Car Hacking: Cyber Security in Automotive Industry
The world needs more hackers, and definitely more vehicle hackers. Vehicle generation is trending towards extra complexity and extra connectivity. Together, these changes will necessitate a stronger emphasis on automobile security and a larger pool of qualified personnel to deliver it.
In today's world cars can be a favorite target for hackers. Most cars come with CPUs, connectors, and operating systems. They are more electronic than ever. A normal car today includes about 150 electronic control units and about 100 million lines of code, according to a study by the consulting firm McKinsey. Hardware and software, both are essential for integrating all of these next-generation services, such as electrification, traffic assistance, and networking services. This has just started. According to the estimate, a commercial vehicle would have 300 million lines of software on board by the year 2030. Just FYI there are currently 15 million lines of code on a commercial aircraft. Automotive security researchers will play a great role in the revolution of the automotive industry with their ability to make a vehicle more secure.
What are possible attack surfaces?
Nowadays cars have features like Radio, Bluetooth, Wifi, GPS systems, USB port, touch and motion sensors, Keyless systems, etc which increase the attack surface of exploiting a car. According to Craig Smith’s Car Hacker’s Handbook, we can classify attack surfaces on different levels.
The high-level threats at Level 0 are that an attacker could
• Remotely take over a vehicle
• Shut down a vehicle
• Spy on vehicle occupants
• Unlock a vehicle
• Steal a vehicle
• Track a vehicle
• Thwart safety systems
• Install malware on the vehicle
Attack surface, at level 1 can be cellular, wifi, key fob (KES), tire pressure monitor sensor (TPMS), infotainment console, USB, Bluetooth, and Controller Area Network (CAN) bus connections.
At level 2, threats can be broken into five groups: Bluez (the Bluetooth daemon), the wpa_supplicant (the Wi-Fi daemon), HSI (high-speed synchronous interface cellular kernel module), udev (kernel device manager), and the Kvaser driver (CAN transceiver driver).
Challenges
Given that, connected cars are increasingly dependent on data-driven technologies, they represent a new frontier for cybersecurity. Cybercriminals are breaking into these systems and stealing information using a number of techniques, such as hacking into the car’s infotainment system or getting access to the onboard diagnostics port.
Few automotive security challenges include:
Multiple Interconnected System.
Connected cars are often not designed with security in mind.
No standard for automotive cybersecurity standards.
Manipulation of safety-critical systems.
In Vehicle Infotainment (IVI) vulnerabilities
The need for cybersecurity individuals in the automotive industry will boom in upcoming years, the industry will demand more and more automotive security consultants. The automobile sector is facing an urgent need for cybersecurity, as systems become more technologically advanced and the threat landscape gets more capable and sophisticated. As an answer to these cybersecurity challenges, threats, and vulnerabilities, a global security strategy needs to be defined.
That's all for this blog. Thank you for reading, keep learning.
Follow me here:
LinkedIn:- https://www.linkedin.com/in/vinayak-agrawal-2aa5a61ab/
Twitter:- https://twitter.com/Dr_Anonymous95
Youtube:- http://www.youtube.com/c/AnonymousWorld95
If you like my work, then please support me here:
BuyMeACoffee: https://bmc.link/uchihavin
References
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
