Automotive Attack Surfaces: Where Cars Are at Risk

Researchers at the Black Hat USA 2014 conference detail potential automotive attack surface risks and provide a new approach to defending against attacks.

Black Hat

LAS VEGAS—Among the most anticipated talks at the Black Hat USA 2014 conference here was one on automotive hacking by security researchers Charlie Miller and Chris Valasek. The pair had attempted to present at Black Hat 2013 on the topic of automotive hacking, but had their talk rejected.

"Last year our talk got rejected at Black Hat, so we wanted to come up with something that would be accepted this year," Miller said.

The 2013 talk that Miller and Valasek had submitted was about just what could be done to cars by hackers. This year, the researchers took a more robust and disciplined approach to the topic and analyzed the automotive attack surface itself to determine where risk might exist.

The potential impact of automotive hacking risk is nontrivial and is different from other forms of cyber-attack.

"You can pop a computer or a phone, and you can recover from it," Valasek said. "But with a car, if someone attacks it, it can result in physical harm."

Looking at the actual attack surface that is present in cars, the researchers explained that cars have remote access capabilities and they have cyber-physical features as well. A cyber-physical feature is defined as a computer that enables a physical action on a car like turning the steering wheel or applying the brakes.

"Many cars have automated features, and from our perspective these are all targets," Miller said.

The two researchers detailed a number of systems in modern cars that could potentially provide a way to access and exploit the vehicle. In particular, the researchers see a viable attack surface with the Bluetooth stack present in cars as well as the radio data system. They also see risk with the telematics, cellular and WiFi systems in certain cars. Then, there are vehicles with Internet and in-car apps.

"Once you add a Web browser to a car, it's over," Miller said.

Using publicly available online documentation, the two researchers searched the Internet and found details on multiple vehicles' in-car systems. The researchers then spent the time to score each vehicle based on the system architecture and its potential attack surface. The full 92-page report is not yet publicly available, though the researchers said it would be made available in the near future.

From a remediation perspective, when and if a software vulnerability is found in a car, patching is not an easy process. Miller noted that patching on cars is really hard, with manufacturers sending car owners notices that they need to bring a vehicle in for an update.

In a bid to further help protect users, the two researchers are taking a page from network security. In many modern networks, an IPS (Intrusion Prevention System) is present, monitoring and defending against attacks. The researchers built a proof of concept in-car IPS that could prevent a car's systems from being hacked.

Miller said that when something is detected, the action can just be blocked.

"The system learns the baseline, and anything that strays from the baseline is considered bad," Miller said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.