Connected automobiles are just like any Internet of Things device, in that they have an identifying address on a network and are susceptible to being targeted. Vehicles are built with several electronic control units (ECUs) that manage such systems as the infotainment setup. These systems require connection to a back end, typically, the automaker, which will “push” patches and data to the system remotely through cellular transceiver stations (BTS).
The same goes for cellular networks, where identifiers are on SIM chips. Exploitation of vulnerabilities is not limited to the mobile device, but also to the communication infrastructure.
See also: Insurance and the Internet of Things
In tests of IoT devices that Brier & Thorn has performed, information technology security is lagging. Many systems seem to implicitly trust anything that communicates with them; connected automobiles can fall victim to attacks via transmitted communications that have no authentication.
Many nodes for attack
Like a mobile phone, an electronic control unit that uses cellular to communicate with its back end is going to automatically associate with its closest base station or cell tower, and trust it. That’s where hackers could strike in a number of ways.
Of particular concern is the kill chain model of attack. This involves a pattern of transaction activities that, when linked, work together to compromise a system.
In it studies, Brier & Thorn looked at an electronic control unit connected to its back end over cellular using a built-in SIM chip. The attack vectors depended on: the ECU’s communication connection with SIM chips for connections to mobile service providers’ cellular base stations; Wi-Fi for connections with its head unit within the car; Bluetooth; and the physical attack surface.
An ECU within an automobile is connected to a controller area network (CAN), which is designed to allow microcontrollers and devices to communicate in an application without a host computer.
Crooks in driver’s seat
Unfortunately, having the ability to send or receive CAN signals in a car gives someone “root” privileges. They might gain the ability to control the car and make it do whatever they want. Such a hack also might give a system within the automobile the ability to send and receive commands with the car itself, opening another door to hackers.
Vulnerabilities to connected automobiles can be found in the infrastructure and in applications.
- Infrastructure vulnerabilities: Electronic control units trust cellular base stations they associate with through cellular networks; they use the network infrastructure to communicate with any outside system. If the ECU links to a rogue BTS, a hacker could perform a “man-in-the-middle” attack by intercepting messages between the ECU and the back-end system.
- Application vulnerabilities: Many ECUs will leverage SMS (Short Message Service) to send and receive commands to back-end servers, which depends on an encryption cipher employed on the network. This leaves them open to attack via cellular networks.
