Automotive sector

Automotive Cyber ​​Attack Vectors – Part 1: Signal Attacks

The push towards ever more sophisticated levels of autonomy in the automotive sector will gradually take our hands off the wheel. But it can also distract us from work, and therein lies the potential for a significant cyberattack.

We’re probably a generation away from the fully autonomous robot taxis of science fiction lore, but increased levels of autonomy are real today. Combined with increasing levels of smart infrastructure and smart roads that can inform the car’s systems not only where they are (in the event of a satellite loss), but also what attractions, activities, charging or refueling points are are nearby, the increased functionality of automotive systems means we are not as far away as one might think virtual robot taxis.

This would all be great – bring the flying cars and the blade runners – if it weren’t for one thing: the law of the infamous arms race.

The Law of the Infamous Arms Race

The law of the nefarious arms race is that whenever someone builds a system for the general betterment of mankind, no nefarious actor is allowed to sleep until there are many ways to do so. turn into something dangerous, expensive or both. Email and cyber attack. Internet and data breaches. Movies and piracy – you get the idea.

The car has been, so far, legendaryly hard to turn into a bad thing. Assume, for the purposes of this assertion, that human-caused climate change is quite more complex and cannot be entirely blamed on the automobile door. Most of a car’s systems have always been gloriously unsubtle and practically steampunk in their levels of mechanical engineering – rather than computer engineering.

The mechanical principle

For mechanical engineering to go wrong, you have to consider either mechanical part failure, user error (did you forget to put gas in the tank?) or another natural phenomenon.

For mechanical engineering to go wrong at the right time, you have to watch the stuff from the movies – suspicious actors loosening wheel nuts, unseen by our hero at the gas station, for example. That’s what we mean when we say that so far cars (and also freight trucks, bullion wagons, logistics delivery trucks and anything else that works on the same fundamentals) have been legendary hard to turn into bad things.

So far.

Now, however, we are moving further and further away from the vehicle as a mechanical tool of movement, driven by the consciousness of the driver, and closer and closer to the vehicle as a self-regulating, self-navigating, not all yet quite a self-contained element within a computer data infrastructure. And while the benefits of this are huge, they also come with two big issues in terms of vulnerability to cyberattacks.

Signals and data.

The increasing vectors of signals and data

Signals and data are weaknesses that we have intentionally introduced into vehicles over the past 20 years, and certainly the data load will only increase as we get more automated automobiles. We added these weaknesses because the benefits have so far far outweighed the risks. And it’s likely that while signal attack vectors are likely to shrink over the next 20 years, making it harder for attackers and safer for drivers, the exchange density problem of data and weak security may well make vehicles – especially individual vehicles carrying specific people – the next iteration of the email hack.

Here we will discuss the attack vector via signals and examine the danger of next generation vehicle data in Part 2.

The signal problem

When we talk about signals, we are talking about satellite navigation signals. An absolute godsend for the geographically incompetent, the ubiquity of GPS and its sympathetic systems (including GLONASS, the Russian equivalent, and Galileo, the European version) has also introduced a pathway into the vehicle that did not exist. previously. This means that it opens the way to a double threat: jamming and identity theft.

Interference

Jamming is a term that everyone in the tech industry will understand. This is the signal-based version of hacking – hostile actors can interfere with the proper functioning of a computer system for their own benefit.

Jamming a vehicle is easy for those who know what they are doing. It’s rarely accurate, and usually you can’t pinpoint damage to a single vehicle, but all you need to jam a vehicle right now is a strong enough satellite signal jammer (available for purchase on the internet – your legality may vary). Turn it on anytime and watch the chaos and confusion unfold in ripples around you, as the satellite signal that tells your GPS where you are, where you’ve been and where you’re going is blocked, meaning that , in the absence of driver knowledge, or more likely in the presence of an educated driver who relies too much on technology, you might as well be in the Gobi Desert. And yes, it will probably work on police vehicles as well.

So far so chaotic – what’s the point of doing something like this? Well, the idea that you have to break out your jammer for a drive is a bit simplistic. Imagine having a handful of powerful jammers in static positions in Times Square or downtown Los Angeles. You could create traffic carnage, endanger lives and demand ransom, as the police were looking for not one, not two, but a handful of overlapping jamming signals. With the right timing on your jammers, you could convince a lot of drivers that they have the right of way and actually watch them run into each other until you get paid.

Granted, that’s a lot of work to do compared to the multimillion-dollar computer system hacks that now target businesses’ critical data assets, but it’s one way to attack vehicles and people on the road. interior from outside the immediate area. .

Usurpation

But of course, the jamming is messy, chaotic, and hard to monetize. For the real terrorist threat based on the signals of 21st century, you have to get involved in spoofing.

Identity theft is almost exactly what it says. When you turn on a jammer, you lose satellite signal and are effectively blind to location. And everyone too. But a spoofer does something much more insidious and personal. Yes, it negates your vehicle’s ability to receive satellite signals, but it also replaces the signals you should be receiving with a credible alternative, as determined by whoever controls the spoofer. By overriding these signals at strategic times, a spoofer can cause a satnav to direct you directly to where the spoofer wants you, rather than where the GPS says you are.

Yes, it hinges on a growing reliance on GPS technology rather than driver situational awareness, but the bad news is that a majority of drivers rely on their GPS in exactly the right way to make targets of spoofing.

And if you’re wondering why anyone would bother to impersonate a vehicle, it’s simple – it means the impersonator can place a driver exactly where they need it. Potentially, they can then be robbed, beaten or even murdered for profit.

Signal Attack Mitigation

There is some good news about signal attack mitigations, however.

On the one hand, jamming attacks are, as we mentioned, totally devoid of subtlety. They are still dangerous, as your vehicle goes blind in seconds. But if the law of the infamous arms race is true, the race element does too – there is now a thriving market in anti-jamming technology. You need to a) know the threat exists and b) be able to purchase the technology on a ‘just in case’ basis as most domestic vehicles come without it to keep the list price low, but it is the.

And of course, for logistics fleets, having the backup of a fleet manager means that issues can be quickly reported and the correct navigation information passed to drivers, to keep them rolling until they are out of range of the jammer.

As technology and integrated smart roads become more of a feature, this will also help defeat jammers, as absolute position data will become accessible by passing points on the road, in the event of an interruption satellite signals.

Although identity theft mitigation is not quite advanced yet, work is underway in scientific circles to also develop anti-identity theft technology – and similarly, when smart roads and intelligent infrastructures will be generalized, vehicles will be more resistant to identity theft, thanks to the availability of absolute positioning in the infrastructure, offering an alternative to falsified position data coming from the spoofer.

So while cyberattacks on the signals that bring you more and more AB into your vehicle are a possibility today, they are less likely to be a pervasive problem over time. Cyberattacks on data, however, may be something the tech industry — and civilians — increasingly need to watch out for. We will explain these threats to you in Part 2.