Automotive Cyber Security:

Challenges and Opportunities

Presented By:

Fred Barez

San Jose State University

IEEE Computer Society Santa Clara Valley Section

October 20, 2015

Presentation Outline

Mechanical Engineering Department Hybrid & Electric Vehicle Technology Lab

Automotive Cyber Security

VW Emission Manipulation

SJSU ME Department Projects

Questions and Answers

Mechanical Engineering Department

Hybrid & Electric Vehicle Technology Lab

Sponsors:

Automotive Cyber Security

Jeep/Fiat-Chrysler recalls 1.4M vehicles to prevent hacking, San Jose Mercury News(7/25/15)

Putting the recent wave of car hack hysteria in perspective, Forbes(8/10/15)

The web-connected car is cool, until hackers cut your brakes, New York Times(7/23/15)

Volkswagen hid a car hacking flaw for two years, CNN(8/14/15)

Car hacked via a laptop, CBS’s 60 Minutes(2/8/15)

Hackers remotely kill a Jeep on highway, W-I-R-E-D Magazine(7/24/15)

Cyber security is the body of technologies, products and protocols designed to protect vehicle

network from attacks.

Recently In the News

From Personal Computers (PCs) to

Internet of Things (IoT)

1975, Personal Computers were introduced.

1988, First commercial cyber attack(Morris Worm).

1988, BMW 8-Series introduced ECUs.

1991, Norton Anti-Virus Software by Symantec was introduced.

1994, Yahoo started.

1994, the word ‘cyber security’ was introduced.

1996, Commercialization of the WWW.

1998, Google started.

1999, Concept of IoT was introduced.

2000, ZoneAlarm Firewall was introduced for personal computers.

2004, MicroSoft introduced Firewall in MS-Windows XP.

2009, GM introduced emergency reporting system (On-Star) .

2011, IoT became viral.

Modern Vehicles: Computers on Wheels

Automotive Cyber Security

Connected vehicle Ecosystem

If anything connected via internet, such as a vehicle, can be hacked

Modern vehicles have over 70 ECUs and more than 150 sensors

Sensors and ECUs communicate through In-Vehicle Network (IVN)

Sensors in a vehicle are an integrated system of mobile, cloud, social and Big Data

analytics. Big data requires fast network and fast computational tools

Collected data from sensors are transferred to ECU through IVN, and via internet to

the clouds.

Vehicle Manufacturers will have access to such analytics for quality and design

improvements.

Modern In-Vehicle Network:70+ ECUs(or CPUs)

In-Vehicle Networking (IVN) Protocols

LIN: Local Interconnect Network

Low data-rate functions

Up to 20 kbits/s, limited to 12 nodes.

CAN: Controlled Area Network

Medium speed data transmission

40 kbits/s to 1 Mbits/s, 40+ devices

FlexRay:

For safety-critical applications

1 Mbits/s to 10 Mbits/s

MOST: Media Oriented Systems Transport

High speed data-rates

12 Mbits/s to 22 Mbits/s

CAN bus and Vehicle Hacking

Get Access To CAN bus (through internet or additional hardware)

Flowing data can be read and understood from CAN bus

Inject hacking commands or Block commands for targeted peripherals

Interrupt ECU operations by memory overflow with random data injection

Examples:

Jeep Chrysler

Faulty Multimedia feature(smart connect) that gave access to CAN bus

commands to remotely control through a mobile network.

Toyota Prius 2010

Through additional Hardware connected to CAN diagnostics port.

CAN bus Overview

What is CAN bus?

Controller Area Network (CAN) is a fast serial bus designed to provide an efficient,

reliable and economical link to communicate with several devices such as ECUs

CAN bus was developed in 1983 and is currently used in all vehicles

Why Is it used in automotives?

It is Real time(Up to 1Mbits/s)

Embedded level protocol

Supports 40+ ECU devices on single bus.

Standard protocols (ISO & SAE)

CAN bus Network in a Vehicle

Typical CAN bus Network

OBD-II

CAN bus Protocol

CBS 60 Minutes Program(2 minutes)

Hackers remotely kill a Jeep on highway(5 minutes)

Reasons why cyber security is a major

concern and its Sources

Concerns:

Wide spread use of new software and hardware platforms

Easy access to software and hardware products

Sophisticated attacks with specific targets

Sources:

Mobile Devices: increase in the use of smart phones and devices

The cloud: A single port of entry accessible from anywhere

Social Media: Easy access to data on smart devices

Accessibility to hacking software and hardware tools

Installation of third-party (non-OEM) devices

Automotive Cyber Security Challenges

We live in an increasingly networked world.

Cyber attacks have increased drastically over the past decades exposing

vehicles to disrupting functionality.

Internet of Things (IoT) used in today’s vehicles is a powerful tool in transforming

our lives to enjoy a greater driver/passenger experience.

If vehicles are connected via internet then, they are vulnerable to cyber threats

or hacking.

Cyber security is the body of technologies, products and protocols designed to

protect vehicle network from attacks.

Automotive Cyber Security: Opportunities

Increase security in mobile devices, cloud computing, restrict the use of hacking

software and hardware tools, government involvement.

Implementation of existing IT security protocols.

Remote lock of mobile and smart devices

Restrict OBD-II devices to one way communication

Encryption of data and use of anti-malware/anti-virus software in CAN bus design

Education and certification of professionals in automotive cyber security.

Conclusions

If a vehicle is connected to the internet, it is hackable!

There is no solution to eliminate cyber attacks however, we can only try

to minimize such threats

Raise awareness about automotive cyber security

Utilize system hardware and software to monitor, detect and block cyber attacks

VW Software Manipulation

500,000 VW Diesel Vehicles Recalled Due to Failed Emission Test

A West Virginia University study raised questions about emissions levels from light-

duty diesel Volkswagen vehicles during on-the-road testing.

What is it?

A hacking scheme to reduce pollution test results of VW diesel vehicles

How was it done?

Software manipulation in ECU to improve fuel economy vs excessive Emission.

VW Software Manipulation

Road emission tests were conducted

using a portable measurement

system to characterize various

pollutants including NOx from tail

pipe and data from engine ECU

Engine ECU controls:

Fuel inlet

Fuel to air ratio

Fuel Economy

Engine inlet/outlet valves

Exhausted emissions

Diesel Fuel to Pollution Generation

Function of a NOx trap

The exhaust pollution were to pass through a NOx Trap to ‘absorb’ and trap’ the Nitrogen Oxide.

Unburned fuel works as catalyst for NOx trap.

The more fuel consumed, the more NOx is trapped, less pollution exhausted.

But VW wanted to show less fuel consumed to demonstrate improved fuel economy to consumers.

How is it manipulated?

Engineers manipulated the software to control

fuel/air ratio such that exhausted pollution levels

would be different under EPA test conditions vs road

tested using:

Movement of steering wheel

Speed

Atmospheric Pressure

How long the engine was on

SJSU ME Department Projects

Vehicle Collision Avoidance

Vehicle Cyber Hacking

Other SJSU Projects

Project Demo

SJSU: Vehicle Collision Avoidance

Original RC vehicle • Introduced Beagle-Bone Black Micro Computer.

• IR & Ultrasonic Sensors.

• Algorithm written in Shell script & ‘C’ to control

9V DC motors (Honda & Mazda).

SJSU: Vehicle Hacking

• Same Hardware with added WiFi transmitter/receiver to connect to internet through

a mobile hotspot

• Get access to Beagle-Bone Black through any device within the network (Using SSH

protocol)

SJSU: Sustainable Vehicles

Solar Powered QuadraCycle with Front

Wheel Hub Motors

Human & Electric Powered Hybrid Tricycle

SJSU: Hybrid Vehicle Demonstrator & Battery

Characterization

Hybrid Vehicle demonstrator

to show the operation and

transition from electric to ICE

Rechargeable (Lithium Polymer) battery

characterization and thermal management

station

SJSU: Other Project Videos

Sustainable Electric Bicycle Solar Powered QuadaCycle All Wheel Drive-Electric

Utility Vehicle

SJSU: Current Project

Application of wearable

devices to communicate with

E-bikes to actuate hub motors

based on rider’s heart rate

monitoring

Acknowledgement: Rushabh Desai

Thank You

Questions?

Project Demo