Professional Documents
Culture Documents
Auto PDF
Auto PDF
www.theiet.org/cyber-security
www.ktn-uk.co.uk
Contents
Executive summary 3
Introduction 4
Terminology 5
A known problem? 9
References 16
Images courtesy of iStock. The library images used in this Review appear as generic illustration only, and do not denote or refer to specific types of technology.
2
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
Safety first: one compelling reason to connect cars via wireless links is to reduce the risks of collision on the road
3
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
Introduction
It is confidently presumed that new cars travelling future (original equipment manufacturers) variously in recent
highways will be connected. Powerful communications years. These typically co-exist with the automotive control
capabilities will be built-in to automotive systems networks that enable the transit and exchange of data
designed to facilitate a variety of driving functions and relating to the operation of the vehicle itself.
other enhanced features. Internal control systems will
exchange data via complex internal networks; other Coming generations of connected cars will differ as a
applications that interface with drivers through dashboard result of moves toward greater convergence between
displays and devices could share information with other automotive communications technology and connections
connected vehicles; they could also exchange data with to resources beyond the confines of the car. This prospect
connected roadside entities, such as streetlights, that are of a motor vehicle becoming, in effect, an Internet-
also linked-in to the Internet of Things (IoT). linked ‘device’ is bound to stir debate in a world where
awareness of online threats, and the malicious ‘hacking’
The one- and two-way electronic communications of computer systems, could affect the use of almost any
systems that road vehicles have increasingly been physical entity that qualifies as a ‘connected device’.
equipped with over recent decades, such as radio
receivers and transmitters, have been augmented by Cyber security is a much-debated aspect of the
links to cellular voice/data devices and to satellite signals. emerging Internet of Things, especially given malicious
In-vehicle infotainment networks, and the notion of ‘car- agents’ tendency to ‘follow the market opportunity’:
as-hot-spot’, have been introduced by automotive OEMs as they become more numerous, connected cars
would likely represent another addition to the cyber-
attackers’ expanding hit-list of prospective targets. This
may sound conjectural, but some automotive OEMs
have acknowledged that they are taking the possibility
seriously – and taking steps to defend ‘vehicle computer
systems’ against it.1
4
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
Terminology
When starting to consider the broad issues necessary code intended to fix an error or tweak an effect for
for an understanding of cyber security in the automotive a specific purpose. The term is an ethically-neutral,
sector there can be a tendency to draw comparisons with if rather crude, descriptor of a quick fix or tune-up.
what might be termed the ‘mainstream’ cyber security Perhaps not appreciated in mainstream coverage is
market, where the protection of personal computing that the everyday usefulness of the term has migrated
devices, enterprise information and communications across to any part of life – from re-imagining Lego
technology (ICT) systems, and industrial control systems designs, and adapting Ikea furniture, to getting more
(ICSs), most notably, has escalated into a matter for power output from an old car model. The issue at
national concern over the last 15+ years.3 hand intersects, however, where hacking is performed
remotely and without permission. Both must apply.
A range of cyber security issues are regularly discussed It can be imagined that such hacking-in to with
using technical terms whose meanings will not only be permission may also be a healthy and productive
unfamiliar to many within the automotive sector, but pastime, but would likely be a minority to pursuit.
also hold different meanings to those working within Exactly what is meant by ‘permission’ is important. It
the cyber security market itself. The very words ‘cyber’ goes to show that discussions of cyber security and
and ‘security’ may have very different connotations for automotive electronics must be mindful of the pitfalls
automotive engineers, for instance, where ‘security’ is caused by imprecise vocabulary.
also used in the context of a vehicle’s physical security –
i.e., its locks and other anti-theft disabling mechanisms. However, it is also worth noting that automotive cyber
security does present issues that are specific to that
An example of potential for cross-purpose confusion industrial sector, and attempts to make comparisons
between audiences, is the falsely-applied, usually between the mainstream concept of ‘cyber security’,
pejorative, use of the term ‘hack’. In computer and the concept as it will affect the road vehicle market,
programming the term describes an amendment to should be drawn with caution.
Many car owners increasing rely on connected technology-based driving aids: they would be lost without them
5
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
There could be many possible reasons why somebody would want to ‘hack’ in to a connected car: owners themselves might want to ‘tweak’ their vehicle’s performance
Another example of this from enterprise information of a warranty or insurance claim. Arguably, this is, in
security is the notion of ‘insider threat’ – individuals effect, a cyber security issue when viewed in terms of
working within an information technology system, for the Parkerian Hexad elements of information security
instance, who gain unauthorised access to data assets related to authenticity and integrity*; it also has
for nefarious or idiosyncratic reasons. Connected functional safety implications. The general issue of
cars may also have owners who, for reasons known connected vehicle owner responsibilities in the context
and unknown, will attempt to reconfigure their car’s of cyber security will be returned to later in this Briefing.
data systems. (The author of a freely-available online
publication called The Car Hackers Handbook suggests Meanwhile, it is reasonable to remind ourselves that, as
that owner-access to their vehicle’s inner workings is with ‘mainstream cyber security’, two facts will crop-
necessary in order for them to personally validate the up. First, no connected computer system is 100 per
security of their vehicles.4) cent guaranteed secure in terms of invulnerability or
the integrity of the data it holds or processes, and the
There is, of course, an established ‘after-market’ owners of targeted systems must be ever-vigilant for as-
catering to automotive customisation: this has been yet unknown threats and undetected vulnerabilities to
mainly for physical modifications like spoilers, ‘growly’ emerge at some future time. Second, given the history
exhausts, and ‘nitro-boost’ kits; but there are also of more conventional cyber security, it is reasonable
those who will ‘tweak’ electronic control units (ECUs) to hypothesise that some kind of ‘arms race’ between
to enhance performance or power output. An increase the automotive OEMs and their cyber foes will establish
in the amount of vehicular systems software calls itself, as each side seeks to outdo the other’s efforts to
for ever-tighter requirements to prevent (or at least secure/un-secure the cars, vans and lorries that use
detect) attempts to tamper with it in the event, say, our highways.
* The Parkerian Hexad is a six-element checklist of standard information security attributes – Confidentiality, Possession/Control, Integrity,
Autheticity, Availability, and Utility – proposed by Donn B. Parker in 1998.
6
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
7
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
Connected carriageways: communications technology built into cars enables them to share data with eachother – and the wider world
8
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
Media interest in
A known problem? automotive cyber security
As well as opportunities, the advent of the ‘connected’ Edmund King’s remarks at the end of 2014 followed a
car brings several major challenges to the automotive marked increase in published expressions of concern
sector, and will affect the operating models of OEMs, regarding automotive cyber security risks. These
distributors, dealers and mechanics, road infrastructure appeared against a media background where computer
managers, law-makers, and of course drivers and security in general was a hot topic. Here are some
their passengers. In the public domain verifiable specimen headlines:9
information about automotive cyber security risk levels
is scattered, and can tend toward the sensationalist. n ‘Security researchers raise concerns over car cyber
How far car makers have gone, and still have to go, in safety’ (IT Pro, 12/8/14)
terms of treating vehicular cyber security as seriously as n ‘Hi-tech cars are security risk, warn researchers’
passenger safety, for instance, is not easily discoverable. (BBC News, 1/9/14)
Some manufacturers, however, have acknowledged their n ‘Is car hacking the Next Big Security Threat?’
awareness of the issues, and say that they are on top of (Live Science, 16/10/14)
the challenge.7 n ‘Connected cars raise privacy and safety worries’
(Financial Times, 20/11/14)
Even without their new connectivity, cars represent n ‘Wireless systems expose drivers to cyberattacks’
much more than powered driving machines. Insurance (The Times, 27/12/14)
is a hugely influential governing factor in the automotive
market. Questions of liability with respect to driving In fact, the media coverage around automotive cyber
mishaps of any kind can turn unexpectedly contentious, security was largely based around a very limited number
and could prove a factor in drawing attention to any of insider event presentations on the subject that
disquiet over whether more detailed information about have taken place at cyber security conventions in the
the provisions automotive OEMs are making in order United States, and on other automotive cyber security
to counter any threats. But concern about how this speculation that has appeared in the public domain.
connected technological evolution may play-out is being The findings of Charlie Miller (a security engineer/
voiced from within the automotive sector itself, even if researcher at Twitter) and fellow researcher Chris
not especially stridently from its OEMs. Valasek (Director of Security Intelligence at consultancy
IOActive) for instance, have generated much media
Interviewed by The Times newspaper toward the end of interest, even though the two highest-profile public
December 2014, Edmund King, President of motoring declarations of their research into ECUs at two events –
organisation the AA (and Visiting Professor of Transport Def Con Las Vegas in 2013 and Black Hat USA in 2014
at the University of Newcastle), acknowledged the – were based on conditional one-off research projects.
‘hacking threat’ to drivers of connected cars: “If cyber- They were published as a paper entitled ‘Adventures in
criminals targeted automobiles like they’re targeting automotive networks and control units’.10
other things, we’d be in for a hard and fast ride,” he
said.8 That a senior industry figure like Mr King has In brief, the researchers reportedly used cables to
gone on the record to express his forebodings indicates connect laptops via the on-board diagnostics ports to
that concerns over whether automotive cyber security is the electronic control units inside two different makes of
receiving the full measure of attention that it warrants, car. They wrote software which sent instructions to the
are both timely and legitimate. cars’ network computer and over-rode the commands
from the vehicles’ actual drivers, enabling them to
take control of some steering functions and cause the
fuel gauge to show empty – all while the vehicle was
in motion under driver control. The underlying issue
for automotive cyber security that Miller-Valasek’s
9
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
demonstrations appeared to confirm, is that the some leading car makers to respond to seven pages
rising number of internally-connected ECUs in the of cyber-threat-related questions, including: “How
test vehicles seemed to have no screening process would you be alerted to the possibility that a cyber-
for authenticating the messages they received, or for attack or inadvertent introduction of malicious code
blocking inauthentic transmissions. has occurred?”, and “Does any of the testing described
above include the use of independent third parties who
“By examining the [controller area network] on are contracted by your company to attempt to infiltrate
which the ECUs communicate, it is possible to your vehicles’ wireless entry points?”12
send proprietary messages to the ECUs in order to
cause them to take some action, or even completely Media interest in automotive cyber security was further
reprogram the ECU,” Miller-Valasek have been quoted fuelled in August 2014, when a ‘security advocacy
as stating. “ECUs are essentially embedded devices, group’ calling itself I Am The Cavalry proposed an
networked together on the CAN (controller area automotive cyber security rating system for car
network) bus. Each is powered, [with a] number of consumers.13 The ‘Five Star Automotive Cyber Safety
sensors and actuators attached to them.”11 Program’ proposal offers ‘a five-point checklist of
computer technology best practices for automakers
The CAN bus operates using an open protocol developed to implement’. The five aspects the program focuses
by Bosch in 1983. It is relatively safe under normal on are: Safety by Design; Third-Party Collaboration;
operation, but inherently insecure to external influence. Evidence Capture; Security Updates; critical system
According to Roy Isbell, from the Cyber Security Centre segmentation and isolation measures. The move
in WMG at the University of Warwick, it is essential that was described as ‘an important first step towards a
any external point of interconnection to the CAN bus is collaborative future between security experts and
adequately protected. This should include connections to automakers’.14
consumer interfaces, such as the vehicle head unit.
One automotive OEM who would have been more
A researcher in the team at University of Warwick has inclined to respond favourably to Senator Markey and I
developed CMAP (CAN bus mapper): this is the CAN Am The Cavalry, is electric-powered car manufacturer
bus equivalent of the NMAP open-source network Tesla. Tesla’s product range is highly digitally connected,
mapping tool. This allows researchers and security with the transmission, engine systems, battery, climate
analysts to enumerate all devices and ECUs connected control, door locks and entertainment systems all
to the CAN bus, an important capability when remotely accessible through an Internet connection. The
addressing functional safety and security issues. company attracted media attention when it announced
that it is hiring penetration testers – tasked with
Miller and Valasek’s findings made an impression on deliberately trying to break-in to Tesla’s vehicle security
US Senator Ed Markey. In a series of letters he asked safeguards.15
10
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
One way to access a vehicle’s data systems is via the connect ports intended for use by car mechanics when conducting diagnostic tests
11
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
12
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
13
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
14
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
15
Automotive Cyber Security: An IET/KTN Thought Leadership Review of risk perspectives for connected vehicles
References
1 Alliance initiates new security forum’ – AutoAlliance media alert, 10 ‘Adventures in automotive networks and control units’
July 2014
http://illmatics.com/car_hacking.pdf
http://www.autoalliance.org/index.cfm?objectid=ACE2D720-0DD5-
11 As quoted in ‘Automobiles: A new frontier in hacking and cyber
11E4-869F000C296BA163
security’ – Trend Micro blog, September 2013
2 ‘Hacking the Internet: bringing down infrastructure’ – Engineering &
http://blog.trendmicro.com/automobiles-new-frontier-hacking-
Technology, September 2013
cybersecurity/
http://eandt.theiet.org/magazine/2013/09/hacking-the-internet.cfm
12 ‘As Wireless Technology Becomes Standard, Markey Queries Car
3 ‘Industrial control systems and SCADA cyber security’ – Engineering Companies about Security, Privacy – Lawmaker sends letter to 20
& Technology, August 2014 auto manufacturers after reports of hacking, breaches, privacy
concerns’ – Markey media statement, December 2013
http://eandt.theiet.org/magazine/2014/08/cyber-security-new-
battlefront.cfm http://www.markey.senate.gov/news/press-releases/as-wireless-
technology-becomes-standard-markey-queries-car-companies-
‘Edward Snowden on Cyber Warfare’ – PBS Online, January 2015
about-security-privacy
http://to.pbs.org/145VaH8
13 https://www.iamthecavalry.org/domains/automotive/5star/
4 Car Hacker’s Handbook by OpenGarages
14 ‘Want a safe car? Check its cyber safety rating’ - CNET, August
http://opengarages.org/handbook/ 2014
5 ’Connected Car Forecast: Global Connected Car Market to Grow http://www.cnet.com/uk/news/want-a-safe-car-check-its-cyber-
Threefold Within Five Years’ safety-rating/
http://www.gsma.com/connectedliving/wp-content/uploads/2013/06/ 15 ‘Chinese hackers target Tesla Model S electric car’ – Daily
cl_ma_forecast_06_13.pdf Telegraph, July 2014
6 ‘Thousands using GPS jammers on UK roads pose risks, say http://www.telegraph.co.uk/technology/internet-security/10980899/
experts’ – The Guardian, February 2013 Chinese-hackers-target-Tesla-Model-S-electric-car.html
http://www.theguardian.com/technology/2013/feb/13/gps-jammers- 16 ‘CarShark Software Lets You Hack Into, Control And Kill Any Car’ –
uk-roads-risks Jalopnik, May 2010
‘New jamming devices block both GPS and Galileo’ – Engineering & http://jalopnik.com/5539181/carshark-software-lets-you-hack-into-
Technology, February 2014 control-and-kill-any-car
http://eandt.theiet.org/news/2014/feb/gps-jamming.cfm 17 ‘Comprehensive Experimental Analyses of Automotive Attack Surfaces’
7 ‘GM’s New Cybersecurity Chief Aims To Thwart Electronic Car www.autosec.org/pubs/cars-usenixsec2011.pdf
Hackers’ – IB Times, September 2014
‘Experimental Security Analysis of a Modern Automobile’
http://www.ibtimes.com/gms-new-cybersecurity-chief-aims-thwart-
www.autosec.org/pubs/cars-oakland2010.pdf
electronic-car-hackers-1695148
18 ‘Car hacking: The security threat facing our vehicles’ – Popular
8 ‘Hacking threat to drivers – wireless networks let cybercriminals
Science, September 2014
seize control of cars’ – The Times, 27 December 2014
http://www.sciencedaily.com/releases/2014/09/140917120705.
9 n ‘Security researchers raise concerns over car cyber safety’ –
htm
IT Pro, 12/8/14
19 ‘Point-of-sale cyber security: hacking the check-out’ – Engineering
http://www.itpro.co.uk/security/22878/security-researchers-
& Technology, March 2013
raise-concerns-over-car-cyber-safety
http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.
n ‘Hi-tech cars are security risk, warn researchers’ – BBC News, cfm
1/9/14
20 Building Information Modelling (BIM): Addressing the cyber
http://www.bbc.co.uk/news/technology-28886463 security issues (Institution of Engineering and Technology, 2014)
n ‘Iscar hacking the Next Big Security Threat?’ – Live Science, http://www.theiet.org/sectors/built-environment/design/bim-cyber-
16/10/14 security.cfm
http://www.livescience.com/48310-car-hacking-security-threats.html 21 ‘Is it a Car or a Computer on Wheels? Door locks and
entertainment systems remotely accessible via the Internet’ –
n ‘Connected cars raise privacy and safety worries’ – Financial
Dashboard Insights, January 2015
Times, 20/11/14
http://www.autoindustrylawblog.com/2014/06/09/is-it-a-car-or-a-
http://www.ft.com/cms/s/0/e663c6fa-643b-11e4-bac8-
computer-on-wheels/
00144feabdc0.html#axzz3PI64yfwE
The Institution of Engineering and Technology (IET) is working to engineer a better world. We inspire, inform and influence the global engineering community, supporting
technology innovation to meet the needs of society. The Institution of Engineering and Technology is registered as a Charity in England and Wales
(No. 211014) and Scotland (No. SCO38698). Michael Faraday House, Six Hills Way, Stevenage, Hertfordshire, SG1 2AY, United Kingdom.
The Knowledge Transfer Network (KTN) is the UK’s Innovation Network. We connect people to speed up innovation, solve problems and find markets for new ideas.
Knowledge Transfer Network Limited is a company limited by guarantee. Registered in England No 8705643. Registered Office: Bailey House, 4-10 Barttelot Road,
Horsham, West Sussex RH12 1DQ.
16