Communications - November 2011

crocontrollers to communicate with
each other. As additional devices be-
come connected to the CAN, the securi-
ty exposures are multiplied. “It is a bad
idea to trust any commands flowing on
the CAN bus,” says Xu. “More and more
ECUs [Electronic Control Units] with
wireless capabilities are added onto
the CAN bus, which opens a door for
remote attacks.”
In a similar vein, researcher Kevin
Finisterre of security consultancy Dig-
ital Munition recently drew headlines
when he managed to compromise a
police cruiser by taking advantage
of security holes in the onboard net-
working system.

“I was working to help a police de-
partment vet its technology choices,”
recalls Finisterre, who has declined
to identify the municipality that hired
him. “The staff had several concerns
with regard to the resiliency of their
network to withstand an attack from
a hacker.”
Finisterre soon proved his client’s
hunch correct. After scanning several
IP addresses known to be used by the
city, he traced one of them back to a
Linux machine installed inside one of
the city’s police cruisers. Using simple
Telnet and FTP connections, he was
able to access a streaming live video
feed from the cruiser’s onboard cam-
era, as well as stored footage on a digi-
tal video recording device, and could
upload, download, and delete footage
stored on the car’s onboard computer.
At one point, Finisterre found himself
monitoring the cruiser’s video and
audio feeds in real time as an officer
responded to an incident.

Demonstrations like this may highlight potentially troubling flaws in modern automotive security, but how likely is it that ordinary car thieves will master these advanced computer science techniques in sufficient numbers to present a real threat to the average driver?

“To me, expertise is never a factor
in determining threat level,” says Fin-
isterre. “Expertise can be gained either
through rapid prototyping in a test
environment or via simply social engi-
neering someone who already has said
experience. I think at this point in the
game more targeted attacks may be oc-
curring and being kept under wraps.”
Finisterre acknowledges, however,
that most of the threats remain largely

u.s. researchers
have remotely
controlled a car by
means of on-board
Bluetooth or cellular
services, thus
demonstrating that
motor vehicles could
be controlled purely
through wireless
mechanisms.

hypothetical. “The general population
is most likely not currently exposed to
much risk. If you, on the other hand,
were in a position in which sensitive
conversations are had in your vehicle
I may be more concerned about the
built-in system and its various data in-
gress points.”
Xu agrees that the real threat to driv-
ers is probably limited. Replicating her
team’s tire-hacking exercise would be
expensive for most car thieves; each of
her vehicle-tracking tools costs $1,500
to make. “It requires higher commit-
ment, and thus imposes less risk,” she
explains. “Of course, the unit price can
be further reduced, but it’s still not a
small number for regular consumers.”
However, Xu isn’t taking any chanc-
es. Her team won’t release its tools to
the public. “It is not impossible that
some people driven by profit incentive
could make and sell commodity prod-
ucts on eBay to unlock others’ cars,”
she says.

While the practical risks may seem limited, nonetheless the automotive industry bears the ultimate responsibility—and potential legal liability— for ensuring the safety and security of its vehicles.

To date, computer security has
lagged far down the list of automakers’
business priorities. That may be starting
to change, however, thanks to Toyota’s
2010 Prius problems and a growing
awareness of automotive security issues
in the computer science community.

Further Reading

Checkoway, S., et al.

Comprehensive Experimental Analyses of Automotive Attack Surfaces, national Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, Washington, D.C., March 3–4, 2011. Francillon, A., Danev, B., and Capkun, S. Relay attacks on passive keyless entry and start systems in modern cars, Proceedings of the 19th USENIX Security Symposium, Washington, D.C., August 11–13, 2010. Koscher, K., et al. Experimental security analysis of a modern automobile, IEEE Symposium on Security and Privacy, Oakland, CA, May 16–19, 2010. Rouf, I., et al. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study, Proceedings of the 19th USENIX Security Symposium, Washington, D.C., August 11–13, 2010.