The security of the communication between the vehicle and the rest of the world (V2X) is something that must be implemented to prevent hackers from taking over cars. This is what Klaus Reinmuth, director of the automotive division at NXP, said as part of the DevelopEX2015 conference that took place last week.
The security of the communication between the vehicle and the rest of the world (V2X) is something that must be implemented to prevent hackers from taking over cars. This is what Klaus Reinmuth, director of the automotive division at NXP, said as part of the DevelopEX2015 conference that took place last week.
"In 2020 there will be 50 billion connected devices in our smart world. A significant part of them will be in vehicles: automatic vehicle identification certificate, in-vehicle network, entertainment system, vehicle access system, warning systems. EPassport, Smart eID health card, electronic identification plates, sensors for securing access routers and cyber, access control, upgraded security, Smart eID connectivity, smart LED lighting. It will also be possible to carry out mobile transactions from the vehicle, monitor the supply chain of its components, RFID tag readers, loyalty club memberships, secure credit cards. The vehicle will be a junction for IOT networks that will form the connected car."
"Each vehicle will have a networked computer, and it will contain up to 100 ECUs and 150 sensors, connected by kilometers of cables and contain 100 million lines of code. The car will be increasingly connected to the outside world - to other cars, to personal devices, to support services and treatments sitting in the cloud."
"However, all these things will make the smart car an easy target for hackers. In front of them is actually a large computer that has private data. It contains external and internal interfaces, wired and wireless interfaces. The connected vehicle is very vulnerable - it contains an increasing number of nodes, advanced features, "high value" data, an information storage system, diagnostic options, a link to the cloud
The attack capabilities are many and varied, from physical penetration to remote attack. To carry out such an attack, the hacker must find vulnerabilities in the ECU processors, in particular in ECUs with remote access capability, exploiting the vulnerability will allow the hacker to gain full access to the ECU. Through it the hackers can attack other ECUs. Through the processors whose control is in his hands, he will finally be able to gain full control of the vehicle."
There is a fear that this will be done on a large scale. As in other fields, the hacking process has also been automated - code snippets and tools are published on the Internet and the attack can be carried out remotely. The worst scenario is taking over an entire fleet or even all the cars of a certain model."
"Physical hacks will be more complicated. They will require in-depth knowledge, the ability to physically access, perform reverse engineering. Special attention should be paid to wireless interfaces, which will be installed in 75% of the cars that will be connected to the Internet in 2020. Wireless interfaces will allow the attacker the ability to attack anonymously with less risk to the attacker, many people can perform hacking attempts at a low cost, more cars will be affected and the hackers will be able to make more money."
Hacking V2X modules will allow attackers to steal the driver's identity, locate private keys in the processor and the storage system, the ability to BOOT and perform operations on the computer. For example, can others attack a car while driving?”
And therefore a high degree of anonymity (identity concealment) is required to prevent tracking.
"The security system should check whether the messages have not been changed on the way, do they come from car A? Can I trust car A? Authentication systems are required for both the car and messages to prevent interference of network traffic or impersonation. "
The conclusions drawn by Rainmouth are: V2X communication is therefore the biggest challenge; A secure V2X system requires trust; Fraud-resistant chipsets are needed to deal with sophisticated attacks; It is necessary to develop sets of reliable car keys. All these systems should be proven and approved.
The field of security controllers is a derivative of the smart card industry and there is a need for a flexible approach that will cause minimal impact on existing architectures. Rainmouth added.
3 תגובות
Asaf
It did happen in the US about six months ago, and precisely in a car like mine! Hackers managed to take control of a regular Jeep Cherokee - they took control of the radio, the air conditioning system, the brakes, the gas and the gear. I think they could also control the steering wheel - because it is also electric in this vehicle.
Here is a link – https://blog.kaspersky.com/remote-car-hack/9395/
@Asaf - The concern is that once you allow information to be received, you may leave loopholes that will allow hackers to take control of the vehicle, even if there was no intention to allow such control.
Why even allow connection to the car remotely?
It is possible to transmit and receive information without the ability to control remotely, leaving the ability to control only through a cable.