140 likes | 307 Views
2012 BSides Detroit Security Presentation: Vehicle Hacking. Michael Westra, CISSP June 2012. “If you think technology can solve your security problems, then you don’t understand the problem and you don’t understand the technology.” - Bruce Schnieier. Agenda.
E N D
2012 BSides Detroit Security Presentation: Vehicle Hacking Michael Westra, CISSPJune 2012 “If you think technology can solve your security problems, then you don’t understand the problem and you don’t understand the technology.”- Bruce Schnieier
Agenda • Unique challenges that automotive faces • Overview of CAN (Controller Area Network) • SYNC, a real world example of security thinking that went into a product on the market • Security Posture • Sample features within a security framework • OEM perspective on where industry is going • Auto security industry in review • Technology trends
Automotive Challenges • Automotive is very long lived • Development 2-5 years • Lifetime 3-5+ years • Often in service for 10+ years • Vehicles in design today will be on the road 20 years from now • Collection of discrete modules from many vendors • Includes variety of hardware from 8-bit microcontrollers to 32-bit ARM processors connected • Unique service requirements • Right to service laws mandate that non-OEM locations have access to tools and mechanisms to perform service and update modules • Disconnected service scenarios
CAN (Controller Area Network) • Mental Model • Based on broadcast virtual electrical signals, not traditional network model • No authentication, assumed trusted, does not check source ID • Heavily affects how development proceeds • Structure • 11-bit ID on broadcast • 8 bytes of data per message • Multiple “slow” buses (500kbps) • Applications layered on this like TP (streaming), Diagnostics, Programming
SYNC Background • SYNC first generation: • Launched in fall of 2007 • 4 million units earlier this year • MyFord Touch, second generation of SYNC: • Launched in fall of 2010 • No subscription required • Both products scheduled to be launched in all global markets within the next 18 months • Includes E911, Vehicle Health, and Traffic, Directions, and Information • Applinkprovides mobile phone application integration with the Sync UI
Current SYNC Features/Security Challenges • External interfaces • Bluetooth • Wi-Fi / USB Broadband / Network connectivity • Mobile Application Integration • Telematics • USB • Software Updates • Wireless Factory Provisioning • USB Updates • Playback of protected Media Content • CAN Interaction • Phonebook Integration • Large external attack surface. • Application Validity • Software Integrity Assurance • DRM/ Licensing • Protect the Vehicle Bus • Personally identifiable information (PII) considerations
General Security Lessons • Start by defining your product’s security posture. • Every device can be hacked with sufficient time, expertise, and motivation • Define what is worth protecting and to what level • An example from SYNC • A successful attack should require physical access to the internals of the module • A successful attack of one device should not be transferrable to immediately hack all devices • A general perimeter security architecture including hardware should be used to protect the most sensitive components • External non-hardwired or user accessible interfaces should be hardened as much as possible with multiple levels of protection
SYNC Security Challenges (continued) • Protect the Vehicle interface at all costs • …or to the same level as physical interfaces for serviceability currently mandated by law
Wi-Fi Provisioning • First in industry to dynamically download large volumes of data on the moving assembly line • Configure SYNC with language and other unique configuration on the moving assembly line • This completely automated process results in the conversion of labor-related expenses, allows for flexibility of future application upgrades
Mobile Application Integration • Different Application Integration Models • MirrorLink • Applink • Signature/Gateway Application • Security Implications • Each model has different going-in security assumptions • Apps are trusted or untrusted • Assumptions about spoofing applications • Apps are hosted, directly displayed, interact via an API • Not just security, Driver Distraction is an even larger concern (but ties back to first concern)
Auto security in review • UW papers • What could be controlled via CAN with physical access • How might remote access be achieved • TPMS hacks • Various demonstrations for keyless entry transponders
Where this technology is going… • Car industry is where PC industry was 15 years ago • But can benefit from their security learning • Fully Internet addressable fleets of automobiles • Increased integration with mobile applications • Continued democratization of technology • Global view, All vehicle levels (not just high-end) • Vehicle environment is different than mobile • Eyes on the road, Hands on the wheel • Safety around vehicle interfaces
Where the industry is going… • Security of major interfaces is getting a lot more attention (and press) • OEMs also have legal serviceability requirements that force a certain level of openness and commonality • It makes sense for more collaboration between OEMs, suppliers, academia • Anyone’s failure gives everyone a black-eye • Active work starting with a new SAE working group and others forums