aftermarket telematics devices: a dangerous backdoor into...
TRANSCRIPT
Aftermarket telematics devices:
a dangerous backdoor into your vehicle network?
Andy Davis, Transport Cybersecurity Practice Director
Agenda
• The connected car attack surface
• The risks associated with vehicle network access
• Secure development practices
• Summary: Reducing the risks
• Q&A
Connected car attack surface
Attack Surface Overview: Connected Cars
Tire Pressure
Monitoring System
Remote
Keyless
Entry
Diagnostics
port
Infotainment system:
wired & wireless
technologies Telematics services
& in-car apps
Rear Seat
Entertainment
Infrared
control
Exposed CAN
wiring
Wireless sensors:
Radar & Lidar Occupant’s mobile phone
Typical OBD device connectivity
Internet
Mobile Network Operator
3G/4G
When you have access to a vehicle network…
Another vehicle network attack scenario
Threats associated with vehicle network access
• Safety of the vehicle occupants
• Intellectual property theft from ECUs
• Cyber Physical Ransomware
• Cars can be upgraded / modified
• New keys can be provisioned
Secure Development Practices
Protecting the vehicle platform from ODB devices
Current vehicle platforms:
• Diagnostics port connectivity with other vehicle networks
• Segregation between vehicle network segments
• Segregation between head units / TCUs and vehicle networks
• Operating system hardening for all vehicle systems
• Vehicle network security devices?
• Independent security testing
Protecting the vehicle platform from OBD devices
Next generation vehicle platforms:
• Inter-ECU authentication and encryption
• Hypervisors/virtualisation for segregation
• More secure vehicle network protocols
• Cryptographically signed Over The Air firmware updates
• Independent security testing
OBD solution development – security considerations
Internet
Web application client Web application server
• Limit CAN commands that can be issued by the device
• If only CAN read access is required, physically remove write access from CAN transceiver
• Ensure actual CAN messages are generated as close to the car as possible
• Remove all debug/admin interfaces from the OBD device
• Ensure the data between OBD device and web application is encrypted
• During a registration process authenticate the device to the web application server
• Do not use WiFi or Bluetooth for direct wireless communication with the OBD device
Automotive Secure Development Lifecycle
The ASDL should be considered a
framework, rather than as a
solution that replaces any existing
standards
Training
ASDL Standards mapping
SAE
J3061
ISO
26262
MISRA
C
CERT
C
NIST
FIPS 199
TVRA
EVITA
HEAVENS
(cyber-physical focused)
(safety focused)
(functional safety focused)
ISO
12207
ISO
27001
(information security management)
(systems and software engineering)
(software architecture
design threats)
(security focused)
(risk assessment – telecomms network focussed)
(risk assessment – aligned with ISO 26262)
(risk assessment – designed
By US DoD for healthcare security)
STRIDE
(threat modelling)
Auto Alliance Consumer Privacy
Protection
Principles
OCTAVE (risk assessment - electrical systems focused)
NIST FIPS
140-2
(Security requirements for cryptographic modules)
(privacy focused)
Reducing the risks
Reducing the risks
• An awareness of the risks needs to be raised with the right stakeholders
• Techniques such as threat modelling would likely identify many vulnerabilities
introduced via OBD devices
• Vehicle manufacturers and their whole supply chain need to develop-in security
from day one (Secure Development Lifecycle) – bolt-on solutions are never as
effective and often very costly
• Automotive technology must be independently security assessed to ensure
that vulnerabilities haven’t been introduced during development or integration.
Q&A
Contact us
Europe
• Manchester - Head Office
• Amsterdam
• Basingstoke
• Cambridge
• Cheltenham
• Copenhagen
• Edinburgh
• Glasgow
• Leatherhead
• Leeds
• London
• Luxembourg
North America
• Atlanta
• Austin
• Chicago
• New York
• San Francisco
• Seattle
• Sunnyvale
Canada
• Waterloo
+44 (0)161 209 5200
www.nccgroup.trust
• Madrid
• Malmö
• Milton Keynes
• Munich
• Vilnius
• Wetherby
• Zurich
Australia
• Sydney