Connected vehicles: why automakers are hacking now

Menus

Why automakers are now hacking

This is how easy it is for hackers to control their cars remotely

You’re sitting in the car and suddenly the engine cuts out – in the middle of the highway. The brakes no longer work either. In the US, hackers have now shown how easy it is to manipulate cars. Source: N24

Autoplay

The more networked the car is, the more susceptible it becomes to unauthorized access from outside. The industry tries to arm itself against attacks with unusual means. But the risk remains.

I.n last spring, the Hessian police had to deal with a puzzling series of thefts. Within a few months, around 80 luxury cars disappeared in Hanau and Offenbach. When some of the vehicles reappeared later, no signs of burglary were found – no scratches on the door or the lock, no loose cables. The alarm systems had not been tampered with either. Apparently the thieves managed to open and start the cars remotely.

In the course of digitization, cars communicate with their surroundings in various ways. This makes them vulnerable to outside access. The more interfaces a vehicle has, the more vulnerable it becomes. Car manufacturers have to face this risk, especially since the number of connected cars is increasing rapidly.

As early as 2018, every new vehicle in Europe must have a SIM card on board in order to be able to make emergency calls, and according to a study by Ernst & Young, around 100 million vehicles will be connected to the Internet by 2025.

This is the rescue alley deluxe

It crashes on the B17 near Augsburg – rubble on the asphalt, oil everywhere: full closure. The fire brigade approaches, they drive through the perfect rescue alley. The video of it inspires the network. Source: Koenigsbrunn Volunteer Fire Brigade

This results in 100 million potential gateways for hacker attacks – and a growing need for security precautions. According to the MarketsandMarkets agency, sales of vehicle security systems will increase to 11.5 billion euros by 2019.

The investigators from Hesse finally discovered that the stolen vehicles had one thing in common: They all had a so-called PKES system. With this system – the abbreviation stands for "Passive Keyless Entry And Start" – the car opens automatically when you approach with the key, without having to press any button.

The system is not only used in the luxury segment, a number of mid-range vehicles are now also equipped with it. There is a transmitter in the door opener that communicates with the vehicle on an encrypted frequency. The only problem is: the encryption does not change the fact that the system is relatively easy to outsmart.

Key frequency is easy to find out

The car thieves use a simple trick. You extend the range of the key signal with amplifiers up to 400 meters. The only thing you have to know is the frequency on which the key is sending – and it can easily be found on the network. So you don’t even have to be an experienced hacker to get hold of someone else’s vehicle. The corresponding equipment can be ordered for a few euros on eBay.

As soon as the car receives the signal, it opens the doors. A second signal is responsible for starting the engine and switching off the immobilizer, but it is transmitted in parallel. This means that the engine can also be started without a key. Some manufacturers have installed systems that continuously check whether the key’s signal is still there while driving.

If it is missing, the driver is warned that the engine will soon be switched off. Other manufacturers save the inspection, you can drive as long as the engine is running. For most thieves, a short activation is enough to drive the vehicle onto a trailer. So far, you can hardly defend yourself against it.

The VW Budd-e can be controlled with gestures

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

1 of 6

The Budd-e stands for the reorientation at Volkswagen. The group wants to become a driving force in the networking of automobiles. The wheels of the study …

Source: Ingo Barenschee

Connected vehicles: why automakers are hacking now-connected

2 of 6

… rumble still a little, but the two electric motors on the axles together produce 225 kW and ensure that the minivan starts up in less than seven seconds Reached a speed of 100 kilometers per hour. In the cockpit …

Source: Ingo Barenschee

Connected vehicles: why automakers are hacking now-vehicles

3 of 6

… A three-part panorama screen awaits the driver. The software architecture of the Budd-e is already designed to knock out household appliances at home in the apartmentmmunicate. On the interior …

Source: Ingo Barenschee

Connected vehicles: why automakers are hacking now-connected

4 of 6

… However, the VW designers will still have to work. The rear seats are somewhat reminiscent of a corner bench in the kitchen-living room of a row house from the 1970s. And that touchineless opening of the tailgate …

Source: Ingo Barenschee

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

5 of 6

… with one foot movement is already known from various series vehicles. But with the Budd-e, many other functions can be controlled with a hand movement. As a future vision …

Source: Ingo Barenschee

Connected vehicles: why automakers are hacking now-automakers

6 of 6

… The spacious concept vehicle should also help to reconcile US customers after the emissions scandal.

Source: Ingo Barenschee

Theft is even the smaller problem when it comes to unauthorized access to the car – it is hard to imagine what could happen if hackers remotely access moving cars. The Federal Office for Information Security (BSI) is already warning of fatal dangers.

It is only a small step from a hacker attack before someone tries to manipulate the brakes. "Serious accidents and deaths would then be possible," said the new BSI President Arne Schonbohm recently in an interview with "Welt am Sonntag".

How close this scenario is to reality was proven by the two researchers Charlie Miller and Chris Valasek when they managed to take control of a Jeep vehicle and bring it to a remote stop. In doing so, they made use of several security loopholes in the “UConnect” entertainment system installed in the car.

Once you’ve got that far, you can manipulate just about every function of the vehicle.

Hans-Joachim Schleissheimer, Managing Director of Schleibheimer GmbH

“A lot must have gone wrong with Jeep,” says Hans-Joachim Schleibheimer, Managing Director of Schleibheimer GmbH, based in Wollstadt near Friedberg in Upper Hesse. The IT specialist is familiar with the software architecture in cars. For more than 20 years, his company has worked for Continental, one of the most important suppliers to the international automotive industry, among others.

Schleissheimer’s explanation for the hacked Jeep leads deep into the car’s electronic bowels. In addition to the telephone module, the so-called CAN bus is responsible for the security gap. This central interface connects the various control units in the car with one another. When you accelerate, the signal has to reach the transmission at some point that it should shift up a gear.

Conversely, the transmission sends a signal so that the motor briefly interrupts the tractive effort when upshifting. In other words: All safety-relevant information runs via the CAN bus. This also applies to processes that are controlled via the infotainment system. For example, it is not uncommon for the intensity of the spring damping or the settings of the driving dynamics to be linked to the infotainment system. The WLAN and GSM functions are also located there.

From the die-cut model to the high-tech hand flatterer

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

1 of 5

Has it had its day? No, only the old, stamped models of the car key have become rare. For example at BMW has its future …

Source: Getty Images

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

2 of 5

… already started. The Munich manufacturer has built a display into the key of the new 7 Series. With its help, for example, the automatic parking process can be monitored, which in the brand flagship can also be started from outside the car. Car keys are becoming more and more similar in function and design to smartphones. But they also serve …

Source: BMW Group

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

3 of 5

… the social trend towards individualization. The key of the Fiat 500 can be ordered in numerous variants. Another example …

Source: Fiat Chrysler Automobiles

Connected vehicles: why automakers are hacking now-connected

4 of 5

… is the choice of car keys at Volvo. This shows how the small but important accessory component could continue to change in the future …

Source: Continental

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

5 of 5

… Design sketch by the supplier Continental, who is also researching and developing the "intelligence" of the car key. Other brands, such as the supercar maker Pagani, have long since made the key a super expensive piece of jewelry.

Source: Continental

It was through this gate that Miller and Valasek gained access to the jeep’s central nervous system. The two researchers smuggled in a virus via the telephone module that pretended to be part of this system. Then they could access subordinate circuits of the vehicle, including the brakes. "Once you’ve got that far, you can manipulate almost every function of the vehicle," says Schleibheimer.

Jeep was lucky in misfortune. The loophole was discovered by researchers, not malicious hackers. Miller and Valasek also held tight for eight months to fix the problem.

The fact that it took so long to complete a patch for the software also shows how serious the vulnerability was. The problem of getting a security update into the car was no less serious. In contrast to smartphones, the systems in the car cannot be brought up to date via the Internet. Instead, 1.4 million vehicles had to be recalled.

Gateways are the bouncers of the internal systems

The industry doesn’t like to talk about the concerns their connected vehicles may cause in the future. After all, the German auto industry has so far been spared serious problems, which is also due to the fact that the topic has been dealt with for years.

Daimler AG announces that there is no fear of a situation like with the Jeep: “The transitions between the network segments are secured by special gateways. This means that, for example, the infotainment system is decoupled from functions critical to driving, such as accelerator and brake. "

The gateways are something like the doormen of the internal systems. They check the access authorization and, as it were, carry out facial checks when data moves back and forth between the various system levels. However, the two researchers who hacked the jeep managed to bypass the doorman: They were able to crack the gateway, as they proudly announced at the Def Con 23 hacker conference.

Daimler has an answer to that too. In the group’s vehicles, the gateway cannot be hacked because they work with encrypted signatures. Updates are encrypted using SSL. Even if the updates will be made over the network in the future: No update without a key.

silent post

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

1 of 6

A start-up company of the Post developed the street scooter especially for the daily requirements of the delivery service. Functionality took precedence over beauty and comfort. In the cockpit …

Source: Jakob Hoff

Connected vehicles: why automakers are hacking now-hacking

2 of 6

… That is why everything unnecessary has been dispensed with. Even the passenger seat had to give way to a bracket that can accommodate six mail boxes. After the electric car …

Source: Jakob Hoff

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

3 of 6

… has spent the night at the socket, it has a range of 50 to 60 kilometers – enough to supply around 500 addresses with mail. The box-shaped structure des delivery truck …

Source: Jakob Hoff

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

4 of 6

… was placed at waist height so that the postmen don’t have to bend down as often when handling parcels. Around 500 street scooters …

Source: Jakob Hoff

Connected vehicles: why automakers are hacking now-hacking

5 of 6

… are currently on the move for the post in Germany and the Netherlands. Until the end of the year …

Source: Jakob Hoff

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

6 of 6

… it should be 2500. In addition, the Post wants to market the street scooter to business customers in the logistics sector – as a functional alternative to the Tesla model.

Source: Jakob Hoff

Sometimes encryption doesn’t help, because the sources of error can also lie completely elsewhere. In February it was announced that there was a security flaw in the Nissan Leaf electric vehicle that was so easy to exploit that you didn’t even need to have special technical knowledge to gain control of certain functions of the vehicle.

All that was needed was the “NissanConnect EV” app specially developed for the vehicle and the chassis number. On all newer cars it is clearly legible behind the windshield. If you entered this number into the app, you could determine the location of a vehicle and operate the air conditioning – and thus completely empty the battery of the electric car. The deficiency has now been remedied.

The two examples show how complicated life has become for automakers. You not only have to secure your own systems against attacks, you also have to be careful that your partners, such as the developer of an app, do not leave any gaps in the software. At the same time, the number of programming lines that keep the on-board electronics running has become unmanageably large.

Audi hired hackers

Today there are around 100 million lines of code in the software of an upper mid-range vehicle. For comparison: the new Boeing 787 only needs 15 million lines to take off. Experts assume that vehicles will accommodate up to 300 million lines of code in the future. And even a small mistake can make a car unsafe.

At Audi, they are taking an unusual approach to countering this risk: they employ hackers. “We also commission external IT specialists to subject our software and hardware to various penetration tests. This also includes attempts to attack and hack the systems from the outside, i.e. to break in without authorization. We regularly use professional service providers for this, ”reveals a spokesman for the group.

Daimler also commissioned a group of so-called “white hat hackers” to check the software architecture of the new S-Class for security deficiencies for three months. The Californian manufacturer Tesla is even issuing a "Bug Bounty", a bonus for uncovering software errors and security gaps, as has long been the norm at IT companies such as Microsoft or Oracle. Depending on the severity of the error, the prize money is between 25 and 10,000 dollars, and there is also an entry in the company’s hacker hall of fame.

This is how a Tesla is made

Connected vehicles: why automakers are hacking now-vehicles

1 of 13

Last September, Tesla opened a new assembly hall in Tilburg, the Netherlands. Around 180 employees …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-vehicles

2 of 13

… are currently screwing the Model S together there. The electrically powered sedans are prefabricated in the main factory in California …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-vehicles

3 of 13

… and then shipped in overseas containers. That takes six to eight weeks. The so-called semi-knocked-down vehicles

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

4 of 13

… are assembled in Tilburg and made ready to drive. The final assembly in the low-energy hall …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-connected

5 of 13

… takes one to two hours and includes the installation of the battery, the drive train and the rear axle. All in all …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-vehicles

6 of 13

… 36 components are assembled, all of which are easily accessible. The Model S floats through the hall on a glider. Anything goes in this car factory …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

7 of 13

… surprisingly quiet too. You don’t experience any excitement or hectic activity here. On the contrary: the employees …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer GmbH

8 of 13

… look relaxed and work like in a trance. Long term …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

9 of 13

… Motors, axles and other components are also to be manufactured in Holland. After assembly …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

10 of 13

… The cars go through a quality control that tests lights, brakes and acceleration, among other things. The Tesla factory even has it …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-automakers

11 of 13

… via an indoor test track. When the car has no flaws …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

12 of 13

… it rolls slowly into the next hall and is refueled there with electricity. Currently …

Source: Dominik Asbach

Connected vehicles: why automakers are hacking now-Hans-Joachim Schleissheimer Managing Director Schleibheimer

13 of 13

… Around 90 limousines leave the factory every day. So there is still plenty of space to assemble the Model 3.

Source: Dominik Asbach

If you talk to experts from the auto industry away from the official channels, confidence gives way to a certain skepticism. One cannot guarantee total security, there will always be gaps, which is also due to the fact that customers are demanding more and more connectivity. And it is impossible to control how third or fourth party providers protect their programs. The only thing you can do is secure your own system against external attacks that you can anticipate yourself.

Karamba Security is one of those companies that have benefited from manufacturers’ insecurity. The start-up from the USA was founded in 2015 by Israelis David Barzilai, Ami Dotan, Tal Ben David and Assaf Harel and develops security solutions for the automotive industry. Even before the founders were able to win their first customer, they secured funding of $ 2.5 million.

Jeep hackers have a career

Karamba Security has developed a kind of firewall for the car. The start-up’s security software checks every access and every code that is executed in the system. Only software that is known to the security system is permitted – regardless of whether it is accessed via the on-board diagnostic interface, WLAN, Bluetooth or USB.

The Karamba solution has the advantage that it is anchored in the vehicle’s internal network – and that it can also be retrofitted in older models. This results in huge potential in the booming security services market.

Charlie Miller and Chris Valasek were also able to capitalize on the successful attack on the Jeep: The mobility service provider Uber recruited the two It freaks as security experts. The race between industry and the hackers has only just begun.

Hans-Joachim Schleissheimer, Managing Director of Schleibheimer GmbH

Related articles

Please follow and like us:

Leave a Comment