My slides about connected car security and the future of transportation that I presented to the Cloud Security Alliance, IoT Working Group on July 28, 2016.
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
Connected Car Security and the Future of Transportation
1. Liz Slocum Jensen
Connected Car Expert
Cloud Security Alliance, IoT Working Group
July 28, 2016
Connected Car Security and the Future of Transportation
2. • About me
• 4 basic types of connected cars
• 4 connected car hacks
• Overview of the Connected Car Landscape
• Security
• How car ownership is changing
• Looking forward to the autonomous car
• Questions
Agenda
@WhatLizTweets
3. About Me: Liz Slocum Jensen
CONNECTED CARSSECURITYBIG DATA
Ford Electrified
Vehicle Hackathon,
Best Application
Smarter Driving, Finalist
20151999 2003 2005
2010
2013
2016
2014
PROJECTSEMPLOYMENT
4. 4 Basic Types of Connected Cars
Vehicle-to-Vehicle (V2V) Vehicle-to-Infrastructure (V2I)
Vehicle-to-Mobile Vehicle-to-Cloud
Safety
Security
Communications
Entertainment
@WhatLizTweets
5. @WhatLizTweets
WHO: Department of Computer Science and Engineering at UC San Diego and
University of Washington
WHEN: 2010
KEY FINDINGS:
• Once the team was able to physically access the car via the media player,
diagnostics port, Bluetooth, or cellular, they were able to completely compromise
the car.
• The research team could access the systems by simply calling the car.
• Since the telematics system is Unix-based, they were able to get root access and
install an IRC channel.
RESEARCHER’S SUGGESTED ACTIONS:
• Use stack cookies to help detect an attack.
• Do not allow inbound calls. Instead, immediately call back a trusted number.
• Arbitrary ECUs should not be able to issue diagnostic and reflashing commands.
• Commands should only be accepted with some validation, and physical access to
the car should be required before dangerous commands are executed.
Experimental Attacks on Diagnostics, CD
Player, Bluetooth, Cellular Radio
6. @WhatLizTweets
WHO: University of South Carolina and Rutgers University
WHEN: 2010
WHAT: Tire Pressure Monitoring System
KEY FINDINGS:
• Reverse engineering in order to spoof and eavesdrop, specifically to track the
car location, is possible.
• There was no encryption in the TPMS.
• If hackers flooded the tire pressure ECU with packets, they disabled the ECU
and the ability for the alert to display in the dashboard. Even when this
happened, however, the car was still driveable.
• They were able to spoof the alert light for no more than 6 seconds.
RESEARCHER’S SUGGESTED ACTIONS
• Check for conflicting input information. For example, the system reported a low
pressure event through the tire pressure ECU, but the PSI reported was normal.
• Use encryption.
Tire Pressure Monitoring System (TPMS)
7. @WhatLizTweets
WHO: Dr. Charlie Miller and Chris Valasek
WHEN: 2013
KEY FINDINGS:
• Spoofing is possible.
• It is possible to disable functions of the car by flooding it with arbitrary CAN
(Controller Area Network or the embedded network) packets.
The DARPA-funded hack of a Toyota Prius and Ford
Escape
Follow-up research on remote attacks
WHEN: 2014
KEY FINDINGS:
• Bluetooth is one of the biggest and most viable attack points of a car
because of its ubiquity.
• In-car apps and web browser technology are a significant threat, mostly
because they offer a familiar attack target that is already understood by those
who want to exploit it.
8. @WhatLizTweets
RESEARCHER’S SUGGESTED ACTIONS:
• Since remote attacks happen in multiple stages, they recommend that defense
be multi-staged.
• Secure the remote endpoints.
• Make it harder for the attacker to inject CAN messages immediately.
• For attack detection, monitor the rate of ECU messages for a noticeable
increase.
The DARPA-funded hack of a Toyota Prius and Ford
Escape..continued
9. @WhatLizTweets
Common Findings
• The car can be compromised remotely…but it is very time-
consuming and difficult to sustain.
• Systems varies from carmaker to carmaker, model to model, year
to year.
• Attacks are detectable.
• The car is still drivable after spoofing and ECU attacks.
10. @WhatLizTweets
The Connected Car is Hackable
What Carmakers and Suppliers Can Do
• Air Gap.
• Perform Over-the-Air (OTA) updates.
• Use encryption.
• Working with the hacker community:
• Challenge hackers to break your security with a bug bounty.
• Make it easy for a researcher to contact the company privately
about the exploit.
• Have a policy to fix exploits within a specific time period.
• Report the exploits publicly and give the researcher credit for
finding it, if desired.
Other resources:
https://www.iamthecavalry.org/domains/automotive/5star/
http://venturebeat.com/2016/06/27/the-5-scariest-car-hacks-including-some-that-could-make-you-crash/
11. Connected Cars Landscape
POWERED BY
Name
DESIGNED BY
Liz Slocum Jensen
April 2016
Consumer
(107)
Enterprise
(72)
Things
(54)
Shippr.in
theKarrier
Doorman
ThePorter
Lugg
Lets
transport
Delivery
(6)
Turo
FlightCar
Car Next
Door
Getaround
JustShareIt
PPzuche
Zify
Zen Car
Car Sharing
(9)
The Floow
Drivemode
Driving
Curve Inc
iOnRoad
Dash
MotorMate
Carandus Road
Rules
True
Mileage
Fuelly
Cellcontrol
Driver
Behavior
(11)
Lemur
Vehicle
Monitors
hum by
Verizon
CellAssist
Mojio
VoyomotiveAutomile
XGear
American
Automobile
Association
AutomaticZubie
ULU
Dash Labs Nebula
Systems
CarMD.
com
Diagnostics
(16)
Autopro
Automation
Consultants
Ford Sync
3
MirrorLink
BMW
iDrive
NissanConnect
Chevrolet
Mylink
Hyundai
Blue Link
GMC
IntelliLink
Kia UvoTesla
Infotainment
mbrace
Apple
CarPlay
Uconnect Toyota
Entune
Volvo
Sensus
Android
Auto
Infotainment Interface
(15)
Uber
Didi
Chuxing
Dadabus
Via
Bandwagon
Taxishare
Chariot
Shuddle Lyft
Wheeliz
Yidao
Yongche
HopSkipDrive
Boost
Jugnoo
51yongche
mytaxi
Tiantian
Yongche
Kabbee
Ride Hailing
(20)
InstavansKeepTruckin
smartShift
Technologies
ConvoyAutomile
Trucker
Path
Onfleet
Cargomatic
Maves
International
Software
ThePorter Transfix
Distribution/Logistics
(11) ChargePoint
PlugShare
StreetLight
Data
Factual
Volta
Industries
Streetline
Airsage EV
Connect
Smart Cities
(8)
Ingenie
Censio Driveway
Software
Nationwide
Building
Society
Metromile
Progressive
Insurance
D-rive by
Deloitte
Usage-Based
Insurance (9)
Security
(2)
State Farm
Insurance
CalAmpOmnitracs
SkyBitzDanlaw
RoadsenseFleet
Management
Solutions
Safety
Track
T
Dispatch
ConnectMZonar
Systems
Traffilog
GoFleet
Fleetmatics
Group
BigRoad
Teletrac
Safe Fleet
XGear
Vnomics FieldLogix
Fleet Tracking & Asset
Management (20)
TelogisDENSO
AgeroNNG
NEXCOM
International
Aeris
Communications
AryngaIMETRIK
MiX
Telematics
Smartcar
Verizon
Telematics
RealVNC
Airbiquity
FEVNovatel
Wireless
Jasper
Technologies
Abalta
Technologies
KORE
Telematics
Covisint
Telematic Service Providers
(19)
Volta
Industries
ChargePointPlugShare
EV Charging
(3)
ZipCar
UpshiftCity
CarShare
SilvercarZoomcar
Skurt Audi at
home
Local
Motion
Scoot
Networks
Shenzhou
Zhuanche
On
Demand
Rentals
(11)
JustPark
BestParking
Monkey
Parking
HonkMobile
PayBySky
Streetline
Cityzen
Data
Parclick
ParkWhiz
Parkopedia
Parkmobile
ParkMe
Parking
(12)
Drivr
Open-Taxi
TaxiStartup
Cabforce
Carpool
Arabia
CityfloBlaBlaCar
True
Mileage
UberCadillac
Autonomous
(9) Navdyi4driveMaking
Virtual
Solid -
California
Heads Up
Display (3)
TriLumina
Corp
Quanergy HIGH
MOBILITY
Roadar
Carvi Peloton
Technology
NAVX CalAmp Novatel
Wireless
Danlaw
Sensors/Hardware
(10)
Sensys
Networks
Vehicle to
Infrastructure
(1)
SKULLY NUVIZ
Wearables
(2) Magellan Panasonic
Automotive
Systems
TomTom
International
BV
HARMAN
Infotainment
CloudCar Pioneer
Electronics
Infotainment
Embedded
(10)
Dongle
(19)
Automatic
Munic
Dash Labs
Zubie Voyomotive
CarMD.
com
CellAssist
Lemur
Vehicle
Monitors
splitsecnd
XGear
ULU
Automile
hum by
Verizon
Mojio
Carvoyant
Vinli
OpenXC
Apps - Location
- Data (44)
Aha by
Harman
Aupeo IMS’
DriveSync
Infotainment
Applications (3) INRIX
LogiNext
Streetline
TrafficCast
StreetLight
Data
Cardinal
Optimization
Big Data
(6)
Progressive
Insurance
Automatic ULU Nebula
Systems
Mojio
Metromile Voyomotive hum by
Verizon
DriversitiState Farm
Insurance
Zubie Dash
Road
Rules
Zendrive
Driver Behavior
(14)
Nebula
Systems
Zubie
Cloud
Your Car
Android
Auto
Mojio
OpenXC
Munic
CarvoyantVinli Apple
CarPlay
Automatic
App Platform
(11)
Location/
Navigation (14)
Apple
Maps
Waze
Beat the
Traffic
Google
Maps
Swift
Navigation
MaponicsMapbox
HEREStreetLight
Data
MapmyIndiaTelenav IntuviGlympse GasBuddy
DENSO
ARPEGGiO
Samsung
Drive
Link
Bosch
mySPIN
Nvidia
Drive PX
Nebula
Systems
Cloud
Your Car
Torque
Tesla Self
Driving Car
Delphi
Advanced
Driver
Assistance
Audi
Piloted
Driving
Google
Self-Driving
Car
Ride Sharing/
Carpooling
(6)
Optimus
Ride
nuTonomy Zoox
ReachNow
Uber
Lyft
Argus Cybey
Security
InterWorking
Labs
Routing
Optimization
(3)
Cardinal
Optimization
Viamente Route4Me
Pogo
Bao
Pinche