How safe is your connected car from being cyber-attacked and what should be done to protect it?
I was thinking about Jeff Weiner's question to identify a single product or feature that you cannot do without. For me, it is easy to pay that accolade to Tesla's self-driving autopilot. Every time I am stuck in Bay Area traffic, I allow the car to drive itself while I engage in creative thinking or relax with an audiobook. This is the perfect example of what technology should do—take on the monotonous work and do it better than a human being can.
But, as a security researcher, this exact same scenario is also what keeps me up at night. If my car were hacked, it would be really easy for someone, even sitting across the ocean, to veer me off the road or into a truck. In fact, this risk does not only apply to self-driving cars—any connected vehicle can be taken over and the owners' lives held at ransom. In 2015, researchers Charlie Miller and Chris Vilaseck showed that a Jeep Chrysler could be taken over remotely and made to do their bidding. This led to a recall of 1.4 million vehicles, making it one of the most expensive IoT breaches to date.
Fast forward two years, and almost every new car on the road is connected—in two ways. First, they have an internet connection to enable streaming content to the cars. This means that anyone on the internet can reach (and quite possibly, breach) the car. Second, the critical components of the car are all connected together, often using protocols with no security layer at all. For example: the car radio volume automatically increases as the car accelerates on a freeway. While this useful feature is achieved by a message from the wheel rotation sensor to the audio subsystem, you can extrapolate the possibilities of this same communication channel being used in reverse.
Let's consider where this problem could be addressed:
- Inside the car. This is the traditional strategy of applying security on the target device. A car, however, is a collection of computers networked together using protocols (e.g. CAN) that were built prior to this security-conscious era. Once the malware gets into a car, it is hard to prevent it from propagating.
- Within the network, evaluating network traffic to detect malware. However, cars will connect to both cellular networks and Wi-Fi networks at any place of the user's choosing. It is therefore very challenging to protect the car from all network angles of attack.
- At the ingress point of the car, where the network stacks allow external entities to communicate with the car. By evaluating the bits and packets entering the car, we have the best chance of detecting and preventing an attack.
So what can and should be done? I encourage all researchers and developers in this field to protect the connected-vehicle ecosystem. This includes car manufacturers who need to put air-gaps or security barriers between the critical systems (e.g. braking, steering) and the informational systems (radio, browser). This includes the network providers who can detect and identify attacks targeting cars. And this includes security engineers who can bring to the table their experience and expertise of protecting millions of connected devices, based upon sensing the environment. Finally, I strongly believe that machine learning, applied both on-device and on the network, can be a critical tool in protecting these connected mobile devices.