By: Samantha Isabelle Beaumont, Senior Software Security Consultant at Synopsys Software Integrity Group
The automotive industry has increased the technological repertoire of vehicles in recent years, the intention is to remain compliant with legislation and industry standards, where consumers are drawn to the most convenience based modern vehicle features such as Bluetooth, near-field communication (NFC), and Wi-Fi. It’s important to understand that radio frequency (RF) technologies such as these do not come without risk.
Historically, vehicles weren’t built with cybersecurity considerations in mind; rather, only functional and passenger safety aspects. With the rise of automotive standards such as SAE J3061, and vehicle vulnerabilities being announced against a variety of automotive industry leaders, it’s becoming clear that there is a cybersecurity trend that needs to be addressed regarding transportation and vehicular safety.
The term ‘automotive wireless’ is often understood to mean the technology supporting Wi-Fi hotspots in vehicles. While this is a possible attack vector, there is an array of RF technologies that could offer the potential for vulnerabilities in vehicles. Tire pressure monitoring systems (TPMS) are one such example. These electronic systems are designed to report tire pressure information in real-time to the vehicle’s driver. In many countries, legislation is in place stipulating that newly manufactured or imported cars be fitted with TPMS systems — most of which use direct sensors that are part of the valve stem or banded to the wheel. Sensors transmit their own ID along with the tire pressure to the vehicles electronic control unit (ECU). Attackers have reported vulnerabilities in TPMS, allowing vehicles to be remotely hacked, tracked, and altered.
One example of RF technology is that of vehicle entry systems. Classic key fobs use RF signals to unlock and lock vehicles remotely, without any need for a physical key. A well-known attack strategy involving key fobs is the “Rolljam” replay attack. This takes place when an attacker is able to steal the unlock signal from a genuine request, jamming two legitimate unlock commands. Here, the second unlock request replays the first. If a system is unprotected, the attacker can re-use the legitimate unlock request to unlock the car once the driver is no longer in sight.
To mitigate such attacks, manufacturers can employ rolling codes which are signal techniques that modify the information sent to the vehicle upon each request. This ensures each request is unique; thus, only valid for the specific car only one time.
Consumers are suggested to lock, unlock, and lock the car when exiting the vehicle. This good habit naturally invalidates the attack path an attacker would require for such an exploit.
There are an additional passive key entry (PKE) smart keys which allow drivers to unlock and start their vehicle without requiring them to physically touch the car with the key. Whilst convenient, there are multiple security concerns regarding this technology. Relay attacks, for instance, can be carried out with inexpensive tools that can extend the key’s range. This allows an attacker the ability to open the vehicle’s door and start the engine from a much larger distance than the intended design.
In terms of a mitigation strategy, designers can decrease the expected allowed response time for valid signals and increase the sensitivity of in-vehicle receivers responsible for handling incoming door signals. While jamming is in no way a simple concept, return acknowledgements can and should be used to ensure the original signal sent to unlock has been received successfully before a new one can be processed.
Consumers, on the other hand, can store sensitive keys within a reasonably priced RF blocking containment unit to further reduce attack potential.
Original equipment manufacturers have developed proprietary mobile apps that are able to perform many classic key fob features. They provide an added benefit to consumers by being able to control the vehicle’s ECU from anywhere. These applications provide the unique potential for attackers as well. The potential for extended remote vulnerabilities is increased since the application offers direct commands like powering the vehicle’s engine on and off.
Regarding mitigation, developers should deploy a system disallowing the installation of their secure applications on rooted or jailbroken phones. These devices are oftentimes used by attackers to bypass security mechanisms that are natively in place within mobile applications.
Additional methods to protect applications against unauthorized access include certificate pinning, application binary signing, and code obfuscation. Supplementary solutions include implementing physical presence checks and refraining from deploying custom encryption implementations without first verifying cryptography through an established and extensive review process.
Summing it up
Whilst there are numerous actions that individual vehicle owners can take to ensure their vehicles remain as secure as possible under their control, the real security responsibility lies primarily with manufactures. The elements we’ve discussed here today are simply a starting point and many firms within the industry are already undertaking such activities.
The road ahead holds an evolving attack surface and threat landscape. Despite security concerns and process constraints, the automotive industry has the tools to remain robust; it is just a matter of implementation.