Putting the brakes on car hacking
To achieve the best possible protection for connected cars, authentication and authorisation between entities and devices exchanging data is simply mandatory says Ameneh Zaher.
Ameneh Zaher, security expert, Gemalto
There has been a slew of news reports in recent months focused on the vulnerability of connected cars to hackers. Researchers have uncovered methods that hackers can use to remotely send commands through a car's entertainment system to control the stereo, air conditioning, windshield wipers, brakes, steering and engine.
We don't know all the details of how these hacks were conducted but we do know that when data has value, no matter what it is, it becomes a target for hackers. And sometimes, hackers are motivated purely by the challenge. Attacks are inevitable and we cannot underestimate the need for security architecture and the corresponding products and solutions that protect the entire ecosystem - devices, data, their applications and the network. If hackers can find a way to access the software within the car's operating system and interfere with that code, the car becomes one of the most dangerous connected ecosystems.
All significant attacks that we have seen so far required prior reverse engineering of the software of the target system in order to understand how to mount the attack. This means that security by design is key in deploying a secure connected car architecture. It starts with a thorough risk evaluation so that needs can be properly assessed. From there, specific hardware and software solutions can be implemented across the entire connected car ecosystem to protect the complete chain - from the device, the application, the network, and the data to the back-end infrastructure. It's a complex task and it cannot be undervalued or overlooked.
Once one device is breached however, there's very little to stop a hacked device broadcasting to other interconnected devices in the car. Turning on the brake lights could potentially also turn on the tyre pressure monitor or engine monitoring sensors. Once a hacker is on the system they can also alter the car owner's unique profile, affecting their Bluetooth, satnav and air-conditioning settings for example. As a result, the manufacturer's ability to carry out secure remote updates becomes crucial, as physical product recalls – like those of Jeep and Chrysler- can be quite expensive, as they require sending every car owner a USB drive or asking them to bring the car to the dealership in order to carry out repairs.
It's clear that preventing access to the car is paramount and car manufacturers have a few means at their disposal to do so.
Over-the-air software update mechanisms allow manufacturers to remotely push a software package to the cars in order to fix vulnerabilities in an automated manner. However, for remote secure updates to take place, there has to be mutual trust between the manufacturer and the car. This means manufacturers need to secure software packages using public key infrastructure (PKI) - a set of hardware, software, people, policies, and procedures which support the distribution and identification of public encryption keys, enabling users and computers to securely exchange data- and mutual authentication.
While PKIs authenticate communications between devices – based on machine-to-machine authentication, which is required for pushing digitally signed codes- and between devices and humans, via certificate-based authentication, two-factor authentication can be enforced via the generation of one-time passcodes or Digital certificates.
Of course, there are cost and time considerations that car manufacturers need to take into account when implementing such security measures if they aren't already. Although security architecture designed in at the beginning of development projects to defend the DNA of connected cars should be best practice, a strong PKI system can help speed up the process as it creates a strong chain of trust. It can be readily implemented within the car ecosystem to perform mutual authentication between different components.
To achieve the best possible protection, authentication and authorisation between entities and devices exchanging data is simply mandatory. In the case of the connected car, this relates both to the communication within the car system and externally. IP protection technology can be employed to encrypt the code layer and protect the software code from reverse engineering or tampering. It protects connected car systems at the core by authenticating user and master devices to prevent attacks, defending against fraud and keeping data private. Equally important is the secure storage and management of encryption keys via a strong PKI. If manufacturers don't do this, it is like leaving the keys to your house under the doormat.
Contributed by Ameneh Zaher, security expert, Gemalto