E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
•Download as PPTX, PDF•
1 like•75 views
E-Vehicle Hacking by Parul Sharma at Null/OWASP Kolkata Chapter Combined Monthly Meetup on 20th April
Recommended
Recommended
More Related Content
Similar to E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Similar to E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx (20)
More from null - The Open Security Community
More from null - The Open Security Community (18)
Recently uploaded
Recently uploaded (20)
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
- 1. E-VEHICLE HACKING An Intermediate Exploration By Parul Sharma
- 2. ABOUT 2 Parul Sharma Cyber Security Enthusiast Working at Zettawaise Consulting Pvt. Ltd.
- 3. AGENDA o E-Vehicle Hacking: Introduction o E-Vehicle Architecture o Attack Surfaces o Types of Attacks o Real-World Example o Protecting against Vehicle Hacking 3
- 4. WHAT IS E-VEHICLE HACKING? 4 “If there was a war or escalation with a country with strong cyber capability, I would be very afraid of hacking of vehicles. Enemy states could turn cars into killing machines.” Justin Cappos (Computer Scientist)
- 5. 5 Autonomy Levels https://ackodrive.com/car-guide/autonomous-cars-and-levels-of-autonomous-driving/
- 6. E-VEHICLE ARCHITECTURE 6 • Electric vehicle architecture is different from internal combustion engine (ICE) vehicle architecture. • There are different types of electric vehicle architectures.
- 7. 7 Types of electric vehicle architecture https://e-vehicleinfo.com/wp-content/uploads/2021/07/image2-3.jpg
- 8. 8 Essential Components of an E-Vehicle • Battery Pack: The energy reservoir of the EV, determining range and power output. • Inverter: Converts direct current (DC) electricity from the battery pack to alternating current (AC) electricity for the motor. • Electric Motor: Converts electrical energy into mechanical energy to propel the vehicle. • Battery Management System: Monitors and manages the battery pack, including cell voltage, temp. and current. • Anti-Lock braking system: ABS significantly improves safety by preventing wheels from locking up during hard braking.
- 9. 9 Essential Components of an E-Vehicle • Electronic Control Unit: This acts as the central brain for many functions in a modern EV. • Controller Area Network: The backbone of communication within modern vehicles including EV’s. • Regenerative Breaking System: Recaptures energy normally lost during braking and uses it to recharge the vehicle's battery.
- 10. ATTACK SURFACES 10 Physical Attack Surface OBD II PORT Charging Stations Keyless Entry System Wireless Attack Surface BLUETOOTH WI-FI CELLULAR NETWORK
- 11. 11 Modern automobiles contain hundreds of on-board computers processing everything from vehicle controls to the infotainment system.
- 12. TYPES OF ATTACKS 12 CAN Bus Attack Public Charging Station Hacking Supply Chain Attack Vehicle-to-Vehicle Attack ECU Hacking
- 13. 13 Vehicle-to-Vehicle Attack V2V technology enables cars to communicate wirelessly for safety and traffic efficiency. Attackers can exploit V2V vulnerabilities to: • Inject false data • Spread malware across vehicles https://www.gihub.org/infrastructure-technology-use-cases/case-studies/vehicle-to-vehicle-v2v-connectivity/
- 14. 14 CAN Bus Attack CAN Bus (Controller Area Network): the backbone of communication within modern vehicles. Controls critical functions: engine, breaks, steering, infotaining etc. CAN Attack exploit weaknesses to: • Disrupt or disable vehicle systems • Gain unauthorized control • Steal sensitive data
- 15. 15 ECU Hacking https://www.linkedin.com/pulse/hybrid-vehicle-electronic-control-unit-ecu-market/ Small computer that control specific system in a car. Attacking methods: • Exploiting weakness in software updates. • Man-in-the-middle Attacks.
- 16. 16 Public Charging Station Hacking Public charging stations are vulnerable points in the EV infrastructure. Attackers can target charging stations to: • Steal user data (credentials, payment info) • Manipulate billing to overcharge users. • Potentially damage vehicles or the power grid. https://www.motorbiscuit.com/hackers-targeting-ev-charging-stations/
- 17. 17 Supply Chain Attack The EV supply chain is complex and global, involving: • Software development • Vehicle assembly Attackers can target any point in this chain to: • Introduce compromised components(hardware or software) • Steal intellectual property or sensitive data
- 18. REAL WORLD EXAMPLE 18 In 2015 hackers showed how they were able to take control of a Jeep Cherokee when it was moving at high speed. https://securityaffairs.com/38844/hacking/jeep-cherokee-hack-fiat-recall.html
- 19. 19 Charli Miller and Chris Valasek, who now work for Uber, sent false messages to its internal network, overriding the correct ones. That allowed them to do terrifying things such as making the vehicle turn sharply while it was speeding down a country roads. https://karambasecurity.com/blog/2019-07-09-charlie-chris-miss-mark
- 20. 20 Fiat Chrysler Uconnect Uconnect is Fiat Chrysler’s internet-connected feature which enables owners the ability to control the vehicle’s infotainment/navigation system. https://www.driveuconnect.com/content/dam/uconnect/uconnect-refreshment/uc-siriusxm-tab-desktop.jpg.image.1440.jpg
- 21. 21 Fiat Chrysler Uconnect • It only affected certain vehicles. • It required access to a cellular network. • It has been patched.
- 22. HOW TO PROTECT AGAINST VEHICLE HACKING? 22 TIPS FOR EV OWNERS:- • Update your car’s software. • Turn off Bluetooth and Wi-fi when not in use. • Be wary of unfamiliar charging stations. • Be cautious about what you connect.
- 23. 23 How to Protect against vehicle hacking? TIPS FOR MANUFACTURERS:- • Security be design. • Over the air updates. • Collaboration with cyber security experts.
- 24. THANK YOU.
Editor's Notes
- "Hello everyone! I'm Parul Sharma from Zettawise Consulting. I've always been passionate about technology and its intersection with security. That's why I'm thrilled to be your presenter today on the topic of E-vehicle hacking. This is my first time speaking at Null Kolkata, so let's dive into this exciting area of cybersecurity together."
- With rising fuel prices and environmental concerns, electric vehicles are a hot topic. Beyond their eco-benefits, are EVs a safe choice for drivers and passengers?, they aren't immune to cyber threats. The more features you have the more people can go and attack it. E-vehicle hacking means someone gains unauthorized access to an electric vehicle's systems. This isn't science fiction, it's happening. Hackers can exploit flaws in the car's software, wireless connections, or even the charging stations. So, what is at risk? Control- Imagin someone can manipulate your steering wheel and break just the thought itself is scary.
- When we talk about e- vehicle we cannot forget self driving cars because the advancements in automation are coming much faster in EV’s than any other cars. Understanding autonomy levels is crucial for anyone interested in the future of transportation. Level 0: No Automation: The driver is in complete control. Think of classic cars without assistive technology. Level 1: Driver Assistance: Simple aids like cruise control or parking sensors assist the driver, but the driver remains in full control. Level 2: Partial Automation: The vehicle can control steering and acceleration/braking in specific situations (e.g., highway driving), but the driver must remain attentive and ready to take over. Level 3: Conditional Automation: The car takes over in designated conditions (e.g., traffic jams), but the driver must still be ready to intervene. Level 4: High Automation: The car handles most driving, even in complex scenarios, but a driver may still need to take over in certain conditions. Level 5: Full Automation: The car does it all – no steering wheel, pedals, or human driver necessary.
- Electric vehicles aren't just a change in fuel source – they represent a fundamental shift in automotive design. Electric vehicles (EVs) come in different flavors, each with its own unique architecture. Let's break down the key distinctions between BEVs, PHEVs, and HEVs.
- Each EV architecture offers a different balance of electric range, fuel efficiency, and performance. BEVs are ideal for zero-emission driving. PHEVs offer flexibility. HEVs focus on maximizing fuel economy. Understanding these distinctions helps you choose the EV that best suits your needs. In HEV battery cannot be charged directly like PHEV’s but they get charged through re-generative breaking and IC engine. (In some HEVs, the gasoline engine can indirectly contribute to battery charging. During situations where the gasoline engine is producing more power than what's immediately needed by the wheels, that excess power can be used to run a generator and top up the battery's charge.) (In many HEVs, the battery powers the system that turns the gasoline engine off when the car is stopped (like at traffic lights) and then smoothly restarts it when needed.) IN both HEV and PHEV the battery and IC engine work together to enhance performance.
- OBD-II Port: The car's onboard diagnostics port, often used by mechanics, can be a point of entry for installing malicious code. Public charging stations are essential for EV infrastructure, but they can also be targets for hackers. Keyless entry systems allow you to lock and unlock your car with a fob or even your phone. These systems use radio waves to communicate between the fob and the car. Hackers can exploit this communication using a device called “Flipper Zero”. INVISIBLE ENTRY POINTS (Wireless attack) Bluetooth: Used for pairing phones or accessories. Vulnerabilities here could allow control of infotainment systems or access to personal data. Wi-Fi: If the EV has Wi-Fi capability, hackers could exploit it like any other wireless network to gain deeper access Cellular Networks: Cars with built-in cellular data connections may be targeted through those networks.
- Example: Spoofing: Pretending to be another car. Sending false messages. Jamming: flooding the conversation with useless info. Dangerous because drivers rely on these messages to stay safe on the road.
- Highway in your car from where messages travel to diff parts. Someone sneaks – sending false messages. Why bad? Mess with critical system in your car. Good news? Aware of the risk and working on it.
- ECU – mini computer controlling diff parts. Receive sensor data – send instructions to diff ecu’s. Airbags failure in serious case. Car crash- crash sensor –no register of crash- no signal to deploy airbags. Life saving airbags becomes useless.
- Software used for communication btw car and charger has weakness. Exploit weakness – inject malware in car Can mess with your car’s electronics. Security conferences DEFCON demonstrated.
- Target a company supplying parts for the EV. Sneak malware or hardware modification in the components. Compromised part- installed in EV POTENTIAL DAMAGE : Create backdoor into your car. Control critical systems.
- The 2015 Jeep Cherokee hack was a highly publicized and groundbreaking cybersecurity incident, but it wasn't technically the first cyberattack on an EV. The Jeep Cherokee Hack as a Milestone: The 2015 hack was significant because it was the first time hackers demonstrated the ability to remotely take control of critical vehicle functions (like steering, brakes, etc.) of a modern car while it was in motion. This exposed a major vulnerability in connected car technology. These earlier hacks often involved physical access to the car's internal systems, but they highlighted the potential for cybersecurity threats in vehicles.
- The hackers, Charlie Miller and Chris Valasek, focused on the Jeep Cherokee's Uconnect infotainment system. This system had cellular connectivity allowing features like remote diagnostics and web browsing. They were aware that many Chrysler vehicles used this Uconnect system, potentially making them vulnerable. By reverse-engineering the Uconnect software they found flaws that allowed them to send commands over the cellular network. These flaws enabled them to take remote control of minor vehicle functions like radio, A/C, and windshield wipers. The critical breakthrough came when the hackers discovered a way to move from controlling the entertainment system to other parts of the car's internal computer network (CAN bus). The Uconnect system and the systems controlling vital features like brakes and steering were connected. Miller and Valasek could wirelessly send commands that would control critical vehicle functions. This included: Disabling the transmission Manipulating the steering Engaging and disengaging the brakes
- Fiat Chrysler faced a major crisis after the Jeep Cherokee hack and responded swiftly to mitigate both the technical vulnerabilities and the damage to their reputation. Recall: They issued a massive recall for over 1.4 million vehicles to apply a software update that patched the vulnerabilities exploited in the hack. Hackers: They engaged with Miller and Valasek, the researchers who conducted the hack, to understand the specifics of the attack and implement relevant fixes. Transparency: They released detailed technical information about the vulnerabilities and the steps taken to fix them.
- “Components in car are not good at understanding where messages come from and whether they are authentic or not.” making e-vehicles more secure is totally doable. We just need to give it the same attention we give to...choosing the perfect emoji for that critical text message."