difficult for malicious hackers to disrupt the vehicle's systems, but also people like Plug In Conversions Corporation, who use Toyota's relatively open system to improve the performance of Priuses like ours. Additionally, adding redundant code to recheck packets for its validity could pose safety risks, such as during braking, when milliseconds are critical and extra code verification could spell the difference between life and death.

Finally, the researchers caution, "there are deep-rooted tussles surrounding the security of cyber- physical vehicles, and it is not yet clear what the 'right' solution for security is or even if a single 'right' solution exists. More likely, there is a spectrum of solutions that each trade off critical values (like security vs. support for independent auto shops)..."

"This work serves as a critical piece in the puzzle, providing the first experimentally guided study into the real security risks with a modern automobile."

Journal Entry Viewed 1665 Times


blog comments powered by Disqus