The headlines are certainly alarming:
- Hackers Remotely Kill a Jeep on the Highway—with Me in It (Wired)
- The FBI Warns that Car Hacking is a Real Risk (Wired)
- GM CEO: Car Hacking Will Become a Public Safety Issue (MIT Technology Review)
On the other end of the spectrum is Scientific American’s viewpoint: Why Car Hacking is Nearly Impossible1. Now, it may not be quick or easy for hackers to crash your car. But the fact that it is possible to remotely hack into a vehicle makes it all the more imperative for automakers to not only think about security early but to design security throughout all of the components in their vehicles.
“Cars were always insecure, but it didn’t matter because they weren’t connected to the Internet or the outside world,” said Dr. Charlie Miller, senior security engineer at the Uber Advanced Technologies Center, during an Oct. 27 keynote at ARM TechCon. Connectivity and related features, however, are making cars much more vulnerable. “The worst type of attacks are the ones when you can send CAN messages—that’s when you have a lot of control (as a hacker),” Miller noted.
Miller, introduced at the conference as one of the most technically proficient hackers on earth, is on the good side of security. His aim is to prevent disaster at the hands of people on the other side of the law.
Car hacking came to light around 2010, when researchers at the University of Washington and UC San Diego released a study, “Experimental Security Analysis of a Modern Automobile.” The researchers, who were able to send messages to a car to control its brakes, windshield wipers, and the like, turned the spotlight on the growing volume of computers in cars. However, it wasn’t until the researchers demonstrated a year later that they could remotely control a car that people began to really pay attention. In their 2011 study, the researchers exploited vulnerabilities in the Bluetooth connection, in a malicious MP3 file on a CD, and in the OnStar communications/security/navigation system.
Because the researchers were concerned about hackers replicating their work, they didn’t share many details. Curiosity piqued, Miller and his buddy, Chris Valasek, security lead at the Uber Advanced Technology Center, set out to find out whether other cars could be similarly exploited. They plugged into two other vehicles and were able to take control of their brakes, locks, and windshield wipers. “Now we knew we could do this with at least three cars,” Miller told the audience at the Santa Clara Convention Center. “The consensus was, this is not a one-car problem. This is an industry-wide problem.”
There were still skeptics who didn’t accept that a vehicle could be hacked remotely. So in 2015, the duo demonstrated that it’s possible on a Jeep. A week later, Fiat Chrysler recalled 1.4 million vehicles.
Given their goals of security enhancement and enforcement, Miller and Valasek are happy to share details of their Jeep hack. They found the head unit to be the most important component because it processes most of the outside data. Digging deeper into the head unit, the duo identified a vulnerability in the way that outside data was being processed. The alarming part was, they thought it would take a few months to write an exploit against the system; it took only about five minutes after a few weeks of exploration. “Getting code running remotely on this head unit was really easy,” Miller said.
With the exploit in place, a hacker could do things like control the radio remotely or query the head unit to tap into the GPS system so he/she could follow the path of the car. Inside the head unit was a cellular modem on the Sprint network, which allows one Sprint device to talk to another one. Using a Sprint phone, the duo was able to find other cars on the same network. One of the chips inside the head unit could be reprogrammed—changing the firmware didn’t require any checks or authorizations. Once Miller and Valasek exploited this vulnerability, they were able to remotely control any component of the vehicle.
In 1988, the BMW 8 Series was the first production vehicle to use a multiplex wiring system based on the CAN bus standard. Historically, it wasn’t necessary to focus on anti-hacking functions in cars. However, the introduction of the CAN bus and connectivity has opened up numerous points of vulnerability.
Today’s cars now must address issues typically found in internet of things (IoT) designs:
- The system was originally designed for internal communications only
- All inputs are inherently trusted
- The code was mostly written a long time ago
- The system is now opened up to the internet
The good news is, as Miller noted, “Car hacking is really hard. Just on the Jeep, we spent two years doing it.”
Disconnecting the head unit from the CAN bus isn’t really an option for car makers who are trying to integrate more features to enhance safety and the in-vehicle experience. “We’re trying to get ahead of the curve and communicate to car manufacturers to think about security early and design it in,” said Miller. “We want them to work on security and provide more transparency on how they design their cars to be secure.”
In a recent Electronic Design study, 51% of engineers surveyed rated security in products as “very important” and 54% rated security as “more important” in future products. From the massive Oct. 21 cyberattack that brought down the likes of Netflix, Spotify, and Twitter to the growing public concern over vehicle security (especially with autonomous cars), you really can’t afford not to build security into your vehicle designs early on.