Today, a car is not a simple self-powered motor vehicle, but a high-end technology powered sophisticated machine which is connected to wireless networks, apps and electronic systems. No wonder cars are prone to hacking. We’ve seen a sudden surge of malicious hackers getting under the hoods of expensive cars, putting the automotive industry on guard.
A very popular CCTV footage of a BMW being stolen by hackers gives us a sneak peek into the state of affairs. The video clip depicts how the sophisticated car thieves cracked the On-board Diagnostics (OBD) port of the vehicle to drive away with the car in less than three minutes.
OBD is not the only door the hackers use to enter the vehicle. Today’s connected automobiles open many such doors for hackers. It is time the automotive industry took a hard look at its information security.
Before we look at some of the vulnerabilities, here are a few terminologies you should be familiar with:
ECU: Electronic Control Unit is an on-board computer in the car which makes decision by getting inputs from sensors all around the engine or body.
CAN bus: Controller Area Network is a vehicle bus standard designed to allow micro-controllers and devices to communicate with each other within a vehicle without a host computer
OBD: On-board Diagnostics is a protocol to find faults in an engine. When something fails to report to the ECU, a fault code is generated and sent to ECU, which can be read by a technician using special scan tools to find exact cause of breakdown. No car can roll out of factory without having this protocol implemented.
ESP: Electronic Stability Program is a safety feature that can steer you automatically away from obstacles in split second using a combination of sensors or cameras
ABS: Anti-lock Braking System is a safety feature that ensures all tyres are not jammed during panic braking, thereby avoiding skidding /over-steer / under-steer.
What was happening till now?
The reality is that software and applications used in the automotive industry is just as vulnerable as any other application, if not more. For example, automotive domain experts with a desire to hack can connect to the OBD port (physical) and get away with your flashy new BMW. The approximate cost to exploit hardware is 150-1000 $. Even, remote locks can be impersonated or copied using software designed radio spectrum analyzers. To exploit this vulnerability, a hacker spends less than 100$ for the hardware.
In another case, few black-hats were able to breach into a car's CAN-bus network using an FM transmitter that all car audio systems are equipped with. The reverse engineering audio system’s firmware will allow them to find the flaws in the existing system and help them land in the CAN bus network. To exploit this flaw, they utilized a Nokia N900 paired with SDR –transceiver. This lethal device equipped with its own FM transmitter in its mother-board can also run wireshark or custom packet forger (HexInject), nmap and many more.
What’s changed now?
Recently automobile manufacturers’ unveiled cars that are equipped with an IP address. This empowers you to update your car just like your android. In 2014, the popular American auto brand Tesla offered jobs to 3 hackers who managed to reveal several weaknesses connecting to the OBD-port of the car, which is hidden under the dashboard.
The good news is that the similar automakers are appreciating technology geeks through similar initiatives and are in a constant effort to better equip the cars.
The bigger problem
Consumer Electronic Show-2015 witnessed all tech giants un-wrapping their evil genius products; most prominently graphics giant NVIDIA’s Nvidia Drive CX and PX captured the interest of many technology enthusiasts..
The state-of-the art automotive computing board has the world's most powerful graphic chips onboard - Tegra-X1 (256-maxwell core brings over one teraflop of graphical processing power). The device that can be updated online, will be powering digital speedometers and other consoles onboard, which means heavy integration with ECU & OBD.
What can go wrong by putting your ECU online?
Privacy issues – Your boss can geo-locate you in real time, which can prevent you to come up with silly reasons for being late. Even a tele-caller at a remote location can get real-time telemetry from your car for serving you better, which some people may not like.
Remember that cute little Google self-driving car?
1. It can make your car a zombie.
2. The data on the devices connected to your car can be at risk.
Imagine a car travelling at 100 kmph, a hacker following within a decent range can infiltrate into your can-bus network by using an FM transmitter and inject a custom forged packet telling the ECU to deploy the AIRBAG , turn the car abruptly (if ESP installed ). Sudden geometry change will result in roll-over, collision with other vehicle or jumping over a cliff.
If Nvidia drive CX / PX are installed, chances are someone sitting at a remote location can track down your IP and:
• Inject a custom packet to induce false-positive trouble code, which can result in an engine shut-off
• Script kiddies without knowing the consequences just to disrupt peace
• Hijack the car, etc.
Similar tricks can be applied in the aviation industry too. A hacker can even take control of a flight. FYI : MH370, Boeing-777 which vanished on march-8,2014 is a state-of-the art fly-by-wire ( too many sensors , too many actuators). The aircraft runs on Rolls-Royce Trent series of engines.
Rolls-Royce has a network operation center (NOC) in UK specifically to monitor the health of these engines. There are reports that indicate a NOC engineer was able to stop a Boeing 777 in mid runway due to a low oil pressure in one of the engines. Similarly, Airbus A380 / Boeing 777/787 Dreamliner are aircrafts having IP's and multicast networks in mid-air.
Let’s be aware of the world around us, the pace of transformation and be prepared. Information security is no longer just for your computers, laptops and mobiles. Your car needs it too.
About the author
Prabakaran Chandran an Information security professional working with Paladion Networks, with research interests on Network defense, IOT, and hand-held linux platforms.