Skip to 0 minutes and 11 seconds Today, vehicles are populated with interactive features to enhance the users comfort, entertainment and safety. A vehicle’s in built telematics unit can provide GPS navigation, route audio to allow you to play your favorite songs and make phone calls on the go, they offer lane assistance, power your windows and steering, and can even warm your seats. But behind each of these rich features are millions of lines of code that are running on embedded systems commanding each element to act correctly. Imagine that you were behind the wheel - travelling on a highway and your door windows roll down and indicators begin signaling without your input. Your car begins to speed up, without you pushing the accelerator and your brakes become unresponsive.
Skip to 0 minutes and 53 seconds You are in clear danger and there is nothing that you can do to regain control. Unfortunately, this is a harsh reality caused by the lack of security measures in the automotive industry. The focus of vehicle manufacturers is on better driving experience, aesthetics and fuel efficiency, but security is not considered a prime requirement. There is no legal compulsion on the vehicle manufacturers to build vehicles that are safe from the cyber-attacks. Modern vehicles inevitably require roommates network connection to provide updates to systems like the ECU as it’s not viable to bring every vehicle to a garage for patching or software updates.
Skip to 1 minute and 41 seconds Controller area network or CAN is considered the backbone of in-vehicle communication the can network is an unencrypted series of communications that do not have an authentication method embedded within them. Most of the critical electrical units are connected through this network. Any electronic control unit or ECU for short could be connected to a CAN bus and would be able to listen to any communication. CAN loggers are readily available at low cost and these allow the user to record the communication. An attacker could either physically connect these loggers to the in-car OBD2 port which by law must be left open for Diagnostics purposes, or by wirelessly connecting for instance, through the telematics unit.
Skip to 2 minutes and 25 seconds Once access has been gained then the control of any in-vehicle system is at stake
Introduction to automotive cyber security
How is it possible for a vehicle to keep track of speed, manoeuvres performed and locations visited? How are you able to connect your phone to make calls and play music, use a switch to control your windows, and receive a warning when you’re starting to drift out of your lane?
Watch the above video which explains that this is all made possible due to the inclusion of electronic control units (ECUs) along with other advancements, such as in-vehicle networks and GPS technology. There are millions of lines of code embedded in these ECUs.
The famous Jeep Cherokee attack in 2015 is an example of automotive hacking and is described later this week.