"Smart car is not always a safe car" / SurprizingFacts

Source: Getty Images

Three years ago, two specialists in information security showed That the new Jeep models are vulnerable to attack by intruders. Here we do not mean driving characteristics and other characteristics, but the ability to manage various functions remotely. And the "smarter" the car, the more it is subject to influence from outside. Unfortunately, the demonstration conducted by the above-mentioned experts did not lead to anything. Yes, the manufacturer Jeep tried to solve the problem, but other companies still pay little attention to the necessary measures of information security, as before.

The other day, Trend Micro employees published a post that gives an understanding of how much bad modern vehicles are well protected from being hacked. The same information was voiced at the conference on the infobase DIVMA, held in Bonn, Germany. According to the researchers, the main problem is the CAN protocol, which various elements of the car use to communicate with each other and a common network. As it turned out, the protocol is vulnerable, and the attackers, provided they possess the necessary knowledge and equipment, can exploit the weaknesses in CAN protection.

"You can deactivate the airbags, the gauges, turn off or turn on the central locking and steal the car," said Federico Maggi, one of Trend Micro's team members, who conducted the tests. According to him, possible attacks will go unnoticed – it is extremely difficult to detect them.

CAN Network Diagram

So far, researchers have demonstrated only some of the threats that are not critical. In any case, the interception of the control of the car, which was shown in 2015 on the example of the Jeep SUV, has not yet been shown. Nevertheless, something similar can be done with Tesla, probably one of the most technologically advanced vehicles on the ground at the moment.

The positive thing about all this is that the vulnerabilities found can not be exploited remotely 100%. Yet an attacker needs one-time access to the control and safety system of the car. Without this, it will be impossible to realize one's plan. Connect either to the wireless network or to the OBD port of the car.

Nevertheless, the threat of such attacks is serious enough that car manufacturers can simply ignore the problem.

So what's the threat? As mentioned above, vulnerabilities in CAN can be used to their advantage. Namely – malefactors, if they wish, can make any element of the car seem "defective" for the central control system of the car. In this case, this element is turned off by the car itself, and it will not work. To detect such a type of attack, according to the researchers, is quite difficult, if at all possible.

At the same time, you can disconnect the elements of the system by controlling the car in different ways, displaying various error messages. As a result, the same attack may look from the outside, like several unrelated incidents. Accordingly, it will be extremely difficult to detect an attack. In addition, to understand whether something is broken or whether someone is conducting an attack on the car can not.

So far this work is purely theoretical. A real attacker is unlikely to be able to conduct an attack predicted by experts in any near time. According to the head of the research group, he "will be surprised if he sees this in practice."

But this is now, since "smart" cars are not that many. But over time, they are becoming more and more. Accordingly, hackers can switch their attention to not hacking auto systems (some have been doing this for a long time). Therefore, before the theoretical problem becomes real, experts try to prevent the possibility of exploitation of vulnerabilities in CAN.

The authors of the work discussed in this article say that car manufacturers should focus not only on the design and running characteristics of their cars, but also on the protection of their cars from the threat of external interference.

About the author


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *