Paying attention to security threat developments within the automotive industry has never been more critical than at this time.
With the automotive industry undergoing a rapid transformation, connected cars are now the core of the smart mobility ecosystem. While this connectivity is useful for automotive vendors and service providers as a way to monetize car data, and for customers to experience great functioning vehicle updated with the latest of high-tech services, connectivity also introduces a lot more cyber-security threats, like fraud, misuse, and attacks. If not defended correctly, connected cars become a target for long range black hat attacks that can endanger a consumer’s life.
The Jeep Cherokee hack in 2015 was just the start
A prime example of how vulnerable connected cars are is when two white hat attackers, Chris Valasek and Charlie Miller, hacked a 2014 Jeep Cherokee remotely over the Internet, effectively taking over the car’s digital systems, such as steering, braking, car locks, air conditioning, and the infotainment centre. Chrysler had to recall 1.4 million vehicles that year. To watch the video, click here.
Since then, OEMs and service providers often have their unique algorithm that protects the car from being susceptible to these attacks; however, with advanced technology and components being incorporated inside a vehicle every year, these attacks have become more common as well. Upstream Security’s analysis shows there were more than 170 reported automotive cyber incidents, with a significant increase of cyber-attacks between 2010 and 2018. Now imagine how many cases must have gone unreported.
There was also a significant rise in black hat attacks in 2018; it was the first year where there were more black hat attacks than white hat attacks. Upstream expects this gap to increase as there will be more connected cars, and thus more targets, also giving hackers greater ability to cause more damage. Additionally, there were more wireless attacks in 2018, where the hacker did not require physical access to the car and, like Valasek and Miller, were able to target vehicles from far away. These attacks are expected to increase in 2019 as well.
Who and what do the hackers target?
So how are hackers gaining access to the vehicles? Hackers can gain access to a car system through several different components, including servers and modems, keyless entry, OBD ports and dongle, USB ports, infotainment system, a cellular network, and mobile apps, WiFi, sensors, Bluetooth, and TCU. This list also includes advanced technology, such as advanced driver assistance systems (ADAS), navigation, automation and more.
Upstream Security’s VP of Product, Dan Sahar says, “Companies and consumers need to look at these components and think ‘is there a way in’ to protect against hackers. For starters, the servers should be in obvious places, especially the command and control servers.
“The key takeaway here is that one of the most important things in your security infrastructure is to be able to detect the anomaly as early as possible and not realize it when the actual hack takes place. You want an early warning system that alerts you on that. The larger the connected car infrastructure becomes, there will be more opportunities for hackers to try to attack that infrastructure.”
There are three primary affected parties after a hack: 1) the car company, 2) the maker of the infotainment systems, and 3) the mobile operators. Conversely, the impact of a hack can span to any organization within the automotive industry, especially the majority of fortune 500 companies that have car fleets or trucking fleets. A hack also impacts multiple stakeholders within the industry.
Upstream Security provides a solution
Upstream Security is a centralized cloud-based, agent-less security model that understands and distills a massive amount of data created by fleets to find any security breach or anomaly that affect the vehicle service. This model helps corporations to reduce connectivity risks and protect connected and autonomous vehicles, SAE levels 0-5, on the roads today and in the future.
“The general feeling within the industry is that security and safety go hand-in-hand. If you’re unable to secure your vehicle, then the safety is impacted. Our job is to ensure that the services starting from the car to the applications connected to it are secure,” said Sahar.
Ultimately, the goal of Upstream Security is to ensure that the smart mobility service infrastructure, the vehicle and the passengers inside them are safe and secure from remote cyber-attacks generated over the Internet or mobile networks and protected against fleet-wide attacks that target multiple cars at the same time.
This goal is accomplished through Upstream C4. This solution is entirely data-driven, using a three-step process:
- Ingest a replica of the data and convert it from a proprietary format into a universal automotive format. By utilizing the same algorithms and protection mechanisms across the board for all customers, they are all protected in the same way at the same time. If there is an anomaly for one car, then the Upstream finds a solution and applies it to all vehicles.
- Profile the data to understand what the components are inside the smart mobility service, like applications servers that are built around the specific connectivity service. It also profiles groups of vehicles. For instance, if one OEM has a lineup of cars with different characteristics, functionalities and various internal components then Upstream can profile what to expect from each kind of vehicle.
- Use the profiles as input for the security engines that offer various ways to look at data and search for patterns, track all communications, mobile and telematics data, and look for things outside of the ordinary. It also looks at things that are application level, such how transactions behave within that connected car service–how does the ‘unlock door’ command translate into multiple messages–and look for things that are more contextual that affect the state and behaviour of the vehicle(s).
The output of the system is what Upstream calls Cyber-security Incidents which are then consumed by the users. These users are typically security analysts sitting inside the SOC – Security Operations Centre – where they are alerted in real-time of these incidents and where they can perform a triage and risk cause analysis on these incidents. In some cases, they also integrate with third-party solutions that are also inside that SOC.
Visit Upstream’s online reported cyber incidents repository here.