Cristian Ion. Foto: Cymotive Technolgies
The fact that IT security in cars is a complex challenge is shown by the many reports about stolen vehicles, misguided autonomous cars and particularly dangerous hacker tools. In a conversation with Cristian Ion, Head of Secure Engineering at car security specialist Cymotive, for the current eMove360° magazine in german language, it becomes clear which risks are real and challenging.
There has been a lot of talk lately about Flipper Zero as a hacking tool. There are even calls to ban it. How do you feel about this?
Cristian Ion: I see Flipper Zero as a hacking tool for radio communications more as a useful tool for extensive testing requirements. The pen testing tool makes the attack easier for laypeople and script kiddies, but it also offers the option of loading numerous scripts and then executing them in order to test many attack vectors automatically.
Overall, there are currently very few affordable hardware tools for USB or CAN bus that can function as pen testing and attack tools to adequately test vehicle security measures.
Attack tools will always exist, but this should not be taken as a starting point to ban them, but to improve defense mechanisms.
As a car manufacturer, you need an extensive toolset to be able to comprehensively test safety. The aim is to determine the risk and impact of a successful attack on a vehicle.
The topic of IT security is not new. Couldn’t the auto industry simply adopt the technology from the software industry or the manufacturing industry? Or are the differences bigger?
Ion: Ultimately, the automotive industry is in the advantageous situation of not being a technological pioneer when it comes to safety and being able to learn and adopt a lot from the industry. However, it is not about copying them one-to-one, but rather adapting them sensibly.
What the industrial and automotive sectors have in common is that they develop products that last a long time. Today, software is already being developed for vehicles that will come onto the market in 2030 and will then be in service for 10, 15 or 20 years. So they will still be actively used in 2050. Software development must already take this into account today and provide for the possibility of installing updates on every device. To do this, regulatory framework conditions must be observed and all manufacturers involved along the supply chain must also be able to carry out the updates in a secure manner.
Another aspect that makes car IT security particularly challenging is physical accessibility. For industrial products, the owner ensures that only authorized persons have access to the machines. A car is easily accessible and is often parked in public parking spaces. A vehicle also communicates with the outside world in a variety of ways, which makes it vulnerable. This is particularly true for the charging process, in which an Ethernet connection is often established between the car and the charging network.
A car consists of hundreds of IT components, often from many different suppliers. When it comes to digitalizing vehicles, the automotive industry is now in the same position in terms of safety where smartphones were 15 years ago. Back then there were no large platforms and the market was fragmented. When that changed and the two big players Android and iOS were able to assert themselves, the attacks also became more intelligent and were more difficult to defend against.
A similar development can now also be expected for vehicles. There are still no known attacks involving, for example, remote execution attacks. But it’s only a matter of time. Here too, there are already signs of a consolidation of various platforms. And that also makes it interesting for attackers.
Vehicle manufacturers often claim that attackers cannot completely take over vehicles and, figuratively speaking, “drive them into the wall”. What are the typical dangers of successful vehicle attacks?
Ion: The simplest consequence is the theft of a single vehicle, which could be a devastating loss for the driver but also damage the brand as a technology company.
However, if a fleet’s back-end management system can be penetrated, hundreds or thousands of autonomous vehicles can be sent to one location in a city to cause a traffic jam, or distributed on highways to stop all vehicles there.
Autonomous vehicles also have to create a 3D object of the environment from the mix of different sensors (video, radar, LiDAR, ultrasound) in order to be able to navigate and drive. Anyone who deliberately deceives individual sensors can cause the vehicle to take unpredictable actions. The same applies if an attacker manages to manipulate card data that the vehicle obtains from the Internet.
A key threat risk is that attackers may gain physical access to an autonomous vehicle and use this access to attempt to penetrate back-end management systems to gain control of a variety of vehicles.
This leads to the important question: Can we as car manufacturers respond to these cyber security challenges?
Ion: In order to make it as difficult as possible for attackers, OEMs are no longer connecting all devices to a single bus system and a central gateway, but are instead establishing zones with many smaller gateways in the vehicle. This shortens paths (and increases performance), but also seals off some areas from each other and makes it more difficult for hackers to access critical systems. If there is only one gateway, the entire system is under external control once it is taken over.
New systems use multiple physically separate subnets, virtualization and embedded chips with virtualization for real-time operating systems.
Car IT systems also have the advantage over general IT systems and IT infrastructures in that they know very precisely which systems and ‘players’ in the vehicle are allowed to do what and how they communicate. Unlike, for example, mobile networks, it is always clear which communication is permitted and which is “unusual”. This makes it easier to detect attacks and attackers with an intrusion detection system and to take timely countermeasures using an intrusion prevention system.
About the interviewee: Cristian Ion is an IT expert for automotive and application security. After studying computer science, industrial engineering and cybersecurity, he has gained over 20 years of experience in developing security architectures and applications for DAX companies. He has been Head of Secure Engineering at CYMOTIVE Technologies since 2017 and leads an experienced team of security experts, risk managers as well as security architecture and penetration testers. His areas of expertise include the safety of driver assistance systems and autonomous driving functions, but also topics such as e-mobility and the safety architecture in the vehicle and backend
