Is it time to worry about car hacking? According to Symantec, stories about car software security vulnerabilities are becoming more common. Should drivers be concerned and how can they protect themselves?
Symantec announced through its latest white paper entitled Building Comprehensive Security into Cars, that the growing frequency με την οποία αναπαράγονται τελευταία οι σχετικές πληροφορίες, έφερε στο προσκήνιο το ζήτημα της κυβερνοασφάλειας των οχημάτων, καθώς διάφοροι researchers reveal a number of vulnerabilities in new car models.
The question of cyber-security of vehicles, as the increasing frequency with which the relevant information is reproduced lately brings to the fore.
These incidents reflect the fact that an increasing number of cars can now be included in the so-called Internet of Things (IoT), since they have their own computers, software, but also connectivity. And while such a development allows car owners to take advantage of a range of new technologies, it also means that their vehicles are increasingly exposed to the same kinds of electronic threats that many other connected devices face. The question inevitably arises as to whether it is time to start worrying about car hacking.
The revelation of sensitive spots
The reason for the latest wave of debates was the news that some Jeep Cherokee model series had vulnerabilities in remote electronic threats. Researchers Charlie Miller and Chris Wallace have demonstrated a virtual assault, during which they managed to interfere with the vehicle's braking and transmission systems while at the same time gaining control over a number of functions such as air conditioning, , radio and windscreen wipers.
The Results της επίθεσης αποδόθηκαν σε μια σειρά τρωτών σημείων και αδυναμιών του οχήματος, αρκετά από τα οποία οφείλονται στο Uconnect, το σύστημα σύνδεσης στο Internet που διαθέτουν πολλά μοντέλα αυτοκινήτων της Fiat Chrysler, συμπεριλαμβανομένων και των Jeep Cherokee. Η αποκάλυψη αυτή, ώθησε την Fiat Automobiles Chrysler στην ανάκληση 1,4 εκατομμυρίων οχημάτων, παρά το ότι -όπως τόνισε η εταιρεία- δεν έχει υπάρξει κανένα πραγματικό περιστατικό hacking σε οποιοδήποτε από τα οχήματά της.
A few days later, information was revealed that vehicles using General Motors' OnStar RemoteLink (GM) were vulnerable to attacks that would allow hackers to locate the vehicle and unlock their control system.
The demonstration of such a virtual attack was made by the well-known security researcher and hacker, Sami Kamkar, who concluded that would-be "intruders" could deceive the owner of such a vehicle, connecting it to a different wireless pseudo-network, to finally take control of the OnStar RemoteLink Mobile Application.
Camkar pointed out that the vulnerability is not detected in a specific GM vehicle but in the application that allows owners to locate and unlock their vehicle. The investigator concluded that the application does not properly check the security certificate which should ensure that the owner's phone communicates with the OnStar server alone. GM has stated that the problem has now been corrected.
Following on from the above, Tesla came to the fore when other researchers discovered six vulnerabilities in the company's S model, potentially allowing a hacker to take control of the vehicle by endangering its safety.
However, they specified that attacks against a Tesla vehicle would have been difficult if the would-be attacker had no physical access to the car. However, once he or she would have gained physical access to the vehicle, even once, then it could have influenced it remotely.
The "attack" allowed them to influence the speedometer to show the wrong speed, to open and close the windows, to lock, to unlock, as well as to flash the engine of the vehicle. Tesla has announced that it has already resolved all related issues.
Finally, another team of security researchers from the University of San Diego, California, has announced that it has discovered some more vulnerable points to potential hacking. The team said it could potentially jeopardize thousands of vehicles, through hacking on tracking devices primarily used by insurance companies and fleet management applications to track the vehicle's location, speed and road behavior.
These devices could potentially be affected by sending a specially configured SMS to the tracking unit. When the device is violated, hackers can send commands to the car's CAN bus, an internal network that controls the individual vehicle systems. This may have allowed them to affect many functions, from windscreen wipers, to the car braking system.
Should drivers be worried?
As the automotive industry incorporates new technologies into cars, Symantec believes it is likely to increase malicious attacks such as the above. To date, Car Hacking has been limited to demonstrating the feasibility of an attack and was carried out by security researchers. However, as technologies are spreading, malicious attacks can not be ruled out.
Attacks of this species can be classified into three major categories:
• Attacks are considered more dangerous "over-the-air"When" intruders "attempt to penetrate the systems of a vehicle from a remote location. Such attacks require extensive effort and in-depth knowledge of the vehicle and its software.
• Physical attacks where the hacker must have physical access in the vehicle, are usually easier to implement. Many vehicles have incomplete protection on the CAN bus and the ECUs connected to it. To make such an attack, the attacker must have physical access to the vehicle, at risk of being arrested.
• Attacks through mobile applications and support tools that allow remote vehicle control functions are also possible. Fortunately, most applications and tools can be easily repaired without the need for upgrade to the vehicle software.
While such attacks cannot be ruled out in the future, drivers should not worry, as it is known that cybercrime motives are mainly financial, so hacking into the car will probably remain a theoretical activity until "redemption" methods are discovered. of attacks.
Car owners who worry about safety issues can, however, take some steps to reduce the likelihood of an attack.
These include:
• Τακτικά updates λογισμικού, που θωρακίζουν με patches το σύστημα, διορθώνοντας προβλήματα ασφάλειας.
• Pay special attention when the vehicle is connected to diagnostic platforms or telematics platforms, as they often open the door to "intruders" to enter the CAN bus.
• Avoid connecting unreliable devices to vehicle information and entertainment systems such as USB sticks, phones or media players. Also, if your car has an Internet connection, you must avoid connecting to unreliable networks.
Symantec's Complete White Paper Building Comprehensive Security in Cars will be found at http://www.symantec.com/content/en/us/enterprise/other_resources/building-security-into-cars-iot_en-us.pdf
