author: Michael Cheng

The most important report at this stage of development for the growing connected car industry in 2016 may have been published by ENISA, a European security firm. The report, titled Cyber Security and Resilience of smart cars, is a comprehensive rundown of crippling vulnerabilities connected cars are highly prone to on public roads (attack scenarios, threats and more).

While drafting the report, the agency looked to key leaders in the sector for advice, such as Andreas Bogk (HERE), Evgeny Grigorenko (Kaspersky Lab) and Joachim Lueken (Nokia Solutions and Networks). It is important to consider that car-to-car and autonomous vessels are not covered in the document. The reason for this omission is because the technologies have not reached a standard level of maturity that allows them to be used by everyday consumers. Telematics, smart infotainment systems and the pitfalls of intra-vehicular communication are included in the 84-page assessment.

Threats and Assets

The report offers a daunting overview of the effects of digital attacks on smart cars. For example, information leakage arising from unsecure data storage practices could compromise one's IP-sensitive firmware and the level of privacy over sub-networks. In a classic "man in the middle" hack, wherein a criminal impersonates crucial features inside the vehicle, such as an app store or even the vehicle itself during a V2V session, the degree of attack could devastate the car's chassis control sub-network (i.e., steering control and breaking system), as well as the body control sub-network (i.e., instrument clusters and door locking), depending on the components being targeted.

Most of the examples provided in the report received a "high" criticality rating but low "likelihood" rating. The only type of attack that received a moderate "likelihood" rating (labeled as "possible" in the document) is local-based hacks. Possible scenarios include relay attacks, smart key cloning and exploiting keyless entry systems. The level of devastation associated with such attacks varies, from a complete shutdown of internal functionalities (mostly body control sub-network components, but may also affect the power train sub-network [engine control, transmission control and more]) to physically getting the car stolen.

"In order to overcome this challenge, the industry should define security validation processes that explicitly address abuse cases and attacks, which requires a simulation of such attacks (in other words, penetration testing)," ENISA said in the report.

Architectural Limitations (CAN bus)

The backbone of smart cars is a secure network that favors CAN (Control Area Network) bus processing instead of standard internet protocols. This type of message-based protocol has been around for almost 25 years and does not need a host computer during operation. ENISA researchers see several issues with CAN bus, which could cause increased vulnerability to denial-of-service (DoS) attacks, problems with network segregation and openness to reverse engineering. It also leaves numerous remote entry points for criminals, such as web browsers and other deceivingly harmless interfaces.

"We need to bring together all European automotive industry actors to secure smart cars today, for safer autonomous cars tomorrow," said ENISA executive director, Udo Helmbrecht, in a statement.