Page 18

EETE NOV 2015

automotive safety fected and damaged the Iranian uranium centrifuges) it became aware to the criminal scene that such a sophisticated hack is possible”, he said. “The threat of real-world hacking is a ticking time-bomb”. Parris went so far to say that “there are only two types of cars: Those who have been hacked and those who will be hacked”, only slightly modifying a quote of FBI director Robert Mueller in 2012. “There is a perfect storm brewing”. The presenters contributed a wide range of potential gateways and opportunities for hackers. Starting with WiFi and Bluetooth connections of today’s vehicles or compromised infotainment systems, they made clear that hackers would certainly be able to find many open doors to enter a vehicle’s electronic systems. A preferred primary target is the head unit of the vehicles from where hackers can work through to ADAS and safetycritical systems. Besides wireless interfaces, lidar sensors are prone to attacks: Trials have shown that it is relatively easy to generate “fake cars” in the lidar echoes, misleading the automatic steering systems. Since lidar systems are regarded as widely indispensible for automated driving scenarios, this property could emerge as a serious roadblock to automated driving. According to Parris, even intrusion attempts through the DAB radio receiver have been documented. It is not only the wireless interfaces that can be used to enter a car and inject malicious software and unwanted functions. Stefan Nürnberger from the Center for Security, Privacy and Accountability (CISPA) in Saarbrücken (Germany) which performs penetration tests on cars, contributed an interesting hacker entry point: During tests on an existing luxury car, they found that the folding mirrors were directly connected to the vehicle’s CAN bus. For a malicious person it would have been easy to break off a mirror to gain access to the CAN bus. Likewise, the OBD and OBD-II diagnostics interface is a major entry point for attacks due to its completely open and unprotected nature. While some might argue that it is necessary to have physical access to the vehicle to connect to the OBD interface, this is not really a strong protection: Malicious software can be contained in OBD dongles available on the market for connectivity and insurance applications. The list of vulnerabilities could be continued. The point is that with a car becoming a computer – or rather, a system of interconnected computers – they face much the same problem as the PC, with all its concomitants. So the question is: How can the problem be solved, what does the automotive industry need to do to keep the hackers at bay? “The good news is: other industries have been to this point before” said Dominik Wee, partner at consultancy McKinsey. Another good news is that, according to Wee, 83 percent of the OEMs are aware of the threat. The less good news is that the majority has no clue yet what to do; only 41 percent of the respondents have cybersecurity teams up and running. Wee suggested that the auto industry should adopt the security approach from the IT industry, with a tiered approach. Paul Wooderson, Senior functional safety and cyber security engineer at engineering consultancy Horiba Mira, sketched the measures from the engineering perspective. He advised establishing a development process that takes into account the cyber threats. “You should treat the car as a part of the Internet of Things”, he said. Specific restraints and requirements of the automotive design, such as the long design cycle and the complex supply chain, must be taken into account like technical factors such as limited microcontroller resources, real-time capability and scalability. Basically, his suggestions amounted to adding the security as additional aspect into the known V model. Several presenters unanimously regarded wireless upgrade capability of in-car software (OTA) as indispensable to counter the cyber threats. On top of that, there were suggestions for direct technical measures to solve the problem. Koji Nakao, Research Executive Director of Japan’s Network Security Research Center, suggested a multi-level security architecture that embraces messeg verification, trusted boot of ECUs, authentication of communications in and around the car, message filtering (to prevent DoS attacks) and Fault tolerance. This approach is currently discussed in the relevant working group SG-17 of the ITU-T standards organisation. In addition, Nakao suggested to adopt the lightweight cryptography described in ISO/IEC 29192 in cars: It would suit to apply data encryption on the CAN bus even for time-critical real-time safety applications, he said, and it would not overburden the micro controllers in the ECUs. In any case, no single measure would be sufficient to attack the entire problem. In demand is a holistic approach, many experts agreed. Plus, the security issue will persist. “You can’t fix it once and for ever”, warned Frederix. “You will always see new challenges”. 18 Electronic Engineering Times Europe November 2015 www.electronics-eetimes.com


EETE NOV 2015
To see the actual publication please follow the link above