the evolving threat landscape – from connected cars to...

19
The Evolving Threat Landscape – From Connected Cars to Autonomous Cars June 2016

Upload: others

Post on 29-May-2020

9 views

Category:

Documents


0 download

TRANSCRIPT

The Evolving Threat Landscape –

From Connected Cars to Autonomous Cars June 2016

Ransomware Recent News

2 Connected Cars 2016

“The Growing Threat of Ransomware” – PC, 13th April 2016

“Incidents of Ransomware

on the Rise” – The FBI, 29th April 2016

“Michigan Electricity Utility Downed

by Ransomware Attack” – The Register, 3rd May 2016

Ransomware on Increase

Symantec – Internet Security Threat Report (ISTR) April 2016

Connected Cars 2016 3

Ransomware – The Future of Car Theft?

4 Connected Cars 2016

Theft FROM Vehicle

Theft OF Vehicle

And Now…

Theft OF USE OF Vehicle

Who Wants to Attack Cars?

5 Connected Cars 2016

P O P U L A T I O N

CA

PA

BI

LI

TI

E

S

Organised

Crime

Groups

Hacktivist

Groups

Disgruntle

d

Employees

Lone

Hackers

M O T I VAT I O N

C o n t r o l

F i n a n c i a l

D a t a

D e s t r u c t i o n

D i s r u p t i o n

F a m e

Government

Backed

Hackers

Well-Known Hacker Groups

6 Connected Cars 2016

Government

Backed

Hacktivist

Groups

SYRIAN

ELECTRICAL

ARMY

Responsible for several high-profile

DDoS attacks, including Sony

PlayStation Network and Microsoft

Xbox Live services in December

2014

Small group focused on attacking

western media, believed to be

backed by Russian hackers

ANONYMOUS LIZARD

SQUAD CYBER CALIPHATE

Best known for DDoS

attacks on PayPal, VISA

and Mastercard

TARH ANDISHAN THE DUKES

Believed to be using malware

toolsets for the Russian

Federation for intelligence

gathering

Iran-backed hackers attacking

government industry networks

mainly in USA and South Korea.

Small group of Syrian

enthusiasts hackers, who are

best known for attacking western

media outlets.

Attackers’ Interest in Cars

7 Connected Cars 2016

“Two years ago, a report

issued by a future-minded

group within the FBI warned

that criminals might use

autonomous cars as lethal

weapons.”

- Federal Bureau of Investigation,

FBI

“There is mounting evidence

that ISIS is developing self-

driving vehicles for the

purpose of using them as

self-guided car bombs.”

- Mikko Hypponen, Chief Research

Officer of F-Secure Corporation

Overview of Attack Points

8 Connected Cars 2016

SBD has identified over 50 generic attack points that

hackers can exploit in order to hack a car.

Essential Technology to Support Autonomy

9

Camera Ultrasonic Radar LiDAR (short range)

Complex Sensor Fusion

Connected Cars 2016

Example Connected Car Architecture

10

Clo

ud

Se

rvic

es

Se

cu

rity

Ga

tew

ay

Ve

hic

le C

on

tro

l E

xte

rna

l In

terf

aces

OFF-BOARD

TSP CONTENT

PROVIDERS

TCU

GATEWAY

ON-BOARD

POWERTRAI

N

DOMAIN

IVI

CONTROL DOMAINS

CHASSIS

DOMAIN

BODY

DOMAIN

Connected Cars 2016

Example Autonomous Car Architecture

11

Clo

ud

Se

rvic

es

Se

cu

rity

Ga

tew

ay

Ve

hic

le C

on

tro

l E

xte

rna

l In

terf

aces

OFF-BOARD

TSP CONTENT

PROVIDERS

TCU

GATEWAY

ON-BOARD

POWERTRAI

N

DOMAIN

IVI

CONTROL DOMAINS

CHASSIS

DOMAIN

BODY

DOMAIN

SENSOR

FUSION

AI

Connected Cars 2016

Example Autonomous Car Architecture

12 Connected Cars 2016

ADAS SENSOR

FUSION

Powertrain Infotainment Convenienc

e

Chassis

CENTRAL GATEWAY MODULE

Gearbox ECU

EMS

Accessory Power

Management

Fuel Pump

Suspension

Control

Steering

Control

Dynamic

Stability Control

Brake Control

ABS

Driver Monitoring

Switch Pack

Anti-theft

System

Door Module

Telematics Control

HVAC

Seat Control

Head-up

Hi-Fi Amplifier

Head Unit

Rear-Seat

Entertain.

Instrument Cluster

CAN

Ethernet

FlexRay

CAN

MOST Ring

Driving Assistance

• OTA Update

• Real-time Traffic

Updates

• V2X

• Cloud Computing

• AI

On-board Deep Learning

Sample AI functionalities

Increasing number of data and

performance computing

Connected Cars 2016 13

ADAS-equipped cars Autonomous or Highly

Automated Cars

Car2Car

Communication

Large number of ADAS-

equipped cars can contribute to

AI by observing the environment

Embedded (on-board) AI Sensor

s

Data Models (“AI”)

Potential Attacks to Autonomous Cars

14 Connected Cars 2016

Spoofing Tampering Repudiation

Denial of Service

• Disable/enable ADAS

functions or autopilot

by flooding the ADAS

Sensor Fusion.

• Trick sensors to

retrieve incorrect data

by either attacking the

sensors directly or the

sensor data.

• Delete/tampered

logged activities to

deny the truth of an

accident while using

autopilot.

• Modify map data on

delivery server by

intercepting network

traffic between

supplier and delivery

server.

Elevation of Privilege

• Gain complete control

of ADAS Sensor

Fusion by using

diagnostic commands.

Information Disclosure

• Get access to private

personal data used in

the car such as recent

calls.

Increasing Autonomy in Modern Cars

15 Connected Cars 2016

• Superficially the differences

in attack surface between

Levels is marginal.

SAE

Level 0 1 2 3

No

Automation

Driver

Assistance

Partial

Automation

Conditional

Automation

High

Automation

Full

Automation

4 5

BUT…

Increasing Autonomy in Modern Cars

16 Connected Cars 2016

• The impact level

difference between Level 3

and Level 4 is HUGE!

Why? There is no driver fall-back!

SAE

Level 0 1 2 3

No

Automation

Driver

Assistance

Partial

Automation

Conditional

Automation

High

Automation

Full

Automation

4 5

Evolving Threat Landscape

17

Security

Level

Requirement

Level

`

Connected Cars 2016

Impact Level – Largely Technology Independent

Threat Level – Largely Technology

Dependent

NOT CONNECTED CONNECTED CONNECTED &

AUTONOMOUS

Key Takeaways

18 Connected Cars 2016

1

2

3

4

Cyber Attacks Increasing

Technology In Cars Increasing Attack Surface

Increasing

As Driver Is Removed Attack Impact Level Increasing

STANDARDS – METHODOLOGIES –

COUNTERMEASURES

Increasing the need for:

More about SBD

The largest team of in-car

technology specialists

recruited from over 10

OEMs & suppliers

To be the world-leading

knowledge partner for the

automotive industry

Model-level databases

Technology forecasts

Supplier intelligence

Market regulations

News analysis

Expert UX testing

Consumer UX testing

Iterative prototype evaluation

KPI setting

Cyber security testing

New market entry support

RFP/RFQ management

M&A due diligence

Strategic workshops

Supplier positioning support

95% of OEMs

65% of Tier-1s

60% of Service Providers

SBD NA (Michigan, USA)

SBD EU (Milton Keynes, UK)

SBD Japan (Nagoya, Japan)

SBD India (Bangalore, India)

We are committed to

adapting to our client’s

needs and always strive

for the highest quality of

service

Our Mission

Since 1995 we live, eat

and breath automotive

Our Expertise

Our Customers

Our Intelligence & Insight Services

Our Evaluation Services

Our Strategy Services

Our Approach

Our Offices

Your Contact Person

We enable data-driven

decisions We are here

to help!

Anna Stylianou

[email protected]

+44 (0)1908-305105

Connected Cars 2016 19