connected car security and the future of transportation
TRANSCRIPT
Liz Slocum Jensen Connected Car Expert
Cloud Security Alliance, IoT Working GroupJuly 28, 2016
Connected Car Security and the Future of Transportation
• About me • 4 basic types of connected cars • 4 connected car hacks • Overview of the Connected Car Landscape • Security • How car ownership is changing • Looking forward to the autonomous car • Questions
Agenda
@WhatLizTweets
About Me: Liz Slocum Jensen
CONNECTED CARSSECURITYBIG DATA
Ford Electrified Vehicle Hackathon,Best Application
Smarter Driving, Finalist 20151999 2003 2005
20102013
2016
2014
PRO
JEC
TSEM
PLO
YMEN
T
4 Basic Types of Connected Cars
Vehicle-to-Vehicle (V2V) Vehicle-to-Infrastructure (V2I)
Vehicle-to-Mobile Vehicle-to-Cloud
SafetySecurity
CommunicationsEntertainment
@WhatLizTweets
@WhatLizTweets
WHO: Department of Computer Science and Engineering at UC San Diego and University of Washington WHEN: 2010
KEY FINDINGS: • Once the team was able to physically access the car via the media player,
diagnostics port, Bluetooth, or cellular, they were able to completely compromise the car.
• The research team could access the systems by simply calling the car. • Since the telematics system is Unix-based, they were able to get root access and
install an IRC channel.
RESEARCHER’S SUGGESTED ACTIONS:• Use stack cookies to help detect an attack. • Do not allow inbound calls. Instead, immediately call back a trusted number. • Arbitrary ECUs should not be able to issue diagnostic and reflashing commands. • Commands should only be accepted with some validation, and physical access to
the car should be required before dangerous commands are executed.
Experimental Attacks on Diagnostics, CD Player, Bluetooth, Cellular Radio
@WhatLizTweets
WHO: University of South Carolina and Rutgers University WHEN: 2010 WHAT: Tire Pressure Monitoring System
KEY FINDINGS:• Reverse engineering in order to spoof and eavesdrop, specifically to track the
car location, is possible. • There was no encryption in the TPMS. • If hackers flooded the tire pressure ECU with packets, they disabled the ECU
and the ability for the alert to display in the dashboard. Even when this happened, however, the car was still driveable.
• They were able to spoof the alert light for no more than 6 seconds.
RESEARCHER’S SUGGESTED ACTIONS• Check for conflicting input information. For example, the system reported a low
pressure event through the tire pressure ECU, but the PSI reported was normal. • Use encryption.
Tire Pressure Monitoring System (TPMS)
@WhatLizTweets
WHO: Dr. Charlie Miller and Chris Valasek WHEN: 2013
KEY FINDINGS: • Spoofing is possible.• It is possible to disable functions of the car by flooding it with arbitrary CAN
(Controller Area Network or the embedded network) packets.
The DARPA-funded hack of a Toyota Prius and Ford Escape
Follow-up research on remote attacksWHEN: 2014
KEY FINDINGS: • Bluetooth is one of the biggest and most viable attack points of a car
because of its ubiquity.• In-car apps and web browser technology are a significant threat, mostly
because they offer a familiar attack target that is already understood by those who want to exploit it.
@WhatLizTweets
RESEARCHER’S SUGGESTED ACTIONS:
• Since remote attacks happen in multiple stages, they recommend that defense be multi-staged.
• Secure the remote endpoints.• Make it harder for the attacker to inject CAN messages immediately.• For attack detection, monitor the rate of ECU messages for a noticeable
increase.
The DARPA-funded hack of a Toyota Prius and Ford Escape..continued
@WhatLizTweets
Common Findings
• The car can be compromised remotely…but it is very time-consuming and difficult to sustain.
• Systems varies from carmaker to carmaker, model to model, year to year.
• Attacks are detectable.
• The car is still drivable after spoofing and ECU attacks.
@WhatLizTweets
The Connected Car is Hackable What Carmakers and Suppliers Can Do
• Air Gap.
• Perform Over-the-Air (OTA) updates.
• Use encryption.
• Working with the hacker community:
• Challenge hackers to break your security with a bug bounty. • Make it easy for a researcher to contact the company privately
about the exploit. • Have a policy to fix exploits within a specific time period. • Report the exploits publicly and give the researcher credit for
finding it, if desired. Other resources: https://www.iamthecavalry.org/domains/automotive/5star/ http://venturebeat.com/2016/06/27/the-5-scariest-car-hacks-including-some-that-could-make-you-crash/
Connected Cars Landscape POWERED BY
Name
DESIGNED BY
Liz Slocum Jensen
April 2016
Consumer (107)
Enterprise (72)
Things (54)
Shippr.in
theKarrier
Doorman
ThePorter
Lugg
Lets transport
Delivery(6)
Turo
FlightCar
Car Next Door
Getaround
JustShareIt
PPzuche
Zify
Zen Car
Car Sharing(9)
The Floow
Drivemode
Driving Curve Inc
iOnRoad
Dash
MotorMate
Carandus Road Rules
True Mileage
Fuelly
Cellcontrol
Driver Behavior
(11)
Lemur Vehicle
Monitors
hum by Verizon
CellAssist
Mojio
VoyomotiveAutomile
XGear
American Automobile Association
AutomaticZubie
ULU
Dash Labs Nebula Systems
CarMD.com
Diagnostics(16)
Autopro Automation Consultants
Ford Sync 3
MirrorLink
BMW iDrive
NissanConnect
Chevrolet Mylink
Hyundai Blue Link
GMC IntelliLink
Kia UvoTesla Infotainment
mbrace
Apple CarPlay
Uconnect Toyota Entune
Volvo Sensus
Android Auto
Infotainment Interface (15)
Uber
Didi Chuxing
Dadabus
Via
Bandwagon Taxishare
Chariot
Shuddle Lyft
Wheeliz
Yidao Yongche
HopSkipDrive
Boost
Jugnoo
51yongche
mytaxi
Tiantian Yongche
Kabbee
Ride Hailing(20)
InstavansKeepTruckin
smartShift Technologies
ConvoyAutomile
Trucker Path
Onfleet
Cargomatic
Maves International
Software
ThePorter Transfix
Distribution/Logistics (11) ChargePoint
PlugShare
StreetLight Data
Factual
Volta Industries
Streetline
Airsage EV Connect
Smart Cities(8)
Ingenie
Censio Driveway Software
Nationwide Building Society
Metromile
Progressive Insurance
D-rive byDeloitte
Usage-Based Insurance (9)
Security (2)
State Farm Insurance
CalAmpOmnitracs
SkyBitzDanlaw
RoadsenseFleet Management
Solutions
Safety Track
T Dispatch
ConnectMZonar Systems
Traffilog
GoFleet
Fleetmatics Group
BigRoad
Teletrac
Safe Fleet
XGear
Vnomics FieldLogix
Fleet Tracking & Asset Management (20)
TelogisDENSO
AgeroNNG
NEXCOM International
Aeris Communications AryngaIMETRIK
MiX Telematics
Smartcar
Verizon Telematics
RealVNC
Airbiquity
FEVNovatel Wireless
Jasper Technologies
Abalta Technologies
KORE Telematics
Covisint
Telematic Service Providers (19)
Volta Industries
ChargePointPlugShare
EV Charging(3)
ZipCar
UpshiftCity CarShare
SilvercarZoomcar
Skurt Audi at home
Local Motion
Scoot Networks
Shenzhou Zhuanche
On Demand Rentals
(11)
JustPark
BestParking
MonkeyParking
HonkMobile
PayBySky
Streetline
Cityzen Data
Parclick
ParkWhiz
Parkopedia
Parkmobile
ParkMe
Parking (12)
Drivr
Open-Taxi
TaxiStartup
Cabforce
Carpool Arabia
CityfloBlaBlaCar
True Mileage
UberCadillac
Autonomous (9) Navdyi4driveMaking
Virtual Solid -
California
Heads Up Display (3)
TriLumina Corp
Quanergy HIGH MOBILITY
Roadar
Carvi Peloton Technology
NAVX CalAmp Novatel Wireless
Danlaw
Sensors/Hardware (10)
Sensys Networks
Vehicle to Infrastructure
(1)SKULLY NUVIZ
Wearables(2) Magellan Panasonic
Automotive Systems
TomTom International
BV
HARMAN Infotainment
CloudCar Pioneer Electronics
Infotainment Embedded
(10)
Dongle (19)
Automatic
Munic
Dash Labs
Zubie Voyomotive
CarMD.com
CellAssist
Lemur Vehicle
Monitors
splitsecnd
XGear
ULU
Automile
hum by Verizon
Mojio
Carvoyant
Vinli
OpenXC
Apps - Location - Data (44)
Aha by Harman
Aupeo IMS’ DriveSync
Infotainment Applications (3) INRIX
LogiNext
Streetline
TrafficCast
StreetLight Data
Cardinal Optimization
Big Data(6)
Progressive Insurance
Automatic ULU Nebula Systems
Mojio
Metromile Voyomotive hum by Verizon
DriversitiState Farm Insurance
Zubie Dash
Road Rules
Zendrive
Driver Behavior (14)
Nebula Systems
Zubie
Cloud Your Car
Android Auto
Mojio
OpenXC
Munic
CarvoyantVinli Apple CarPlay
Automatic
App Platform(11)
Location/Navigation (14)
Apple Maps
Waze
Beat the Traffic
Google Maps
Swift Navigation
MaponicsMapbox
HEREStreetLight Data
MapmyIndiaTelenav IntuviGlympse GasBuddy
DENSO ARPEGGiO
Samsung Drive Link
Bosch mySPIN
Nvidia Drive PX
Nebula Systems
Cloud Your Car
Torque
Tesla Self Driving Car
Delphi Advanced
Driver Assistance
Audi Piloted Driving
Google Self-Driving
Car
Ride Sharing/Carpooling
(6)
Optimus Ride
nuTonomy Zoox
ReachNow
Uber
Lyft
Argus Cybey Security
InterWorking Labs
Routing Optimization
(3)Cardinal Optimization
Viamente Route4Me
Pogo
Bao Pinche
@WhatLizTweets
Security Attacks are Detectable
Karamba
Security
Shuddle
Car Ownership is Changing
Car sharing (Peer-to-Peer)
Rentals
Ride Hailing/Carpool Closed
Jignoo (autorickshaw)
Bandwagon (taxisharing)
SidecarVia (van pooling)
PPZucheTuro Getaround
OlaBlaBlaCar Didi Chuxing
Uber
@WhatLizTweets
@WhatLizTweets
Autonomous is Coming
Route Optimization
NuTonomy
Fleet Management
Quanergy
Traffic Intelligence
Sensors
Waze
Location/Navigation
Questions?
Liz Slocum Jensen
Twitter: @WhatLizTweets