Black Hat: Securing Automobiles

Thursday, August 7, 2014 @ 06:08 PM gHale


By Gregory Hale
When you really look at it, modern-day automobiles are a traveling series of control systems that have remote accessibility. The problem is they have a susceptibility to local and remote attacks.

“With wireless vulnerabilities, you can take over Bluetooth ECU’s (electronic control unit),” said Charlie Miller, a security engineer at Twitter and a automobile vulnerability researcher during his talk with fellow auto researcher Christopher Valasek, director of security intelligence at IOActive, Wednesday at Black Hat USA 2014. “You can attack the brakes through the blue tooth stack.”

RELATED STORIES
Black Hat: Govt. ICS Attacks
Black Hat: ICS Vendors Need to Test for Security
Black Hat: A Security Plan
Talk to Me: Elevating Security Awareness

They showed a video where an attacker was able to lock the brakes of a car, which ended with the car off the road and in a hedge.

Miller said there are three parts to any attack: Remote attack, sending a message and getting the ECU to do something. In the video, the attacker was able to do all three parts of the attack.

An attacker can leverage a remote vulnerability to do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.

“Car makers talk about features, we talk about attack surfaces,” Valasek said.

The Blue Tooth stack offers great potential for attackers where they may have an open canvas to get into a car’s network. “This is the one with a huge attack surface and it is going to be an easier attack,” Miller said.

The researchers went through a series of areas where attackers could get into a vehicle.

The talked about the Tire Pressure Monitoring System (TPMS), where an attacker would have to be pretty close to attack and there would not be too much data to exchange.

Remote Keyless Entry: There is not too much data used in this entry point, the researchers said. “You might be able to open the doors and start the engine, but not much else,” Valasek said.

Blue Tooth is the biggest attack surface for an automobile, Valasek said.

Radio Data System where the driver is getting audio over FM, but also data, Miller said.

Telematics/cellular/WiFi, which are ways to communicate with the outside world. This has a large range when someone is trying to attack, which has the most concern for the most people, Valasek said.

With the most modern cars, they have the Internet and you can download apps. From a hacking perspective, both researchers said it is much easier to write exploits for a browser than it is a car, so that means this could be an attack vector a bad guy could leverage.

What cars are hackable? It is more of a question of which ones are not. The researchers tested General Motors, Toyota, Infiniti, Chrysler, Ford, BMW, Range Rover and Honda vehicles and with all the newest technology that is in the cars, it appeared they were vulnerable.

While a number of vehicles were better than others, “some cars have a bigger attack surface,” Miller said.



Leave a Reply

You must be logged in to post a comment.