1 / 143

Automative Hacking

Under The Hood: How Hackers Can Remotely Hack Your Car?<br>

GauravGHT
Download Presentation

Automative Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automotive Hacking • Under The Hood: How Hackers Can Remotely Hack Your Car?

  2. Automotive Hacking Under The Hood: How Hackers Can Remotely Hack Your Car?

  3. Cyber criminals working for enemy states could ‘kill millions’ by remotely hacking cars, warns expert Justin Cappos, Computer Scientist New York University

  4. Vehicular Automation • Vehicular Automation involves the use of mechatronics, artificial intelligence, and multi-agent system to assist a vehicle's operator. • These features and the vehicles employing them may be labelled as intelligent or smart. • A vehicle using automation for difficult tasks, especially navigation, may be referred to as semi-autonomous. • A vehicle relying solely on automation is consequently referred to as robotic or autonomous.

  5. Vehicular Automation

  6. Vehicular Automation

  7. Autonomy levelsAutonomy in vehicles is often categorized in six levels: The level system was developed by the Society of Automotive Engineers (SAE). • Level 0: No automation. • Level 1: Driver assistance - The vehicle can control either steering or speed autonomously in specific circumstances to assist the driver. • Level 2: Partial automation - The vehicle can control both steering and speed autonomously in specific circumstances to assist the driver. • Level 3: Conditional automation - The vehicle can control both steering and speed autonomously under normal environmental conditions, but requires driver oversight. • Level 4: High automation - The vehicle can complete a travel autonomously under normal environmental conditions, not requiring driver oversight. • Level 5: Full autonomy - The vehicle can complete a travel autonomously in any environmental conditions.

  8. Autonomy levels

  9. Vehicle Automation • Vehicle automation has been one of the fundamental applications within the field of intelligent transportation systems (ITS) since the start of ITS research in the mid-1980s. • For most of this time, it has been generally viewed as a futuristic concept that is not close to being ready for deployment. • However, recent development of “self-driving” cars and the announcement by car manufacturers of their deployment by 2020 show that this is becoming a reality.

  10. Vehicle Automation

  11. Automotive Hacking • Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of automobiles.

  12. Automotive Hacking • Modern automobiles contain hundreds of on-board computers processing everything from vehicle controls to the infotainment system.

  13. Automotive Hacking

  14. Automotive Hacking • These computers, called Electronic control units (ECU), communicate with each other through multiple networks and communication protocols including the Controller Area Network (CAN) for vehicle component communication such as connections between engine and brake control; Local Interconnect Network (LIN).

  15. Electronic control units (ECU)

  16. Electronic control units (ECU)

  17. Automotive Hacking • For cheaper vehicle component communication such as between door locks and interior lights; • Media Oriented Systems Transport (MOST) for infotainment systems such as modern touchscreen and telematics connections; and • FlexRay for high-speed vehicle component communications such as active suspension and active cruise control data synchronization.

  18. Media Oriented Systems Transport (MOST)

  19. Automotive Hacking • Additional consumer communication systems are also integrated into automobile architectures including Bluetooth for wireless device connections, 4G Internet hotspots, and vehicle Wi-Fi.

  20. Consumer Communication Systems

  21. Automotive Hacking

  22. Automotive Hacking • The integration of these various communications and software systems leaves automobiles vulnerable to attack. • Security researchers have begun demonstrating the multitude of potential attack vectors in modern vehicles, and some real-world exploits have resulted in manufacturers issuing vehicle recalls and software updates to mobile applications.

  23. Automotive Hacking

  24. Automotive Hacking • Manufacturers, such as John Deere, have used computer systems and Digital Rights Management to prevent repairs by the vehicle owners, or by third parties, or the use of aftermarket parts. • Such limitations have prompted efforts to circumvent these systems, and increased interest in measures such as Motor Vehicle Owners' Right to Repair Act.

  25. Automotive Hacking

  26. Automotive Hacking • Any car built after 2005 is an 'open door' to hackers and could be remotely controlled to obliterate 'millions of civilians', a researcher has found. • Even some vehicles up to 17 years old could be vulnerable to attack and unless car makers fix the problem deaths in the next five years are inevitable. • Hackers may already be causing accidents without authorities knowing. 

  27. Hackers may already be causing accidents without authorities knowing

  28. Automotive Hacking • The warning was made by Justin Cappos, a computer scientist at New York University. • Dr Cappos says this vulnerability should be treated as an ‘urgent' national security issue’.

  29. Justin Cappos, a computer scientist at New York University says this vulnerability should be treated as an ‘urgent' national security issue’.

  30. Automotive Hacking • Once in the car, Dr Cappos warned hackers can send messages that stop the brakes working and turn of power steering.

  31. Automotive Hacking • 'Components in cars are not good at understanding where messages come from and whether they are authentic.' • In 2016 hackers showed how they were able to take control of a Jeep Cherokee when it was moving at high speed.

  32. Automotive Hacking

  33. Automotive Hacking • Charlie Miller and Chris Valasek, who now work for Uber, sent false messages to its internal network, overriding the correct ones. • That allowed them to do terrifying things such as making the vehicle turn sharply while it was speeding down a country road.

  34. Automotive Hacking

  35. Research • In 2010, security researchers demonstrated how they could create physical effects and undermine system controls by hacking the ECU. • The researchers needed physical access to the ECU and were able to gain full control over any safety or automotive system including disabling the brakes and stopping the engine

  36. hacking the ECU

  37. Research • In a follow-up research paper published in 2011, researchers demonstrated that physical access is not even necessary. • The researchers showed that “remote exploitation is feasible via mechanics tools, CD players, Bluetooth, cellular radio...and wireless communication channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft”. • This means that a hacker could gain access to a vehicle's vital control systems through almost anything that interfaces with the automobile's systems.

  38. Remote Exploitation Is Feasible Via Mechanics Tools, CD Players, Bluetooth, Cellular Radio...And Wireless Communication Channels

  39. Fiat Chrysler UConnect • UConnect is Fiat Chrysler's Internet-connected feature which enables owners the ability to control the vehicle's infotainment/navigation system, sync media, and make phone calls. • It even integrates with the optional on-board WiFi.

  40. UConnect is Fiat Chrysler's Internet-connected feature which enables owners the ability to control the vehicle's infotainment/navigation system

  41. Fiat Chrysler UConnect • However, susceptibilities in Fiat Chrysler’s UConnect system, available on over 1.4 million cars, allows hackers to scan for cars with the system, connect and embed malicious code, and ultimately, commandeer vital vehicle controls like steering and brakes.

  42. UConnect system

  43. General Motors OnStar RemoteLink App • The OnStar RemoteLink app allows users the ability to utilize OnStar capabilities from their Android or iOS smartphones. The RemoteLink app can locate, lock and unlock, and even start your vehicle.

  44. General Motors OnStar RemoteLink App

  45. General Motors OnStar RemoteLink App • The flaw in General Motors’ OnStar RemoteLink app, while not as extreme as UConnect, allows hackers to impersonate the victim in the eyes of the RemoteLink app. • This means that the hackers can access all of the features of the RemoteLink app available to the victim including locating, locking and unlocking, and starting the engine

  46. Hackers can access all of the features of the RemoteLink app available to the victim including locating, locking and unlocking, and starting the engine

  47. Keyless Entry • The security researcher Samy Kamkar has demonstrated a device that intercepts signals from keyless-entry fobs and would allow an attacker to unlock doors and start a car's engine.

  48. Security Researcher Samy Kamkar Has Demonstrated A Device That Intercepts Signals From Keyless-entry Fobs And Would Allow An Attacker To Unlock Doors And Start A Car's Engine

  49. Case Study : Hackers Remotely Kill a Jeep on the Highway • It was the summer of 2015, Andy Greenberg was driving a Jeep Cherokee in downtown St. Louis. • The vents started blasting cold air at the maximum setting, the radio was blaring at full volume, and the windshield wipers turned on.

  50. Case Study : Hackers Remotely Kill a Jeep on the Highway • renowned hackers Charlie Miller and Chris Valasek describe how they compromised the Jeep Cherokee via a vulnerability in Uconnect, the vehicle's Internet-connected entertainment system.

More Related