With Connected Cars, Zero Trust is Best Security Advice

The road to fully autonomous vehicles has many obstacles but perhaps none more insidious than hacking.

Cyber-security experts say improvements have been made but there’s much work to be done to secure vehicles before and during production as well as years later once they’re on the road. McAfee recently made headlines by hacking a Tesla enabled with Speed Assist and automatic cruise control and then convincing it to speed on its own owning to a modified traffic sign. The hacking team used a small piece of black tape to alter the speed limit sign so that the Tesla read it as 85mph instead of 35mph.

The two cars used in the research were owned by its employees –  a Tesla Model S and Tesla Model X, both of 2016 vintage employing MobilEye’s camera system, which the company claims has been widely deployed by its 27 automakers to 40 million vehicles. The McAfee blog notes it “did get access to a 2020 vehicle implementing the latest version of the MobilEye camera and were pleased to see it did not appear to be susceptible to this attack vector or misclassification, though our testing was very limited”.

The researchers noted that the latest Tesla models no longer use other MobilEye technology and “do not appear to support traffic sign recognition at all.” They add, however, that while MobilEye seems to have improved “the resilience of their product” that may be of little consolation for the existing fleet of Teslas since “the vulnerable version of the camera continues to account for a sizable installation base among Tesla vehicles”.

This so-called “model hacking” by McAfee is designed to identify and exploit weaknesses in machine learning algorithms “to achieve adverse results and identify upcoming problems in an industry that is evolving technology at a pace that security has not kept up with”. Cyber-security experts say these tests are instructive in finding and exploiting vulnerabilities but note the Teslas are not true Level 5 AVs and that the technology is changing.

Andre Weimerskirch, vice-president, cyber-security and functional safety at Lear Corporation, says these attacks are possible, targeting sign identification or V2X systems that broadcast a traffic light status as false but he asserts they may become less likely as redundancies are being employed. “It’s highly unlikely that self-driving vehicles will rely on a single sensor input for control mechanisms, whether that input comes from radar, LiDAR, camera or V2X. For instance, in the case of a manipulated stop signal, a self-driving vehicle might additionally use high-precision maps that include information about all traffic signs. After all, sometimes, stop signs also disappear under snow or behind low-hanging tree branches.”

To prevent attacks Weimerskirch advises: “The right strategy is to perform a strategic risk assessment to identify potential risks of all components inside of a vehicle and all related components and areas, including the production facilities and cloud services, and then design mitigation mechanisms for all identified risks.” He also stressed the need to future-proof modules and systems to prevent attacks “we are not aware of today”.

Weimerskirch adds that the community is working to definite industry requirements for cyber-security engineering, ISO 21434 standard, but it is not yet finalized. In the meantime, he recommends: “Focus on attack prevention, vulnerability management, and incident response. A next step is then to establish active intrusion detection and system monitoring, which further strengthens vulnerability management and incident response.”

Head unit

A current focal point for cyber-security breaches is in the head unit. That’s because the amount of connections continues expanding owing to after-market app downloads and external interfaces, whether they are directly connected into the infotainment system or added by people bringing their own devices and connecting them via cellular, Bluetooth, or Wi-Fi to the vehicle.

“With all the new sensors and electronics added to support new ADAS functionalities and new modems to support a connected experience, still the most vulnerable part of the car at the moment is inside of the cabin, and specifically the infotainment systems via apps running on Android or Linux; hence the dashboard is the most vulnerable part of the car,” said Kaivan Karimi, senior vice-president and co-head of BlackBerry Technology Solutions. “The number of lines of code is exploding and the complexity is getting higher; the more complex the software, the greater the attack surface and the greater the vulnerability.”

The BlackBerry executive also points to issues such as open privileges and so-called back doors left by developers for testing in the field as areas that have been exploited in the past, especially with legacy fleets, and which are being addressed as more cars are connected and as autonomous vehicles eventually take the road en masse.

A holistic approach is key to get a handle on automotive cyber-security now as BlackBerry has found so-called black hat (malicious) hackers have ramped up their attacks over the past two years, easily out-distancing the white hat hacks by groups such as the aforementioned McAfee investigation into Tesla’s cyber-security.

The company’s QNX RTOS technology is embedded in more than 150 million vehicles on the road today, including more than 45 carmakers. Karimi says the company approaches automotive cyber-security with a “zero-trust” and “defense in depth” mindset. Particularly with any anomalies in a new consolidated digital cockpit, the focus is on separating and isolating safety-critical systems from those which it classifies as non-safety critical, such as infotainment.

Karimi predicts Android’s presence growing in vehicles and he advocates partitioning “the vulnerabilities of Android apps from the rest of the car”. He adds that lifecycle management of software and security in the field will help vehicles stay secure a decade or more after they roll off the lot, even as the state of apps and software changes via software updates over time. The company uses AI and machine learning to monitor anomalies in the field.

The BlackBerry cyber-security expert also advocates against open source software for connected and autonomous vehicles. “We don’t believe there’s room for open source software in automotive; and now there is evidence of software backdoors in open source libraries.”

Whether or not automakers and suppliers focus on separating vulnerabilities, it is clear that securing the supply chain is paramount as part of a holistic cyber-security strategy to secure vehicles. Karimi notes: “An OEM typically has over 20,000 parts in a car. The supply chain goes three to five levels deep. Today OEMs receive more than 100 ECUs such as an infotainment or telematics box, or ECUs that control the cluster or functionality for ADAS or camera systems. These boxes have processors with binary codes running on them that may or may not be secure.”

Weimerskirch advises carmakers and suppliers to keep an eye on ISO 21434 for guidance on cyber-security engineering and requirements that will help secure the supply chain. However, he also strongly recommended: “While investing in security technologies is the focus in public discussions, I believe training engineers in cyber-security and creating awareness is an essential task and investment as well.”