ENISA Publishes Report on Best Security Practices for Connected Cars
【Summary】It is important to consider that car-to-car and autonomous vessels are not covered in the document. The reason for this omission is because the technologies have not reached a standard level of maturity that allows them to be used by everyday consumers.
The most important report at this stage of development for the growing connected car industry in 2016 may have been published by ENISA, a European security firm. The report, titled Cyber Security and Resilience of smart cars, is a comprehensive rundown of crippling vulnerabilities connected cars are highly prone to on public roads (attack scenarios, threats and more).
While drafting the report, the agency looked to key leaders in the sector for advice, such as Andreas Bogk (HERE), Evgeny Grigorenko (Kaspersky Lab) and Joachim Lueken (Nokia Solutions and Networks). It is important to consider that car-to-car and autonomous vessels are not covered in the document. The reason for this omission is because the technologies have not reached a standard level of maturity that allows them to be used by everyday consumers. Telematics, smart infotainment systems and the pitfalls of intra-vehicular communication are included in the 84-page assessment.
Threats and Assets
The report offers a daunting overview of the effects of digital attacks on smart cars. For example, information leakage arising from unsecure data storage practices could compromise one's IP-sensitive firmware and the level of privacy over sub-networks. In a classic "man in the middle" hack, wherein a criminal impersonates crucial features inside the vehicle, such as an app store or even the vehicle itself during a V2V session, the degree of attack could devastate the car's chassis control sub-network (i.e., steering control and breaking system), as well as the body control sub-network (i.e., instrument clusters and door locking), depending on the components being targeted.
Most of the examples provided in the report received a "high" criticality rating but low "likelihood" rating. The only type of attack that received a moderate "likelihood" rating (labeled as "possible" in the document) is local-based hacks. Possible scenarios include relay attacks, smart key cloning and exploiting keyless entry systems. The level of devastation associated with such attacks varies, from a complete shutdown of internal functionalities (mostly body control sub-network components, but may also affect the power train sub-network [engine control, transmission control and more]) to physically getting the car stolen.
"In order to overcome this challenge, the industry should define security validation processes that explicitly address abuse cases and attacks, which requires a simulation of such attacks (in other words, penetration testing)," ENISA said in the report.
Architectural Limitations (CAN bus)
The backbone of smart cars is a secure network that favors CAN (Control Area Network) bus processing instead of standard internet protocols. This type of message-based protocol has been around for almost 25 years and does not need a host computer during operation. ENISA researchers see several issues with CAN bus, which could cause increased vulnerability to denial-of-service (DoS) attacks, problems with network segregation and openness to reverse engineering. It also leaves numerous remote entry points for criminals, such as web browsers and other deceivingly harmless interfaces.
"We need to bring together all European automotive industry actors to secure smart cars today, for safer autonomous cars tomorrow," said ENISA executive director, Udo Helmbrecht, in a statement.
Michael Cheng is a legal editor and technical writer with publications for Blackberry ISHN Magazine Houzz and Payment Week. He specializes in technology business and digesting hard data. Outside of work Michael likes to train for marathons spend time with his daughter and explore new places.
Waymo Receives Permit to Participate in California’s Autonomous Vehicle Pilot
How Do Autonomous Cars Deal with Double-parked Vehicles?
Kitty Hawk and Boeing Form Partnership to Make Flying Cars Safer
Waymo to Bring Driverless Cars to France and Japan via Nissan-Renault Partnership
Porsche Forecasts EVs Going Mainstream
Zomato Tests Drones for Food Deliveries in India
Alibaba Brings Tmall Genie to Audi, Honda and Renault Vehicles
Driverless Sensor Startup Sense Photonics Raises $26 Million in Series A Funding
- Chinese Electric Automaker Xpeng Motors Files for U.S. IPO in Bid to Challenge Tesla
- Shares of Chinese Electric Vehicle Startup Xpeng Motors Soar 54% After its U.S. IPO
- Panasonic Plans to Boost the Power of Tesla’s Vehicle Batteries by 20% in the Next 5 Years
- BorgWarner’s Latest Compact Electric Drive Module is Being Used by 3 'New Energy Vehicle' Manufacturers in China
- California Governor Signs Executive Order Banning the Sale of New Combustion Engine Vehicles by 2035
- Electric Truck Startup Rivian Announces a New $2.5 Billion Investment Round Led By T. Rowe Price
- Electric Vehicle Startup Bollinger Motors Unveils its Battery-powered DELIVER-E Van
- General Motors’ Future EVs Will Be Powered by a Family of 5 New Interchangeable ‘Ultium Drive’ Units
- Mercedes Benz, Bosch to Launch Automated Valet Parking System
- Waymo Was Able to Test Autonomous Vehicles at Its Fake City During COVID-19