Trend Micro analysts rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.
A new Trend Micro report analyzes a day in the travels of a connected car to identify the most likely successful cyberattacks. “Cybersecurity for Connected Cars: Exploring Risks in 5G, Cloud, and Other Connected Technologies” puts the overall risk to a moderate level. Analysts found 29 potential cybersecurity attack vectors among the millions of endpoints in a connected car’s ecosystem, ranking five as the highest risk.
Connected cars use satellite, cellular, Wi-Fi, Bluetooth, RDS, eSIM-based telematics and other types of connectivity to send and receive data; This data supports user apps, driving apps, autonomous driving, safety features and other activities. The authors point out that all these network-centric applications create new attack surfaces in connected vehicles. Another element of the general security challenge is the interactions of a connected car with other vehicles, cloud services, and road infrastructure.
SEE: Identity theft protection policy (TechRepublic Premium)
According to the authors, malware is currently not the most likely problem for connected cars, but millions of endpoints in the ecosystem create a large and unpredictable attack surface. For example, a typical remodel car runs over 100 million lines of code. Also, basic vehicles have at least 30 electronic control units (ECUs), while luxury vehicles have up to 100 ECUs. Some of these ECUs can be accessed remotely and as explained in the report:
“All ECUs are interconnected through a maze of various digital buses … They operate at different speeds, move different types of data, and connect different parts of the vehicle. ECUs control many critical functions in a car, including the powertrain. , device and system communication body control, power management, chassis and vehicle safety. “
Trend Micro threat research manager Rainer Vosseler said current best practices in cybersecurity also apply to connected tools such as code signing, device control, firewall, encryption or threat intelligence.
SEE: The Future of 5G: Insights, rollouts, use cases and more (free PDF) (TechRepublic)
Vosseler also said that automakers and other industry groups are working together through the Automated Information Sharing and Analysis Center to share and analyze information about emerging cybersecurity risks.
Sorting and evaluating cyber security threats in connected vehicles
Analysts applied DREAD threat modeling to connected cars and their ecosystem to identify the most serious and potential security threats.
The DREAD threat model includes the following questions to support a qualitative risk analysis:
- Damage potential: How big is the damage to assets?
- Reproducibility: How easy is it to reproduce the attack?
- Availability: How easy is it to launch an attack?
- Affected users: As a rough percentage, how many users are affected?
- Discoverability: How easy is it to find a usable weakness?
Each risk is rated high, medium or low, with a score of 3, 2, or 1, respectively. Risk ratings for a specific threat are calculated by adding values for an overall score. The overall risk is graded as follows:
- High if the score is between 12 and 15.
- Medium if the score is between 8 and 11.
- Low if the score is between 5 and 7.
Analysts identified 29 linked car attack vectors and graded each – five high-risk attack vectors, 19 medium-risk attack vectors, and five low-risk attack vectors. High-risk attack vectors were:
- Electronically disrupting the security systems of a connected car such as radar and lidar.
- Electronically disrupting wireless transmissions to disrupt transactions.
- Discovering and exploiting vulnerable remote systems using Shodan, a search engine for internet-connected devices.
- Launching distributed denial-of-service attacks (DDoS) using a compromised intelligent transportation systems (ITS) infrastructure.
- Launch DDoS attacks against an ITS infrastructure so it cannot respond to requests.
The authors said that high-risk attacks only “require a limited understanding of the inner workings of a connected car and can be attracted by a low-skilled attacker.”
The authors of the report rated high-profile attacks such as installing malicious firmware from the air, taking control of vehicles remotely, and sending false commands to the ITS backend as medium or low risk. These attacks are difficult to execute because “devices and systems are not easily accessible for attack, and expert skills and knowledge are required to successfully compromise connected vehicle platforms.”
The authors note that these threat assessments will change “when third-party vendors are offered middleware that hides the internal E / E tool architecture to provide software as a service,” making it easier for attackers to make new enhancements. tactics, techniques and procedures (TTPs). Also, as monetization methods for these attacks evolve, this will change the threat landscape. Analysts see ransom, data theft, information warfare, system games and theft, and revenge and terrorism as the most likely models of profiteering for attacks on the connected vehicle ecosystem.
The authors of the report examined four remote vehicle hacking case studies to understand the types of cybersecurity attacks for connected cars: Jeep Hack 2015, Tesla Hack 2016 and 2017, and BMW Hack 2018.Based on this analysis, the authors found all four attacks and wireless attacks as the main attack vector. sees. Attackers compromise connected cards by sending malicious control area network (CAN) messages to an ECU.