“Please don’t do this. Please!” Seven ways to hack a fleet of connected vehicles
A recent report from Consumer Watchdog in the US about connected cars as “killing machines” – on the grounds their systems can be hacked, leading to terrorist-style attacks on critical infrastructure – sounds alarmist. But take it from the car makers themselves, as quoted in the report: connected cars are vulnerable, and wide open to attack.
Indeed, the choice quotes in its review of several automakers’ recent annual reports and statements to the Securities Exchange Commission (SEC) suggest the threat is real, and waiting to happen. The report says elsewhere only ”time and money” have stopped hackers launching fleet-wide attacks already.
“Despite extensive security measures, the risks in this area are classified as high,” admits BMW, in its annual report from last year. Daimler-Chrysler says the same, in its own 2018 report: “The possible impact of information technology risks has increased compared with the previous year from medium to high.”
Tesla refuses to offer any “assurance” in a 2019 SEC statement. “There can be no assurance that vulnerabilities will not be exploited in the future before they can be identified, or that our remediation efforts are or will be successful,” it says.
Ford and General Motors say they have been the target of cyber-attacks before, and will be again. Ford adds that it cannot account for negligence or misconduct among staff and contractors with access to its systems.“The techniques change and may become more sophisticated, which may cause cyber incidents to be difficult to detect,” it says in a 2018 SEC statement.
Perhaps, there have not been any major coordinated attacks yet on fleets of vehicles (just on individual vehicles) because hackers are biding their time, so the market floods with vulnerable vehicles before remedies and regulation is in place. It is speculation, only, but the number of connected cars in the US alone is spiralling upwards at 17 million vehicles a year.
Four of the 10 best-selling sedans in the US are only available with internet capabilities, says Consumer Watchdog. Top car makers will connect all of their new models by 2020. By 2022, more than half of the cars on the road in the US will be hackable, via the cellular-connected head unit (containing the infotainment system), if proper protections are not introduced.
The idea, simply, that you can start the climate control in the cabin from your smartphone before you get into your car is hugely appealing, and a sales driver for car makers; the idea the same functionality opens the door for hackers to seize control of the vehicle is less so, and swept under the carpet.
Consumer Watchdog is seeking to show what lurks below, and put pressure on car makers, telecoms companies, and regulators to act. And it warns the risk is not that one car will be cyber-jacked, but that masses of them will be attacked at once, and directed towards disaster. “I think one of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack,” noted Tesla chief executive Elon Musk at a National Governor’s Association meeting in 2017, quoted in the report,
“Suddenly, with just a little more effort, an attack that can affect one car can affect entire fleets. This creates a very effective target for terrorists, hostile nation states, or anyone else wishing to inflict a lot of damage,” says Consumer Watchdog.
The report presents seven scenarios for a fleet-wide attack. It references a 2015 paper, “A Survey of Remote Automotive Attack Surfaces,” by so-called ‘white-hat’ ethical hackers Chris Valasek and Charlie Miller, which detailed their remote shut-down of a Jeep Cherokee’s engine and brakes, while on the highway, exploiting a vulnerability in the radio to access safety-critical systems through the CAN bus.
Below is the Consumer Watchdog description of the seven attack scenarios, lifted directly from the report itself. The report can be found here.
1 | DIRECT ATTACK
Valasek and Miller launched their attack by connecting directly to the infotainment system over the cellular network from a laptop. In addition to targeting their own Jeep Cherokee for demonstration purposes, they scanned the network for other vulnerable cars. During one scan, in a short period of time, they found 2,695 vehicles with a similar vulnerability to the one they exploited in the Jeep.
Since they had already automated their attack (by programming the steps into their computer), hacking all of those vehicles directly from the same laptop would have been a trivial exercise.
2 | VEHICLE WORM
Valasek and Miller hypothesize that malware could be designed to pass from vehicle to vehicle. Instead of directly attacking each vehicle, such an attack would only involve infecting a small number of vehicles, and allowing the malware to spread, much as a virus spreads from human to human. Such an attack could propagate over any number of wireless media, including cellular, Wi-Fi, or using vehicle-to-vehicle (V2V) technology, which is currently under development.
[Valasek and Miller state:] “Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles. This is really interesting and scary. Please don’t do this. Please.”
3 | SERVER ATTACK
Connected vehicles exchange data with the manufacturer’s computers, including software updates, which are an effective way to get malware into vehicles. This means the safety of the fleet is only as good as the security of the manufacturer’s corporate servers. If the same attacks successfully carried out regularly against retailers, banks, and websites are used on automobile manufacturers, it could put the manufacturer’s entire fleet in jeopardy.
4 | HOTSPOT ATTACK
Many connected cars are equipped with Wi-Fi, and automatically connect to nearby hotspots with familiar names. For example, if you’ve ever previously connected to a hotspot with the name ‘Free Wi-Fi,’ then your car will likely connect to any hotspot with the same name automatically. By setting up a malicious hotspot with a common name, a hacker may be able to get cars within range to connect to it automatically, at which point the hotspot can upload malware to the car.
Such an attack could be made viral by turning the wifi in infected cars into additional malicious hotspots. As cars pass each other on the highway, malware can be transferred from car to car, much as a biological virus is transmitted from human-to-human.
5 | PRODUCTION ATTACK
Most cars are built from parts from manufacturers around the world, including some countries that may be hostile to the US. This provides ample opportunity for malicious software to enter the production process. Such malware could sit dormant until an external stimulus, such as a signal arriving over the car’s Internet connection, causes it to unleash its deadly effects.
6 | APP ATTACK
Any digital ‘app’ you run on your car is a potential vector for malware. Security holes in the app—whether accidental or malicious—could give attackers remote access to any vehicles with the app installed. This will become increasingly common as third-party apps in cars become commonplace. We expect this to be the natural evolution of car infotainment systems as mobile operating systems like Android are more widely deployed in cars.
7 | SMARTPHONE ATTACK
It has become commonplace to connect your smartphone to your car, usually by Bluetooth. This connection allows hands-free calling while you’re driving, playing audio from your phone on the car’s speaker system, and other conveniences. It is also a potential vector for malware. A widespread phone virus or other phone-borne malware might not affect the phone’s behavior at all, but could wait silently for your phone to pair with a car, then transfer malware to the car.