Why vehicle security may require a different approach
Yoni Kahana, NanoLock
embedded.com (October 16, 2018)
With more than 152 million vehicles connnected to the Internet by 2020, it’s no surprise that engine control units (ECUs) are easy targets for attackers and other adversaries. This is supported by published reports on recent attacks on Volkswagen/Audi, BMW, and Tesla vehicles. And as cars become more connected, this trend will continue to grow.
Hacker Access
There are a number entry points, such as Wi-Fi, Telematics, Bluetooth that hackers can gain access to vulnerable ECUs. In April 2018, Computest reported vulnerabilities in Audi vehicles that enabled hackers to gain access via Wi-Fi to the in-vehicle network (IVN), gain root privilege, execute rough firmware updates and manipulate the gateway. In May 2018, Keen Labs published its research on BMW and demonstrated how they could penetrate the system via the telematics unit and change the gateway policy (among others) in order to gain control of the IVN. They also found code signing vulnerabilities that could be exploited to update the image to a rough image. And in 2016 and 2017, Keen Labs published their research on vulnerabilities in Tesla vehicles, where in both cases the team attacked the Wi-Fi. This allowed them to manipulate and modify the software or bypass the code signing verification. While this is not an exhaustive list, it demonstrates how many attack vectors are able to gain control over the ECUs and eventually take over commands in the vehicle.
E-mail This Article | Printer-Friendly Page |
Related Articles
- Why Transceiver-Rich FPGAs Are Suitable for Vehicle Infotainment System Designs
- A comprehensive approach to enhancing IoT Security with Artificial Intelligence
- Agile Analog's Approach to Analog IP Design and Quality --- Why "Silicon Proven" is NOT What You Think
- Hardware Configuration Management and why it's different than Software Configuration Management
- Designing for Security - Why Software Isn't Enough
New Articles
- Quantum Readiness Considerations for Suppliers and Manufacturers
- A Rad Hard ASIC Design Approach: Triple Modular Redundancy (TMR)
- Early Interactive Short Isolation for Faster SoC Verification
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Advanced Packaging and Chiplets Can Be for Everyone
Most Popular
- System Verilog Assertions Simplified
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- UPF Constraint coding for SoC - A Case Study
- Dynamic Memory Allocation and Fragmentation in C and C++
- Enhancing VLSI Design Efficiency: Tackling Congestion and Shorts with Practical Approaches and PnR Tool (ICC2)