Tuesday, October 4, 2011

Security analysis of the modern automobile

I thoroughly enjoyed this paper from the 20th Usenix Security Symposium: Comprehensive Experimental Analyses of Automotive Attack Surfaces.

The authors study the security aspects of "late model mass-production sedans", with respect to:

  • Threat modelling
  • Vulnerability analysis
  • Threat assessment

After a quick review of modern automotive computer technology, the authors get right down to brass tacks and start exploring the risks in your car.

Here are some of the wonderful and creative attacks they come up with:

  • Service personnel routinely connect Windows-based computers to the OBD-II port on your engine's computer during service and maintenance. So compromising those Windows-based systems can allow attacks on cars during service.
  • Electric vehicles communicate through their charging cables.
  • Car stereos nowadays contain CD players, USB ports, iPod connectors, and other digital multimedia ports, which are a rich pathway for attacks to travel.
  • Hands-free telephone support in cars usually is based on Bluetooth connections
  • Cars usually have RF-based Remote Keyless Entry systems to unlock doors, activate alarms, flash lights, etc.
  • Since 2007, cars have Tire Pressure Monitoring systems that use similar radio communications
  • The very latest cars are capable of becoming mobile WiFi hotspots themselves.
This is a vast number of potential vectors! "But wait, there's more!"
  • Cars have GPS systems, Satellite Radio receivers, Digital Radio receivers, Radio Data Systems, Traffic Message Channel devices
  • Cars have remote telematics, such as OnStar, Sync, BMW Assist, etc.
  • Cars have anti-theft devices, hands-free driving directions, etc.
And the list isn't getting any shorter over time...

So, what's the real, current threat? Well, as the paper states, the authors developed nearly a dozen demonstrated attacks, and:

Combining these ECU control and bridging components, we constructed a general "payload" that we attempted to deliver in our subsequent experiments with the external attack surface. To be clear, for every vulnerability we demonstrate, we are able to obtain complete control over the vehicle's systems. We did not explore weaker attacks.

The specific attack vectors they used included:

  • A CD containing malware, which they convince the automobile owner to put into their CD player via social engineering
  • A Windows laptop containing malware which they plug directly into the OBD-II port
  • WiFi network attacks to the car's PassThru devices
  • An Android phone containing malware which they convince the car owner to allow into the car via social engineering
  • Calling the car's telematics system and exploiting it
  • Loading an iPod with malware and convincing the car owner to plug it into the iPod dock
None of these are even the slightest bit ridiculous; these are real, solid, critical vulnerabilities.

As computers become more sophisticated, as the appliances in our life become more automated, and as the world becomes more networked, what once might have seemed far-fetched is now startlingly immediate. We all have to become security engineers; we all have to understand how to build secure and reliable systems, and work like this is crucial in helping us understand where we are and where we need to be.

As I said, I thoroughly enjoyed the paper, and hope you do, too!

No comments:

Post a Comment