Cyber threats against cars are here to stay, experts say: Page 2 of 3

October 02, 2015 //By Christoph Hammerschmidt
Cyber threats against cars are here to stay, experts say
The rise of the connected car definitively catapults our traditional set of wheels into the world of information technology. This arrival confronts carmakers with an unfamiliar challenge: The possibility of getting hacked. At a meeting in Dresden (Germany), experts analysed the threat and potential approaches to harden the vehicles against malicious attacks.
The presenters contributed a wide range of potential gateways and opportunities for hackers. Starting with WiFi and Bluetooth connections of today’s vehicles or compromised infotainment systems, they made clear that hackers would certainly be able to find many open doors to enter a vehicle’s electronic systems. A preferred primary target is the head unit of the vehicles from where hackers can work through to ADAS and safety-critical systems. Besides wireless interfaces, lidar sensors are prone to attacks: Trials have shown that it is relatively easy to generate “fake cars” in the lidar echoes, misleading the automatic steering systems. Since lidar systems are regarded as widely indispensible for automated driving scenarios, this property could emerge as a serious roadblock to automated driving. According to Parris, even intrusion attempts through the DAB radio receiver have been documented.

It is not only the wireless interfaces that can be used to enter a car and inject malicious software and unwanted functions. Stefan Nürnberger from the Center for Security, Privacy and Accountability (CISPA) in Saarbrücken (Germany) which performs penetration tests on cars, contributed an interesting hacker entry point: During tests on an existing luxury car, they found that the folding mirrors were directly connected to the vehicle’s CAN bus. For a malicious person it would have been easy to break off a mirror to gain access to the CAN bus.

Likewise, the OBD and OBD-II diagnostics interface is a major entry point for attacks due to its completely open and unprotected nature. While some might argue that it is necessary to have physical access to the vehicle to connect to the OBD interface, this is not really a strong protection: Malicious software can be contained in OBD dongles available on the market for connectivity and insurance applications. The list of vulnerabilities could be continued. The point is that with a car becoming a computer – or rather, a system of interconnected computers – they face much the same problem as the PC, with all its concomitants.

So the question is: How can the problem be solved, what does the automotive industry need to do to keep the hackers at bay? “The good news is: other industries have been to this point before” said Dominik Wee, partner at consultancy McKinsey. Another good news is that, according to Wee, 83 percent of the OEMs are aware of the threat. The less good news is that the majority has no clue yet what to do; only 41 percent of the respondents have cybersecurity teams up and running. Wee suggested that the auto industry should adopt the security approach from the IT industry, with a tiered approach. Paul Wooderson, Senior functional safety and cyber security engineer at engineering consultancy Horiba Mira, sketched the measures from the engineering perspective. He advised establishing a development process that takes into account the cyber threats. “You should treat the car as a part of the Internet of Things”, he said. Specific restraints and requirements of the automotive design, such as the long design cycle and the complex supply chain, must be taken into account like technical factors such as limited microcontroller resources, real-time capability and scalability. Basically, his suggestions amounted to adding the security as additional aspect into the known V model.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.