Is hacking vehicle electronic systems a potential method of stealing a car?Document Transcript
SBD Secure Car ResearchCan Thieves Control My Car? Hacking Attacks on Vehicle Security Systems Is hacking vehicle electronic systems a potential method of stealing a car? This study explores the potential for thieves to use computer hacking techniques to gain access to vehicle systems. SBD examines the future of vehicle architecture and communications to identify the potential threats of hacking a vehicle through various wired and wireless connections. Hacking is major news, and researchers have already started to find vulnerabilities in existing systems. This report cuts through the hype to help you gain a clear picture of what hacks can be achieved at the present and which are likely to develop into threats in the future. Vehicle manufacturers and systems suppliers need to consider security within the concept of new communication systems, and to understand the capability that potential thieves will have when the vehicles being developed now are eventually launched. This report will help prevent the exploitation of new technologies. This report will help you to: Gain insight into how new communications and connectivity technologies will increase vehicle vulnerability Examine the weaknesses in vehicle architecture to understand how hackers could misuse them Understand exactly what research teams have been able to do and what methods were used Benefit from useful pointers and solutions about future proofing your vehicles against hacking For additional information please email ABallatore@sbd.co.uk or telephone Alessio on +32 478 765506 and he will be happy to deal with your enquiry.
Threats from vehicle hacking set to grow ...Vehicle technology and in-vehicle electronics have been fast moving developments over recent years, with modern vehicles becomingmore dependent on Electronic Control Units (ECUs) to govern the majority of on-board vehicle functions. Couple this with an increasedlevel of communication with infrastructure outside of the vehicle (off-board), and it is possible that these vehicles have now been leftvulnerable to electronic hacking attacks.While these technological developments have no doubt helped to improve the performance, emissions, safety, and convenience aspectsof the vehicle, computer software experts claim that the security of these connected ECUs against malicious manipulation has not beengiven as much consideration. Convenience systems such as navigation and remote diagnostics are often able (and are sometimesdesigned) to communicate with security and safety critical systems even over parallel networks.The on-board communications are not designed to prevent unauthorised access, as the wide variety of aftermarket diagnostic toolsproves. Opening external channels to these vulnerable networks may give a hacker access to the vehicle’s central nervous sys tem viathe CAN Bus if they could successfully break through the off-board systems or communication protocols. Research teams have alreadyproven that vehicle hacking is possible both through wired and wireless connections to the vehicle; exerting control over sys temsincluding the engine, the brakes and the ignition. Summary of Possible Hacking Access RoutesIncreasing in-vehicle electronics and wireless connectivity will only increase the opportunity for hackers to access the vehicle. VehicleManufacturers and Suppliers need to seriously consider the security protocols integrated into the vehicle to ensure that this level ofcontrol cannot be achieved. This report explains the current threat level and separates myth from fact regarding what thieves arecurrently capable of doing and what they may be capable of achieving in 7 years time with advances in vehicle architecture andadvances in tools and techniques available to thieves.SBD cautiously predicts an increasing threat from this type of attack, and recommends within this report that study is made intopartitioning security and safety systems from communication routes which a thief may utilise, stronger software protection within the on-board systems, and that security is considered in the initial design concept.This report answers the following key questions: Is vehicle hacking a threat to vehicles now? What can be achieved once a hacking attack has successfully connected to the vehicle? Is hacking a vehicle easy to do? What equipment/knowledge is needed? How will the future integration of systems and the move towards open architecture change this problem?
...know what tomorrow bringsTABLE OF CONTENTS 5. The Threat of Hacking1. Executive summary 5.1 Why Hacking will be a Threat in the Future 1.1 Introduction 5.2 Control of the Vehicle 1.1 Conclusions 6. Secure and Protect 1.1 Recommendations2. Architecture Weaknesses 2.1 Wired Connection LIST OF FIGURES 2.2 Wireless Connection Fig. 1 Developing CAN Architecture 2.3 Vehicle Technology Fig. 2 Increased Connectivity of Infotainment Systems 2.3.1 Infotainment Fig. 3 Telematics Communication Route 2.3.2 Telematics Fig. 4 Summary of Possible Hacking Access Routes 2.4 Summary of Access Routes Fig. 5 Road Train Concept3. New Technology and Developments Fig. 6 TPMS Attack Tool 3.1 On Vehicle Fig. 7 Summary of Successful Hacking Attacks 3.2 Infrastructure Fig. 8 Vehicle Hacking Threats – Present vs. Future 3.3 Theft Tools Fig. 9 Criticality of On-Board Vehicle Systems On-4. Vehicle Hacking Attacks Fig. 10 ECU Partitioning – Body Control Module 4.1 Research Study 1 - Connected Vehicle Control Units 4.2 Research Study 2 – TPMS 4.3 Research Study 3 - Police In-Car Surveillance In- System 4.4 Public Hacking Incidences 4.5 Summary of Successful Hacking Attacks Criticality of On-Board Vehicle Systems High security required Engine ECU Brake Management Control Unit Medium security required SOS e-Call BCM SVR Instrument Cluster HVAC CAN Audio Communication Controls Low security required
The SBD Commitment ...From technical trends reports to conducting end user surveys, SBD has over 15 years of experience of providing strategic advice, insightand expertise to the automotive and associated industries globally.At SBD, we help vehicle manufacturers and their suppliers bridge that gap between system design and actual market needs. Our diverseteam of experts understand global market and technical requirements and how to plan cost-effective systems for the future thatcustomers value and are willing to pay for.About the report author... Craig Best (Technical Analyst – Vehicle Security) Craig’s background is in Automotive Engineering at Loughborough University and he has a wide understanding of vehicle design principles. He has provided extensive research on a number of SBD projects, and helps to analyse and maintain the range of research databases. His current specialisation is in global theft statistics and vehicle technical information.Pricing: For a quotation or further information please contact Alessio Ballatore on:Report Electronic pdf copy2312 - Can Thieves Control My Car? Email: ABallatore@sbd.co.ukHacking Attacks on Vehicle Security €2000 Phone: +32 478 765506Systems Fax: +44 (0)1908 305 106Related ServicesIs your vehicle vulnerable to attack?Understand the performance of your vehicle against the latest attack threats by using SBD’s testing services. With experienced, qualifiedspecialists in vehicle security and associated approval and test criteria, SBD can help you to future-proof and defeat actual theft methodsthat would threaten your product. We already support a number of vehicle manufacturers and suppliers by providing clear strategic adviceand focused product and technology development.To learn more about SBD’s testing and development services please contact us by email email@example.com.Related Reports Vehicle Crime in the 21st Century and the Impact of Electronic Theft Methods Theft patterns have shifted from small groups operating at a local level to more serious organised crime groups working on a global scale. In addition to this, independent companies are now being granted access to vehicle security system information for the diagnostics and repair market. SBD looks at these influences in its ground-breaking report; “Vehicle Crime in the 21st Century and the Impact of Electronic Theft Methods” in order to stimulate the automotive and associated industries’ awareness of changing trends and the need for new anti-theft strategies for the next-generation vehicles. Reference SBD/SEC/2196 High Tech Theft Series Vehicle manufacturers and suppliers are under constant pressure to develop security systems that provide an effective response to the rise in the use of sophisticated theft tools. So how can you keep one step ahead of thieves? To help you understand what thieves are doing, what they are targeting and what high-tech tools they are using, SBD have brought together three of our acclaimed vehicle theft reports. Gain a comprehensive insight into the future with this Vehicle Theft Threats Package .