Connected Car Security – Three Ways to Prevent Class Breaks

Depending on where you live driving a vehicle can be challenging. Road construction, traffic, detours, congestion all add to the complexities of getting from point A to point B. And while today’s automobiles are ripe with luxuries that make your time behind the wheel a bit more pleasant there are also any number of hidden amenities that can deliver a driving experience a bit more than you bargained for.

Take MirroLink for example. According to a ScienceDaily article, a group of students and professors from NYU Tandon School of Engineering and George Mason University discovered some serious vulnerabilities in MirrorLink. Representing 80 percent of the global automakers, the Connected Car Consortium created MirrorLink as a standard protocol for smartphone communication with a car’s in-vehicle infotainment system (IVI). While some automakers disable MirrorLink in favor of their own IVI solution it’s still installed and able to be enabled for good or bad.

The researchers were able to do just that in a 2015 model vehicle they purchased for their experiments. Using only information available to the public – including much-watched YouTube videos – they were able to enable MirrorLink and access vehicle safety equipment controls such as anti-lock brakes.

It was only last year when NBC News featured a hacker that was able to gain access to a Jeep through Bluetooth vulnerabilities and actually steer and brake the vehicle. While connectivity and conveniences are a driver’s dream it has the potential to be a complete nightmare as well. Beyond data leaks and malware, the potential for systematic hacks that can actually subvert a car’s control systems and brakes are now an unfortunate reality.

Earlier this year, the FBI and the National Highway Traffic Safety Administration (NHTSA) warned that the increased use of computers in motor vehicles posed an increasing risk for cyberattacks. Specifically, the increased use of electronic control units (ECUs) that control any number of vehicle functions such as steering, braking, acceleration, lights, windshield wipers, and other wireless functionality such as keyless entry and ignition control provide possible entry points for hackers looking to wreak havoc with a driver and their vehicle.

Given this new reality, the question that needs to be answered is How can car manufacturers reduce the potential for data leaks and potentially more serious attacks?

The answer is that devices need to be ‘hardened’ to resist attacks on sensor technologies found in vehicles (and many other IoT technologies). To secure connected devices such as vehicles, there needs to be protection against class breaks – those attacks that if successfully engineered on one software instance, can be applied to other instances of the same software. The following three security schemes are available to manufacturers:

  1. Software diversification is a leading protection technique against class breaks. It significantly increases the time and cost of attacking an installed base of protected applications. Essentially, the attacker must crack each copy of the application. For this reason, software diversification should be a de facto means to protect software applications that are distributed in large numbers to consumer devices, such as desktop computers, mobile devices, and game consoles.

    There are two types of software diversification – data and code. Applications containing cryptographic operations should employ at least one, but preferably both, types of software diversification.
  1. Data diversification is a relatively simple method that enhances protection against class breaks. With this method, certain embedded data values referenced by the program code vary among different instances of the same application. For example, this data value could be a key that encrypts a database stored on a device, or that encrypts other keys imported into the application. If a hacker manages to extract the key from a particular application instance, he would not be able to use that key to decrypt the secrets of other application instances.

    To use data diversification, unique and “personalized” data values have to be injected into the binary image during code compilation or deployment.
  1. Code diversification is a much more sophisticated and robust (and usually, costlier) protection against class breaks than data diversification. With this method, binary instructions vary between different instances, or between separate sets of instances. Code diversification is typically a result of applying in-house or vendor-supplied tamper-resistance techniques. This may include code obfuscation, instruction set randomization, integrity protection, anti-debug and anti-dumping techniques, code signing, or virtualization. In most cases, for the sake of performance and simplicity, it is enough to diversify just the sensitive parts of the program code (like the cryptographic routines), but in other cases, the protection can benefit from diversifying the whole executable.

It will only take one data breach or hack to a vehicle that results in a serious accident to wake up automobile manufacturers and drivers that a better, more secure security solution is needed.