Another month and yet another story about the vulnerability of modern vehicles to hackers looking to take control of our automobiles. According to a recent Trend Micro report, a security research team found that it is possible to turn off a vehicle’s key automated components—including safety mechanisms such as the antilock braking system (ABS) and door locks—by accessing its internal controller area network (CAN) bus, which is the network that connects all of a vehicle’s devices. The team, which included researchers from Politecnico di Milano, Linklayer Labs, and Trend Micro, concluded that the new denial of service (DoS) attack was vendor neutral and “indefensible by modern car security technology.”
Unfortunately, the DoS attack described in Trend Micro’s report is just the latest in a long list of examples (e.g., the 2015 Jeep hack and the recent Telsa Model X hack) showing how determined hackers can gain access to a connected car. With each newly uncovered vulnerability, the lack of sufficient vehicle security becomes an even more critical issue for the automotive industry to address. Manufacturers must quickly find a solution, especially if they want to convince consumers that semi- and fully-autonomous vehicles are safe.
Connected vehicles are another manifestation of the Internet of Things (IoT), and securing the “Internet of Vehicles” (IoV) is rapidly growing in importance for a host of security-, safety-, and privacy-related reasons. However, implementing the necessary security is not a trivial task, particularly because doing so requires engineers to secure everything from a vehicle’s wireless LAN system down to a small 8-bit processor in a tire pressure monitoring system (TPMS). This is challenging because a vehicle’s numerous 8- and 16-bit devices, which are key components in automotive control units and a variety of sensors, lack the computing and memory resources needed to implement legacy security methods. As a result, too many automobiles rely on insecure devices that are vulnerable to attack.
According to McKinsey, the average automobile now has around $350 of semiconductor content, much of which is made up of microcontrollers (MCUs). In high-end vehicles, this figure leaps to $1000. It is likely that future vehicle designs will require even more MCUs to address consumer demand for new safety and entertainment functions. Automobile manufacturers must begin implementing trusted authentication and data protection solutions that are proven to secure these low-resource devices. The good news is that public-key (asymmetric) cryptography offers a strong defense against hacking, and low-energy IoT security solutions are available that work efficiently in 32-, 16-, and even 8-bit environments. The sooner automotive manufacturers adopt such a solution the sooner they will secure the IoV.