Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Controls/MCUs

Guarding automotive systems against tampering

Posted: 07 Jan 2016     Print Version  Bookmark and Share

Keywords:driver assistance  digital storage  CAN bus  authentication  encryption 

An ever growing number of functions for driver assistance, navigation and communication are being integrated in today's automobiles. While these systems support drivers in complex traffic situations, they also open the door for tampering attempts by hackers. Older vehicles were 'closed' systems whose on-board electronic systems could only be accessed using the OBD plug (on-board diagnosis). In contrast, modern automobiles provide a multitude of interfaces that can be used to compromise the system.

The interfaces of digital storage media (CD, USB, MMC) provide a means to tamper with unprotected systems or to steal sensitive or licensed data. With hardware-based interfaces, attackers need to access the car's interior. In contrast to this, wireless interfaces including Bluetooth, Wi-Fi, LTE, UMTS and internet provide many more opportunities for attackers who don't even need get into the vehicle anymore. Theoretically, any internet access anywhere in the world can be used to attack a vehicle with an internet connection. Today, the infotainment system is the primary gateway used to attack a car. With their integrated telephone functions and smartphone connections, these systems can be used by attackers to access a lot of sensitive information including phone numbers, addresses and additional private data. Furthermore, on-board networks including CAN, FlexRay or Ethernet can be used as a means to access all the connected control units of a vehicle.

How strong is the motivation for hackers?
Recent examples of hacked vehicles have demonstrated that it is relatively easy to compromise today's conventional vehicles via the CAN bus. The risk is obvious even though this may entail a lot of effort and may not be very useful for hackers. In contrast, it is much more profitable to steal private data and licensing information from software, media data and navigation maps. As an additional aspect, licensed software should only be activated on a single control unit. Without tamper protection, the software could also be installed and used on a different infotainment system.

It is also important to link expensive pieces of equipment to a specific vehicle because infotainment units are frequently stolen from vehicles to be sold as replacement parts in other countries. It must be ensured that stolen components cannot be used in different vehicles.

In addition, odometer data is often manipulated in order to sell used cars for a higher price. The system must therefore include mechanisms preventing straightforward tampering.

'Car-to-x' and 'car-to-car' systems will become more important in the future. These systems, which are already being developed and tested in pilot trials, represent another milestone on the way to fully autonomous driving. The vehicles are equipped with an 802.11p-based Wi-Fi connection for communicating with other vehicles and road side units (RSUs) which are installed as transmit and receive units along the road. The vehicles send so-called 'safety messages' including speed, acceleration and deceleration data to other vehicles or receivers located close to the road. These data can be used to alert nearby drivers in case of an emergency brake. In addition, it is possible to determine the traffic flow, to issue congestion information, to control traffic lights or to alert other vehicles in case of any hazards including moving road works, icy roads etc. It is mandatory to authenticate these data in order to ensure that they can only be issued by authentic sources. Attackers could otherwise use these car-to-x systems to provoke accidents or to paralyze the traffic system in order to blackmail individual drivers or even entire communities or cities. Congestions could be generated or vehicle positions be monitored in order to use the intercepted data for criminal purposes.

The increasing pervasiveness of electronic payment functions meanwhile includes modern automobiles as well. Several smartphone manufacturers now offer NFC payment features that can be used at gas stations or highway tollbooths. In a vehicle environment, it might be an option to activate specific functions (including special convenience features) only for a limited time using the vehicle's NFC and internet interfaces included in the infotainment system. Therefore, these must also be suitably protected against data theft and tampering.

1 • 2 Next Page Last Page

Comment on "Guarding automotive systems against ..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top