The ticking time bomb of automotive cyber security
Globally, car manufacturers are crossing their fingers and hoping that connected cars will not be attacked. They refuse to work together and instead are moving forward with a multiplicity of security strategies which will be weaker than not going down the standards route. Automakers are being all too slowly drawn to modern security techniques to plug the security holes in connected cars. Rethink Internet of Things (Riot) questions whether that transition can happen swiftly enough to avert potential disaster.
There are already tens of millions of vehicles in the US which are connected via LTE or other cellular connections to the internet, opening them up to a straightforward IP attack. As the attack surface grows, closing in on 100 million cars, they make a more tempting target for organised crime, nation state attacks, terrorists, and random hackers.
The simple question is can the major automakers make them truly safe, before someone mounts a successful attack – whether that is one car at a time, or a fleet of hundreds of thousands at once.
In this paper, titled Automotive Cybersecurity: A ticking time bomb we may just prevent from going off, Riot takes an in-depth look at how professional security businesses are trying to steer automakers towards safety, and asks how many more years before they will be reasonably well protected.
But in this investigation Riot finds that automakers are not going down the obvious route of agreeing a standard, and moving rapidly towards its implementation in their next generation of connected cars.
Instead each of them is attacking the problem their own way, on their own turf, moving towards a new security architecture one step at a time, with each using a variety of techniques, from long encryption keys, deep packet inspection, virtual signatures, and daily over-the-air (OTA) updates.
Much of it owes something to Private Key Infrastructure (PKI), but not all of it, and each of them is looking at systems like ARM Trustzone to define a safe hardware Root of Trust (RoT). This approach will mean there is more room for more suppliers in the short term, but could just as likely mean that some automakers will remain vulnerable for some time to come. The lack of progress among some smaller car makers is quite frightening.
In the long term it is likely that the eventually successful security system will be open source, as much because Chinese companies refuse to rely on proprietary US systems which they have to license, or vice versa.
But most car makers already understand that they must separate network traffic into different domains, in a manner very similar to current techniques used in enterprise networking.
So as the automotive industry is entering what is a difficult transition period, it is still years from a standardised approach to securing vehicles in a hyper-connected world and the clock is ticking. If one vendor manages to defend his turf, at the expense of a standardised approach, the mayhem around a single destructive hack of any car, even a rival brand, will still create industry-wide hysteria.
This puts us in mind of the early cellular industry, before the GSMA took control and standardised everything.
And yet across the entire ecosystem, multi-layered services are all preparing for industry-wide launch - first in the US, and then more broadly. These range from generic navigation, in-car entertainment services, to safety, such as vehicle location services and remote restart.
Today we are at the beginning of such services and a handful of brands have truly useful car services, which currently extend to only a single-digit percentages of their owners. But expectation is high that a wider gamut of driver, owner and manufacturer services are just around the corner.
The more beneficial such services become, and the more widely they are installed, the more likely they are to be attacked, either to disrupt revenue or ultimately as a route into remote physical control of a vehicle.
What follows are the accounts of security stakeholders in the automotive industry, capturing perspectives from suppliers – because the automakers themselves collectively declined our repeated requests for interviews. This is another case of security by obscurity, a strategy the technology industry knows has never worked - by keeping all their thoughts about security a strict secret.
The real route to security is through open standards, which can be hardened by a wide base of users finding different attack vectors during the standardisation process, and then sealing such exploits, in the same way the humble SIM card came about.