Startseite > International > Is everyone on track?

Security in the automobile

Is everyone on track?

6. Dezember 2018, 9:03 Uhr | Iris Stroh

▶ Diesen Artikel anhören

Fortsetzung des Artikels von Teil 3

All interfaces can pose a risk

Steurich differentiates two classes of attack: remote attack and attack requiring physical access to a vehicle. Which class of attack is easier to carry out depends on system implementation (hardware and software). Steurich: “ISO/SAE 21434 defines risk analysis, countermeasures, and the necessary risk management over vehicle lifetime. Extra to the use of suitable protective measures with hardware and software and penetration testing, it’s doubtlessly sensible to consider certification by independent third parties, as is already common in other security-critical sectors like payment, passports.”

Slack is much more concrete. In his view each point of entry into the CAN bus offers hackers the possibility of sending malicious false messages, or starting denial-of-service attacks that could deactivate electronic control units of an automobile. Telematics units enable remote access to a vehicle because of the two-way communication. Continues Slack: “Any weakness in a WiFi, Bluetooth, 3G or 4G module can offer a path for the attacker to use errors in the vehicle operating system, leading to direct access to the CAN bus, which in most vehicles offers little security or none at all.”

Every penetration to the OBD II port offered direct access for a hacker to create chaos on the CAN bus. Thus, “Adding CAN message authentication to each control unit connected on the CAN bus can protect effectively in that false as opposed to authenticated messages are cryptographically filtered, and intrusion detection systems deliver an alert that the network could be attacked.” Even if Steurich is of the opinion that remote access and that needing physical access to an automobile is easier or more difficult depending on implementation, Nativel believes that OEMs are much more concerned with remote attacks than with local, that is physical ones.

Nativel further: “If you’re able to compromise the V2X infrastructure and falsify messages, you could cause global chaos by activating the emergency braking of cars, leading to many accidents. That calls for robust cryptography and key storage.” And Haight also sees a significant security problem in a fleet-wide hack, because a class break meant that if you broke into one unit, you broke into all of them. “Maxim is for digital authentication solutions with unique electronic serial numbers and secret keys for each single unit. If one unit is compromised, the fleet is still secure. To simplify key management, although each unit is unique, we use recognized asymmetric key algorithms, public key/private key like ECDSA (elliptic curve digital signature algorithm). The controller can read out the unique public key for a particular unit, and calculate authentication while the private key never gets outside”, says Haight.

Finally Giese: “Generally you can say that every automobile can be hacked, and that’s done most easily on an over-the-air interface, of which 10 and more are integrated in most new cars. So these interfaces have to be secured in the direction of a vehicle’s ECUs. Plus, carmakers must show more sense and no longer distribute USB sticks with software fixes for example.”