The automotive industry is undergoing a monumental shift, largely driven by the digitalization of its core functions and emerging mobility models.
A PwC report forecasts a unique trend by 2030: a slight decrease in vehicle numbers in Europe and the USA, but a significant rise in global industry profits.
This paradox is primarily due to the emerging concept of Mobility-as-a-Service (MaaS), which is transforming traditional car ownership into models like car-sharing. In countries like China, individual car ownership is projected to plummet from 90% to 52%.
At the heart of this transformation are two pivotal concepts: ‘connected cars’ and ‘autonomous driving.’ Upstream Security predicts that by 2025, all new cars will be connected, not just in terms of internet access or localization services but embracing the Vehicle-to-Everything (V2X) technology.
This encompasses communication and data exchange with other vehicles (V2V), infrastructure (V2I), and even pedestrians (V2P), paving the way for smart city integration.
A Future Beyond ADAS
Autonomous driving is set to evolve beyond the current Advanced Driver Assistance Systems (ADAS).
The segment aims to progress towards complete driverless functionality classified by SAE’s levels of autonomy, ranging from level 0 (no assistance) to level 5 (no driver required).
However, this technological leap brings its own set of challenges, especially related to automotive cybersecurity.
As cars transform into complex software-based IT systems with numerous connected ECUs, they become more vulnerable to cyber-attacks. This necessitates a shift in vehicle architecture towards a secure-by-design approach. The integration of cyber and physical related security aspects is crucial, especially as vehicles evolve into cyber-physical systems (CPS). In this article, we will delve into the cyber aspects of these emerging threats and the strategies to mitigate them.
Transitioning from the broader context of automotive cybersecurity, we encounter distinct constraints in car electronics, pivotal in shaping the approach towards secure designs. So, let’s look at the constraints that act as hindrances to automotive cybersecurity implementation.
What are the Current Constraints in Implementing Automotive Cybersecurity
Car electronics, particularly ECUs, are embedded systems characterized by substantial hardware limitations. These constraints hinder the full implementation of certain security solutions, including advanced cryptography.
Let’s understand these constraints further:
- Cost Sensitivity: The sensitivity to component costs limits OEMs’ ability to embrace innovative cybersecurity solutions, as they have to balance between advanced technology and cost-effectiveness.
- Timing and Safety Constraints: Several ECUs must perform tasks within fixed real-time constraints, often related to safety-critical functions. Therefore, any security measures implemented must not negatively impact these essential tasks.
- Vehicle Autonomy and Life-Cycle Considerations: The car’s autonomy is crucial, especially when protection mechanisms are operational, to ensure the driver can focus on driving. Moreover, the lifecycle of a car is significantly longer than typical consumer electronics, necessitating durable hardware and software that can be easily updated, particularly for security features.
- Supplier Integration Challenges: Suppliers often provide software components without source code to protect intellectual property. This practice makes it difficult to modify these components for improved security.
- Network Standards and Protocols: The Controller Area Network (CAN) is the most used protocol in vehicle networks, existing in low-speed and high-speed variants for different vehicle domains. Although current designs are evolving towards Domain Controllers managing different sub-networks, the CAN bus still acts as the network’s backbone. The transition to Automotive Ethernet is significant for next-generation networks due to its high bandwidth.
- On-Board Diagnostics (OBD) Security Implications: The OBD system, a mandatory diagnostic tool in US and European vehicles, can be a security risk as it provides direct access to the CAN bus. The easy availability of OBD dongles allows for simple data extraction, which can be used maliciously.
The constraints in automotive network design, particularly in the CAN backbone, introduce several vulnerabilities:
- Broadcast Transmission: Due to the bus topology of the CAN network, messages between ECUs are broadcast across the entire network. Accessing any part of this network, such as through the OBD port, could allow an entity to send messages network-wide or eavesdrop on communications.
- Lack of Authentication: There is no system to authenticate the source of the CAN frames, making it prone to send fraudulent messages from any part of the network.
- No Encryption: Messages on the CAN network can be easily intercepted and analysed, exposing their functions.
- ID-Based Priority Scheme: Each CAN frame has an identifier and priority field. Frames with higher priority can interrupt lower priority ones, leading to potential Denial of Service (DoS) attacks.
What are Attack Goals and Attack Scenarios in Automotive Cybersecurity
In the landscape of automotive cybersecurity, attackers are driven by various goals, leading to distinct types of attacks:
Attack Scenarios | Attack Goal |
Vehicle Theft | The most direct and straightforward reason for attacking a vehicle. |
Vehicle Enhancement | Involves unauthorized software modifications by the vehicle owner, such as altering engine settings, reducing mileage, or installing unofficial infotainment software. |
Extortion | Tactics similar to ransomware, where the attacker blocks access to the victim’s car until a ransom is paid. |
Intellectual Challenge | Attacks conducted to showcase one’s hacking abilities. |
Intellectual Property Theft | Aimed at obtaining source code for industrial espionage. |
Data Theft |
With connected cars, attackers aim to steal various types of data, including license plate information, insurance details, location traces, and data synced from connected smartphones, like contacts and banking records. This data can be used to track a victim’s habits and locations, potentially leading to burglary or similar crimes. |
The attack scenarios typically involve initial access to the vehicle’s network, either physically (through OBD ports) or wirelessly (via Bluetooth). Common attack techniques include:
- Frame Sniffing: Listening in on network frames to understand their function.
- Frame Falsifying: Creating fake messages to mislead ECUs or drivers.
- Frame Injection: Injecting crafted frames into the CAN bus, exploiting the lack of authentication.
- Replay Attack: Replaying valid frame series to replicate actions like starting the engine or unlocking doors.
- Denial of Service Attack: Flooding the network with high-priority frames to disrupt regular ECU communication.
One notable instance was the remote attack on the 2014 Jeep Cherokee’s infotainment system, which led to a recall of 1.4 million vehicles by FCA. This attack demonstrated the potential for remote control over critical vehicle functions like steering and braking.
How can ISO 21434 Standard help Counter Emerging Automotive Cybersecurity Threats
The rising risk of cybersecurity threats promoted the automotive stakeholders to come up with a standard that could help mitigate these threats.
ISO 21434 standard is like the go-to playbook for keeping cars safe from cyber threats. It’s got all the strategies and guidelines automakers need to shield vehicles from hackers, right from the drawing board to when they hit the road.
ISO 21434 offers a targeted approach to automotive cybersecurity by specifically addressing the unique challenges of this sector. It provides a framework for systematically identifying cybersecurity risks in vehicle systems and outlines best practices for developing, implementing, and managing security measures.
Here’s a snapshot of how ISO 21434 standard is effective:
Risk Assessment: ISO 21434 emphasizes identifying and assessing cybersecurity risks, helping to anticipate and prepare for potential attack scenarios like frame sniffing or injection.
Design & Development Guidelines: The standard provides guidelines for secure design and development of automotive systems, countering vulnerabilities exploited in attacks like the Jeep Cherokee incident.
Security Management: It establishes a framework for managing cybersecurity throughout the vehicle’s lifecycle, crucial for responding to evolving threats and tactics like ransomware or DoS attacks.
Incident Response: ISO 21434 outlines strategies for effective incident response, essential in mitigating the impact of attacks and rapidly restoring normal operations.
Conclusion
Automotive industry’s shift towards digitalization, transforming vehicles into “smartphones on wheels,” has brought to light significant cybersecurity challenges. Originally designed without external network interaction, modern hyper-connected vehicles now face heightened cyber threats. This transition demands the development of complex, safety-critical platforms under stringent constraints like limited hardware capabilities and real-time processing needs. Implementation of the new automotive cybersecurity standard, ISO 21434 will be the guiding light for the automotive industry to navigate such cyber-threats.