SQL Database Design For Developers at php[tek] 2024
LES PROBLÉMATIQUES DE SÉCURITÉ POUR LES IOT – APPLICATION AU VÉHICULE AUTONOME
1. IoT C ybersecurit y C hallenges
I n C o n n e c t e d C a r s t o wa r d s A u t o n o m o u s D r i v i n g
Telecom Valley, Security Camp. October 9th 2018
Cédric VAMOUR Cybersecurity Architect
2. Remote Hacking of Connected Cars
2
IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
12. Hackers Remotely Kill a Jeep on a Highway | WIRED (Video 5 min)
DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
(Video 46 min)
Remote Exploitation of an Unaltered Passenger Vehicle (pdf 90p)
Remote Car Hacking - Jeep Cherokee (Video 9 min)
REMOTE HACKING OF THE JEEP CHEROKEE12
13. REMOTE HACKING OF THE JEEP CHEROKEE13
Attack Steps Vulnerabilities Responsibility
Get Remote Access No IP Filtering inside Sprint Network
Any IP can access any IP inside NW
Sprint: Cellular Operator
Get Service Internal IPC D-BUS Services bound to port
6667
Harman: U-Connect
Integrator
Get Privilege Execute Shell with root Access Harman: U-Connect
Integrator
Get CAN Vehicle Access Flashing interface through D-BUS with
unsigned Firmware
Harman: U-Connect
Integrator
Get Safety Access No Secure Gateway Jeep: Car Maker
Autopsy: What went wrong?
No significant « Crafted Exploit » was required.
15. IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
15
MIL-STD-882E DoD
STRIDE Microsoft
Renault
Frameworks for
RISK ANALYSIS Methodology
Evaluate the risk level for each attack scenario
The risk is the combination of the impact with the likelihood
16. IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
Before:
✓Car theft
✓ Brand image
In the near Future:
✓Autonomous Driving
✓ Car sharing
✓ Robot TaxiPresently:
✓X by wire: Breaking or Steering
✓ Park assist
✓ Remote Start
✓ ADAS
✓ Personal Data
16
Evolution of the
IMPACT LEVEL in Automotive
17. IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
Before:
✓Physical Attack
✓ Remote Unlock
Next future:
✓Application Stores
Google Android Services, Alibaba…
✓ V2X, Internet Access
✓ Ethernet
✓ ADAS/AD
Presently:
✓Connected Car
✓ Cellular Network, WIFI, BT, Electric charger …
✓ FOTA, Remote Diagnostics
Remote Car Hacking - Jeep Cherokee
17
Evolution of the
LIKELIHOOD LEVEL
18. IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
18
In all systems, there are always vulnerabilities and exploits. By using multiple layers
to mitigate damage, even if one (or multiple) layers fails, the system is still protected.
Minimize Risks: A Multi-Layer
Vehicle Security Framework
19. IoT Cybersecurity Challenges In Connected Cars
towards Autonomous Driving
▪ Security must be an integral part of the system design
(not an afterthough)
▪ Security must follow Multi-layer approach, going
beyond only prevention: Prevent, Detect,
Reduce, and Fix
▪ with enough motivation and resources attackers will
find a way to circumvent intrussion prevention, we
need to detect attacks (runtime integrity protection,
IDS), reduce impact (process isolation, firewall), and
fix vulnerabilities (secure OTA updates), hence not rely
on a single countermeasure.
IoT Car
Provable
Security
(Authentification)
Physical
protection
Hardened
software
Secure Boot
Runtime
integrity
protection
Intrusion
Detection
System
Inter-
process
isolation
Firewall
OTA
updates
19
Minimize Risks: A Multi-Layer
Vehicle Security Framework