Automotive Hacked

[Reuquen Boyett]

Modernautomobiles contain hundreds of on-board computers processing everything from vehicle controls to the infotainment system. These computers, called Electronic control units (ECU), communicate with each other through multiple networks and communication protocols including the Controller Area Network (CAN) for vehicle component communication such as connections between engine and brake control; Local Interconnect Network (LIN) for cheaper vehicle component communication such as between door locks and interior lights; Media Oriented Systems Transport (MOST) for infotainment systems such as modern touchscreen and telematics connections; and FlexRay for high-speed vehicle component communications such as active suspension and active cruise control data synchronization.[1]

The integration of these various communications and software systems leaves automobiles vulnerable to attack. Security researchers have begun demonstrating the multitude of potential attack vectors in modern vehicles, and some real-world exploits have resulted in manufacturers issuing vehicle recalls and software updates to mobile applications.

Manufacturers, such as John Deere, have used computer systems and Digital Rights Management to prevent repairs by the vehicle owners, or by third parties, or the use of aftermarket parts.[3] Such limitations have prompted efforts to circumvent these systems, and increased interest in measures such as Motor Vehicle Owners' Right to Repair Act.

In 2010, security researchers demonstrated how they could create physical effects and undermine system controls by hacking the ECU. The researchers needed physical access to the ECU and were able to gain full control over any safety or automotive system including disabling the brakes and stopping the engine.[4]

UConnect is Fiat Chrysler's Internet-connected feature which enables owners the ability to control the vehicle's infotainment/navigation system, sync media, and make phone calls. It even integrates with the optional on-board WiFi.[6]

However, vulnerabilities in Fiat Chrysler's UConnect system, available on over 1.4 million cars, allows hackers to scan for cars with the system, connect and embed malicious code, and ultimately, commandeer vital vehicle controls like steering and brakes.[7]

In 2015 at the DEF CON hacking conference Marc Rogers and Kevin Mahaffey demonstrated [8][9] how a chain of exploits could be used to take complete control of the Model S. Marc Rogers and Kevin Mahaffey identified several remote and local vulnerabilities that could be used as entry points. They demonstrated that after exploitation the vehicle could be remotely controlled with an iPhone.[10] Finally, they also demonstrated that it was possible to install a backdoor that allowed persistent access and control of the vehicle in a similar fashion to exploit techniques more usually associated with traditional computer systems. Marc Rogers and Kevin Mahaffey worked with Tesla, Inc. to resolve the issues before disclosure. It was announced before the presentation that the entire global fleet of Model S cars had been patched overnight, the first proactive mass Over The Air (OTA) security update of vulnerable vehicles.[11][12]

The OnStar RemoteLink app allows users the ability to utilize OnStar capabilities from their Android or iOS smartphones. The RemoteLink app can locate, lock and unlock, and even start your vehicle.[13]

Kia back windows can be broken without setting off an alarm, and Hyundai are similar.[16]Since 2021,[17][18][19] on social media,[20][21][22] videos show stealing of post-2010 Kia vehicles and post-2014 Hyundai vehicles, without engine immobilizers, with a USB 1.1 A plug cable, or pliers.[23][24][25][26][27][28][29][30] Kia started installing immobilizers in 2022.[19][31]

Using a fake device sold on the dark web, thieves were able to steal vehicles by forcing the headlamps open and accessing the CAN bus, and then once on the bus, to simulate the signals to start the vehicle. The exploit requires enough time and privacy for thieves to remove vehicle hardware, sometimes bumpers, in order to open the headlights.[32] Possibly the only way to prevent this kind of event by determined and knowledgeable thieves would be for car designers to encrypt traffic on the CAN bus.

Although we endeavor to make our web sites work with a wide variety of browsers, we can only support browsers that provide sufficiently modern support for web standards. Thus, this site requires the use of reasonably up-to-date versions of Google Chrome, FireFox, Internet Explorer (IE 9 or greater), or Safari (5 or greater). If you are experiencing trouble with the web site, please try one of these alternative browsers. If you need further assistance, you may write to he...@aps.org.

The integration of automotive technology with internet connectivity promises to both dramatically improve transportation while simultaneously introducing the potential for new unknown risks. Internet-connected vehicles are like digital data because they can be targeted for malicious hacking. Unlike digital data, however, internet-connected vehicles are cyberphysical systems that physically interact with each other and their environment. As such, the extension of cybersecurity concerns into the cyberphysical domain introduces new possibilities for self-organized phenomena in traffic flow. Here we study a scenario envisioned by cybersecurity experts leading to a large number of internet-connected vehicles being suddenly and simultaneously disabled. We investigate posthack traffic using agent-based simulations and discover the critical relevance of percolation for probabilistically predicting the outcomes on a multilane road in the immediate aftermath of a vehicle-targeted cyberattack. We develop an analytic percolation-based model to rapidly assess road conditions given the density of disabled vehicles and apply it to study the street network of Manhattan (New York City, New York, USA) revealing the city's vulnerability to this particular cyberphysical attack. While a comprehensive investigation of city-scale traffic around hacked vehicles is an extremely complicated problem, we find that the statistical physics of percolation can provide an estimate of the number of vehicles that critically disrupts citywide traffic flow. Our upper-bound estimate represents a quantification of citywide traffic disruptions when multiple vehicles are hacked.

Potential cyberphysical disruption from hacking of internet-connected vehicles. (a) Historical annual data for total number of internet-connected vehicles (dark gray) along with anticipated projections (light gray) and total number of digital records compromised by hacking (blue). (b) Schematic of two internet-connected vehicles traveling unobstructed on a straight two-lane road. (c) Schematic of traffic flow when an internet-connected vehicle is disabled (red) and other vehicles must navigate around the obstacle. (d) Schematic illustrating how multiple simultaneously disabled vehicles disrupt traffic flow on a network of roads.

The last day of Arm TechCon opened with Charlie Miller talking about Experiences with and Views on the Future of Driverless Cars Technology. Charlie has appeared in Breakfast Bytes before in Automotive Security: A Hacker's Eye View. He, along with Chris Valasek, are probably most famous for taking control of a Jeep while a Wired journalist was in it. They turned the radio on full-volume, turned on the windscreen washers, and eventually kllled the engine. Later, they drove it (slowly) off the road into the ditch. You've probably seen the video from 2015 when it was first revealed, but if not, here it is again:

He started with his views on the "levels" of autonomous driving. At Level 2 (and 2+), the driver is responsible. Tesla will nag you if you don't put your hands on the wheel regularly. GM has a camera that looks at your eyes to make sure you are not sitting in the back seat. For Level 3, the car controls all the elements and the driver only has to take over after emergencies.

Level 4 is what Charlie said "I have been working on." He characterizes the status as "nearly there now". Level 4 only works in certain areas since it depends on detailed maps, perhaps only in good enough weather, and so on. For the most part there is a safety driver, but Waymo had just announced the day before that some rides in Arizona will no longer have them. Level 5 is:

Where we are now is that Waymo has driven 4 million miles with their fleet. That means they have seen many more strange events than you will ever see in your lifetime. Uber has driven 2 million miles. Charlie's employer Cruise has driven 4 million miles. He warned that it is not just the number, it is where the miles are, too. There is a big difference between a million miles in Montana and a million miles in New York City.

Currently, self-driving cars are really expensive. You can't buy one, but if you could it would be $100-200K. The big differences are the sensor suite, especially lidar, and the computers in the trunk. Elon Musk and Tesla are famous for saying that lidar is a dead end, but Charlie says "I think it is telling that all Level 4 cars use lidar right now." However, as I wrote recently in Sensor Fusion and ADAS in TSMC Automotive Processes, a big question is whether radar is getting better faster than lidar is getting cheaper.

Above is the basic hardware setup. When I first heard of CAN I thought it stood for Car Area Network, but actually the C stands for Controller. But CAN is the network that is used in pretty much all modern cars for communication between the electronic control units (ECUs). For the self-driving technology, Ethernet is used, so there has to be a bridge, that blue box in the bottom "Eth-CAN". CAN is used to control the brakes, steering, and acceleration, so that is the network that needs to be secured. One important part of the technology, at least for now, is a display showing what the car can see. This gives the passengers confidence that everything is working correctly.

3a8082e126