Saturday, October 18, 2014

Securing Your Viper Against Cylons

If you have a late model car, someone could take control of it while you are driving.  They could disable the brakes, command the steering wheel, set the speed, open the doors, disable the airbags, or explode them.

Computers in cars go back to the 1978 Cadillac Seville.  The chip was a Motorola 6800, used also in early personal computers.  It ran the car’s onboard display that provided eleven outputs such as fuel economy, estimated time of arrival, and engine speed.  By the turn of the Millennium, upscale BMWs and Mercedes boasted 100 processors. Even the low-tech Volvo had 50. (Automotive Mileposts website and Embedded website.)
Commander Adama would not allow
the computers on the battlestar Galactica to be networked.
His ship successfully resisted cyber attacks.

The General Motors OnStar system was launched in 1995 and went from analog to completely digital in 2006.  (Wikipedia here.) 

Now, such radio systems are a standard feature on common makes and models. With that link someone can take control of your car.

The older your car, the safer you are.  A vehicle from the 1980s or 1990s will have electronic controls, but they will be less open to attack from the outside.

The Mark VII vipers were the newest and the best.
The Cylons destroyed them
by hacking their computers from the outside.

When the Cylons attacked, these museum relics were
pressed into action because they lacked computers
that could be jammed and compromised.
Two different security projects have been reported.  In both, “white hat hackers” investigated ways to take control of different models of automobile.

In 2011, Car and Driver told about the work of the Center for Automotive Embedded Systems Security, a collaboration between academics from the University of Washington and California State University at San Diego.  First, they plugged their own device under the dashboard to compromise the on-board diagnostic computer.  (Anyone who can get to your car could do that the next time you take it in for an oil change or other routine service.)  In the second phase, they figured out how to do that remotely.
Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.”“Hack to the Future”, Car and Driver, July 2011 by Keith Barry here.

In the words of the researchers:
 “We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input—including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
 “Experimental Security Analysis of a Modern Automobile” by

 Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage.
 IEEE Symposium on Security and Privacy, Oakland, CA, May 16–19, 2010. Available as a PDF from the authors here.
“Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model—requiring prior physical access—has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.”
 “Comprehensive Experimental Analyses of Automotive Attack Surfaces” by Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage (University of California, San Diego) and Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno (University of Washington). Available as a PDF from the authors here.

Onboard diagnostics are integral to any sophisticated vehicle.
The computers on Galactica were not networked.
 Two years later, Andy Greenberg, who reports on technology for Forbes, filed a story about Charlie Miller and Chris Valasek who carried out their car hacking research with a government grant. 
“Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.”  Forbes, August 12, 2013 with embedded video here.

They took Greenberg for a ride that ended in a crash despite everything he could do to fight for control of the car. (The 5 mph roll out stopped in some high grass.)


No comments:

Post a Comment