A shark brought the topic of “IT security for car security” into the media for the first time. In 2010, scientists from San Diego and Washington used a software program called CarShark to show that cars can be hacked. They caused two moving limousines to brake from a nearby car. Today, the IT security of cars is more important than ever before: With more than 100 million lines of programing code – seven times more than a Boeing 787 – cars have become mobile computers. And more and more cars are becoming connected, meaning that attackers can also access them from afar. IT security is therefore the basis for car security.
Security from the outset
Up to now, the security experiences of the automotive industry have been limited. However, manufacturers – i.e. original equipment manufacturers (OEMs) – and suppliers can orient themselves on the technologies and experiences gained in the field of mobile communications and communication technology, for example. One thing is sure: manufacturers and suppliers can learn from each other if they exchange information about IT security gaps and functioning security systems. To do this, they would have to shake their habit of carefully protecting know-how. Another important principle is “Security and privacy by design” (more about this in one of our upcoming contributions): Carmakers already need to be integrating IT security and data protection into the planning of new car models, components and software in order to ensure car security.
They should consider all aspects of cars that are in the hands of OEMs: in addition to the car’s onboard computer, carmakers should also look at mobile communications and the car back-end system. “When industry decision-makers think about information security, they usually focus on in-car systems as a weak spot”, writes the consulting company PwC in its Connected Car Study for 2015. “But the threat goes far beyond the dashboard interface.”
1. Self-defense for the car
The IT and telecommunications infrastructure in the car consists of bus systems such as the drive CAN bus and the MOST infotainment bus, to which more than 100 electronic control units (ECUs) are connected. Developed during the 80s, the CAN bus protocol does not provide any security guidelines. The control units do not have to authenticate themselves when they exchange data, nor do they check the plausibility of incoming messages. Both will be a must in the future. Otherwise, active safety systems such as airbags can be triggered by remote command, even if the car is hurtling down the highway. The gateway between the buses is suitable for an intrusion detection solution that monitors all communication, alerts to anomalies, and thus increases car security.
2. Firewall for SIM cards
With a SIM card, the car becomes a mobile terminal and thus also a potential target of “fraud attacks”. Criminals could use the SIM card illegally and call, for example, self-operated high-priced hotline numbers at the owner’s expense. Automotive manufacturers can prevent this by creating secure mobile connections via virtual private networks (VPNs) or private network access points (APNs).
In addition, all communication components such as control units, back-end systems, and traffic lights should be identified by certificates provided by a public key infrastructure. In order to detect attacks which still take place, there are fraud detection systems. These monitor mobile communications using defined rules, such as limits on data volumes. The data that an OEM can legally collect for this purpose depends on whether or not it is registered as a telecommunications provider.
3. Barriers in the back-end
The back-end of the connected car forms the database for apps and services in the car, and also stores its digital identity, such as the vehicle identification number (VIN) and the IDs of all components. Therefore, it plays an important role in IT security and car security. For example, the back-end system supplies all cars with updates.
However, automotive networking also opens up new opportunities for attacks in the back-end via the interfaces to the car and to the suppliers of connected apps and services. A hacker could, for example, infiltrate malicious software into the back-end via a message from a simulated vehicle. It is therefore important to virtually separate the computational and storage capacities of different services in the back-end. Thus, a hacker cannot compromise all services at the same time.
It is high time for comprehensive security systems in cars, because motorists are unsettled. According to the association “Deutschland sicher im Netz” (Making Germany safe on the Net), half of German Internet users fear that third parties collect data through connected cars unauthorized. According to KPMG, 82% of consumers in the US are reluctant to or even never buy from a car manufacturer who has been hacked as they are concerned about car security.