The NMA Foundation presents The Car of the Future weekly feature:
Auto Privacy and cybersecurity are two large issues when we look at the car of the future. This week a security firm called Trend Micro announced they have discovered an autoimmune hack that could affect your vehicle even though they don’t believe that it has.
Wired.com illustrated this hack fairly clearly in an article this week. Writer Andy Greenburg wrote, “…one new car-hacking trick illustrates that while awareness of hacking vulnerabilities helps, protection can be extremely complex”. He adds that this vulnerability that Trend Micro has uncovered in a car’s internal network is not only universal but can be exploited while bypassing anti-hacking mechanisms.
On the TrendMicro blog this week, Senior Threat Researcher Federico Maggi wrote the following:
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security industry’s response be when a hack is found that is not only successful in being able to drastically affect the performance and function of the car, but is also stealthy and vendor neutral?
This is an autoimmune and a “denial of service” hack that turns off components such as your car’s airbags, anti-lock brakes, door locks and other safety mechanisms. Maggi says, “It doesn’t depend on a specific vulnerability in some piece of software. It’s a vulnerability in the design of the CAN standard itself.”
CAN is the acronym for Controller Area Network and is the currently used internal vehicle communication system that links all of the electronic systems together to allow communication inside each car. The CAN system started with some new vehicles in 2003 and has been the standard since.
The CAN vulnerability works a bit like an autoimmune disease that causes a human body to attack itself. Previous hacks took over a car’s components through the internal network and spoofed new “frames,” which is the basic unit of communication in the CAN network. This new vulnerability waits for a target component to send one of these frames and then will send its own corrupted bit to override the frame’s bit. The CAN protocol requires that if there is a problem that it send an error message recalling that faulty message. Apparently if the attack is repeated enough times, the network will cut that component off from further communications.
This hack is hard to detect and can easily circumvent existing detection systems looking for corrupted frames. Apparently the hack vulnerability is not the fault of automakers but of the CAN protocol itself according to Maggi. Automakers can segment their networks to isolate critical safety components from ones that might be accessible to hackers. Maggi suggests that perhaps the CAN protocol itself needs an upgrade.
Good news though—there have been no known cyberattacks using this vulnerability as of yet and any hacker would need to have a sophisticated knowledge of CAN protocol to know how to do this.
Car hacking is a real and serious threat for cars now and most certainly for the car of the future. Consumers will need to trust cybersecurity experts, tech companies and automakers to make sure that we are all safe. Fixing the CAN protocol needs to be a top priority.
* * *
The NMA Foundation is a 501c3 nonprofit organization dedicated to protecting your interests as a motorist and citizen through the multi-faceted approach of research, education, and litigation. The Foundation is able to offer this assistance through tax-deductible contributions.
* * *
If you are interested in learning more about the Car of the Future check out the following NMA resources:
NMA Driving News Feed—Over 50 Car of the Future stories are placed each month in the NMA Driving News—the go-to source for all your driving news information from around the country.
NMA’s Flipboard Magazine called Car of the Future—Over 50 stories are placed each month in this magazine devoted to the Car of the Future. Stories featured include future car politics, industry news and thought pieces.
Follow the National Motorists Association on Pinterest Here OR
Follow individual Boards that have a specialized focus on the Car of the Future:
If you have an interesting story about the Car of the Future, please feel free to send us a link to the NMA Email address firstname.lastname@example.org.
Thank you for your support!