1 / 14

Michael Westra, CISSP June 2012

2012 BSides Detroit Security Presentation: Vehicle Hacking. Michael Westra, CISSP June 2012. “If you think technology can solve your security problems, then you don’t understand the problem and you don’t understand the technology.” - Bruce Schnieier. Agenda.

tareq
Download Presentation

Michael Westra, CISSP June 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 2012 BSides Detroit Security Presentation: Vehicle Hacking Michael Westra, CISSPJune 2012 “If you think technology can solve your security problems, then you don’t understand the problem and you don’t understand the technology.”- Bruce Schnieier

  2. Agenda • Unique challenges that automotive faces • Overview of CAN (Controller Area Network) • SYNC, a real world example of security thinking that went into a product on the market • Security Posture • Sample features within a security framework • OEM perspective on where industry is going • Auto security industry in review • Technology trends

  3. Automotive Challenges • Automotive is very long lived • Development 2-5 years • Lifetime 3-5+ years • Often in service for 10+ years • Vehicles in design today will be on the road 20 years from now • Collection of discrete modules from many vendors • Includes variety of hardware from 8-bit microcontrollers to 32-bit ARM processors connected • Unique service requirements • Right to service laws mandate that non-OEM locations have access to tools and mechanisms to perform service and update modules • Disconnected service scenarios

  4. CAN (Controller Area Network) • Mental Model • Based on broadcast virtual electrical signals, not traditional network model • No authentication, assumed trusted, does not check source ID • Heavily affects how development proceeds • Structure • 11-bit ID on broadcast • 8 bytes of data per message • Multiple “slow” buses (500kbps) • Applications layered on this like TP (streaming), Diagnostics, Programming

  5. SYNC Background • SYNC first generation: • Launched in fall of 2007 • 4 million units earlier this year • MyFord Touch, second generation of SYNC: • Launched in fall of 2010 • No subscription required • Both products scheduled to be launched in all global markets within the next 18 months • Includes E911, Vehicle Health, and Traffic, Directions, and Information • Applinkprovides mobile phone application integration with the Sync UI

  6. Current SYNC Features/Security Challenges • External interfaces • Bluetooth • Wi-Fi / USB Broadband / Network connectivity • Mobile Application Integration • Telematics • USB • Software Updates • Wireless Factory Provisioning • USB Updates • Playback of protected Media Content • CAN Interaction • Phonebook Integration • Large external attack surface. • Application Validity • Software Integrity Assurance • DRM/ Licensing • Protect the Vehicle Bus • Personally identifiable information (PII) considerations

  7. General Security Lessons • Start by defining your product’s security posture. • Every device can be hacked with sufficient time, expertise, and motivation • Define what is worth protecting and to what level • An example from SYNC • A successful attack should require physical access to the internals of the module • A successful attack of one device should not be transferrable to immediately hack all devices • A general perimeter security architecture including hardware should be used to protect the most sensitive components • External non-hardwired or user accessible interfaces should be hardened as much as possible with multiple levels of protection

  8. SYNC Security Challenges (continued) • Protect the Vehicle interface at all costs • …or to the same level as physical interfaces for serviceability currently mandated by law

  9. Wi-Fi Provisioning • First in industry to dynamically download large volumes of data on the moving assembly line • Configure SYNC with language and other unique configuration on the moving assembly line • This completely automated process results in the conversion of labor-related expenses, allows for flexibility of future application upgrades

  10. Mobile Application Integration • Different Application Integration Models • MirrorLink • Applink • Signature/Gateway Application • Security Implications • Each model has different going-in security assumptions • Apps are trusted or untrusted • Assumptions about spoofing applications • Apps are hosted, directly displayed, interact via an API • Not just security, Driver Distraction is an even larger concern (but ties back to first concern)

  11. Auto security in review • UW papers • What could be controlled via CAN with physical access • How might remote access be achieved • TPMS hacks • Various demonstrations for keyless entry transponders

  12. Where this technology is going… • Car industry is where PC industry was 15 years ago • But can benefit from their security learning • Fully Internet addressable fleets of automobiles • Increased integration with mobile applications • Continued democratization of technology • Global view, All vehicle levels (not just high-end) • Vehicle environment is different than mobile • Eyes on the road, Hands on the wheel • Safety around vehicle interfaces

  13. Where the industry is going… • Security of major interfaces is getting a lot more attention (and press) • OEMs also have legal serviceability requirements that force a certain level of openness and commonality • It makes sense for more collaboration between OEMs, suppliers, academia • Anyone’s failure gives everyone a black-eye • Active work starting with a new SAE working group and others forums

  14. Thank-you

More Related