Fob replication, software patching and the future of connected car security (Reader Forum)
Connectivity is a key aspect of daily lives for many of us and this is increasingly true of our vehicles as well. This is emphasized by Counterpoint Research’s Internet of Things Tracker, which forecasts that more than 125 million passenger cars with embedded connectivity will ship worldwide between 2018 and 2022.
OEMs, suppliers and consumers alike recognize the many benefits of connected vehicles, which include road safety improvements, eCall capabilities, economical savings, superior infotainment systems. However, it’s important for all parties to remember that safety cannot be sacrificed in favor of convenience as hackers could quite literally be driving us down the wrong path if the appropriate security measures are not put in place.
While we are yet to experience connected car security threats on a grand scale in the transportation industry, the increased connectivity and complexity in modern vehicles is resulting in new risks and threats to personal safety, security and privacy. Relay attacks are a threat, where an attacker amplifies the existing, encrypted signal – the signal is protected, but that doesn’t matter because the relay just amplifies it, so it works over a greater distance.
We’ve also seen car thefts using replay attacks reported widely recently, including a video of thieves stealing a Tesla Model S by hacking the key fob with a tablet, which emerged online in October 2018. In addition, Tracker, a car security firm, reported last year that 66 per cent of thefts it investigated involved “high-tech” gadgets.
Examples and statistics like this show the potential hacking and theft risk to the latest models of some of the biggest connected car manufacturers. In addition to the attacks already outlined, by cloning wireless key fobs and circumventing the fob’s cryptographic key, some cars can be stolen in a matter of seconds.
So, the question is: what does an OEM do if this connected car security threat becomes a reality and millions of cars are left vulnerable to hacking?
Issuing new fobs with higher strength security is not really a viable ongoing option as it’s very expensive to replace the fob whenever a flaw is found, and we have seen this over time. What’s more, you can’t guarantee that each one of your potentially affected customers is going to buy a new fob.
Securing the environment
The simple fact is that there are always vulnerabilities present in connected systems and connected vehicles are no different. Hackers continuously evolve their attack strategies and have exploited vulnerabilities to access vehicle electronic control units (ECUs), controller area network (CAN) bus systems, intelligent transportation systems (ITS) or even automotive apps through the cloud.
The key fob hacking issue is a little different as the fob replication attacks are intercepting signals from hardware. However, the principals of security are the same. As with any vulnerability, the clear starting point for OEMs therefore, is to conduct a threat assessment – this will help establish where they are in the ecosystem in terms of security, what the weaknesses and risks are and the action that needs taking. This will be an educational process as these factors will likely vary from product to product.
In terms of addressing an identified vulnerability, rolling out new more secure key fobs is not really an option for OEMs due to the cost and the evolving nature of threats – it’s not feasible to release a new piece of hardware every time a new attacked materializes. Likewise, with connected cars, it’s not sufficient to protect hardware and systems from the outside-in (perimeter security).
Instead OEMs must adopt a defence in-depth approach to cybersecurity. This approach involves many layers of security being implemented throughout the network, with software patching taking place over-the-air and delivered through infotainment systems in connected cars. This has the potential to circumvent the hardware fix conundrum.
Security of the future
Since early 2016, the automotive industry has shown great interest in properly understanding not only the attack vectors against individual components but also understanding the full attack surface of the vehicle. The technology is developing quickly however, which means the attack vectors are continually changing.
For example, the ability to use a mobile device and companion application to eliminate the needs for physical keys to a car is already a reality, and functionality is only accelerating from there, such as enabling policy-based driving scenarios. In addition, as vehicles become increasingly connected and autonomous, OEM business models have the potential to shift and the continuing evolution means that we could see a move from personally-owned vehicles to a fleet model.
In this reality, OEMs must have the ability to securely manage and control services offered in the vehicle, as these new business models can only be enabled if they are built on security as a foundation. As the mobile attack surface increases in tandem with this, we’ll likely see thieves migrate from fob signal amplification to attacks on improperly secured mobile keys, which can also be used to track a vehicle. Weaknesses in mobile car apps will expose the automotive sector to tailored attacks which will be designed to locate, gain access to and steal specific brands or fleets of vehicles.
We have seen targeted attacks on mobile banking apps in the past and as connected vehicles become another digital asset accessible via mobile devices, it will become a viable target like any other. This means that security will also need to shift from the fob to the mobile device, providing higher-end hardware security in access tools such as fobs, but also backed up by software patching delivered by the owner’s device.