Driverless cars may be a thing of the future, but connected cars aren’t, so the entire automotive information security ecosystem has to be locked down, says PAUL WILLIAMS, Fortinet country manager for SADC.
Driverless cars, now being tested on public roads in countries such as the United Kingdom, France, and Switzerland, may be a futuristic dream in South Africa. But connected cars with inbuilt intelligence, and digitally-enabled public transport, are already here; presenting multiple potential security risks to motorists, manufacturers and automotive partners.
On the road to the intelligent driverless car of the future, we are already connecting vehicles and equipping them with a range of intelligent features. These connected, intelligent systems gather potentially sensitive information and communicate it with a control or command centre. Point of sale information, entertainment and online services delivered within the vehicle have to be secured. As we advance toward fully autonomous vehicles, controls including steering, braking, engine management and navigation will depend on a fully secure ecosystem supported by a reliable 3G/4G/5G and Carrier Wi-Fi connection, to function safely.
Effectively securing this ecosystem will depend on close collaboration between vehicle manufacturers, application developers, service providers and carriers. In South Africa, achieving self-driving cars will also depend on expanded Mobile or Wireless coverage across towns, cities and the country. Efforts are already being made internationally for automotive, IT and security stakeholders to work together more closely to ensure a fully secure environment for self-driving and connected cars, but their efforts will have to intensify as the pace of smart car development picks up.
Incorporating more and more technology into a vehicle, whether for improving the customer’s driving experience or enhancing the vehicle’s performance, must be balanced with the management of their potential threats and risks. Ensuring that appropriate and effective security technologies are implemented within these systems must be a mandatory objective, even if it’s not (yet) a regulatory requirement.
Additionally, a growing problem with many IoT devices is that they use common communications programs that have no security built into them at all. As a direct result, an alarming number of IoT devices to date have been highly insecure. We need to achieve better for autonomous cars than what is the current IoT benchmark today.
At the same time, manufacturers must work with their different technology and communications suppliers, across all of the territories where their vehicles are sold, to ensure that any network connections to the vehicles are appropriately hardened.
Automotive security can be addressed as three distinct domains that may make use of similar techniques in some instances, and require novel treatments in others.
- Intra-vehicle communications. Smart vehicles will have several distinct on-board systems, such as vehicle controls systems, entertainment systems, passenger networking, and even third-party systems loaded on-demand by owners. To a certain extent, these systems will need to engage in “cross-talk” to bring new services to life, but this cross-talk needs to be closely monitored and managed by systems such as firewalls and Intrusion Prevention Systems (IPS) that can distinguish between legitimate and normal communications and illicit activity in the car’s area network.
- External communications. Many, if not all on-board systems will have reasons to communicate to Internet-based services: for manufacturer maintenance, for software updates, for passenger Internet access, for travel and driving instructions, for service requests, to purchase items or services, or to backup data. External communications will very likely be both “push” and “pull” – they may be initiated either from inside the vehicle, or to the vehicle from a manufacturer or the Internet. This also means that traffic to and from the vehicle will need to be inspected and managed for threats and illicit, defective, or unauthorized communications using firewalls and IPS-like capabilities.
- Next, the connectivity infrastructure used by a vehicle will likely be based on well-established cellular networks, such as 3G/4G/5G and Carrier Wi-Fi data services, but with a twist. While these wireless services already provide connectivity to billions of smart phones and other devices around the world today, they also suffer from inconsistent security. Smart, driver-assisted, or even driverless vehicles will raise the stakes significantly. A directed attack on or through the “connected” network could trigger significant, safety-critical failures on literally thousands of moving vehicles at the same time. Securing “the connected” networks providing critical vehicle communication will require a thorough review in light of such potential catastrophe.
- Finally, high-assurance identity and access control systems suitable and designed for machines, not people, will need to be incorporated such that: cars can authenticate incoming connections to critical systems, and internet-based services can positively and irrefutably authenticate cars and the information they log to the cloud, or transaction requests they may perform on behalf of owners – such as service requests or transactions to buy fuel or pay tolls.
Unless efforts are stepped up to secure the entire automotive environment, Gartner’s vision of driverless vehicles representing approximately 25 percent of the passenger vehicle population in use in mature markets by 2030 will be fraught with new risks.
From a hacker’s perspective, connected and driverless cars will represent yet another opportunity to wreak havoc by remotely accessing a vehicle and compromising one of its onboard systems, resulting in a range of risks from privacy and commercial data theft, to actual physical risks to people and property.
Here are some attacks that are likely to be targeted at highly connected and autonomous cars:
Privilege escalation and system interdependencies: not all systems and in-car networks will be created the same. Attackers will seek vulnerabilities is lesser-defended services, such as entertainment systems, and try to “leap” across intra-car networks to more sensitive systems through the integrated car communications systems. For instance, a limited amount of communication is typically allowed between an engine management system and an entertainment system to display alerts (“Engine fault!” or “Cruise Control is Active”) that can potentially be exploited.
System stability and predictability: Conventional, legacy car systems were self contained, and usually came from a single manufacturer. As new autonomous cars are developed, they will very likely need to include software provided by a variety of vendors – including open source software. Information technology (IT), unlike industrial controls systems such as legacy car systems, are not known for predictability. IT systems, in fact, tend to fail in unpredictable manners. This may be tolerable if it is just a matter of a web site going down until a server re-boots. It is less acceptable in the event of a guidance systems being degraded even slightly when an adjacent entertainment or in-car Wi-Fi systems crashes or hangs.
Also expect to see known threats be adapted to this new target, expanding from common Internet platforms like laptops and smart phones an IoT device like an autonomous car. For instance:
Botnet Attack: The Botnet “robot” attack is on the increase to an extent of the endpoint is now becoming the victim, without them realizing the attack at first. This attack can be targeted to a single endpoint or a handful of machines, network and endpoints simultaneously, depending the severity of the attack. The infection takes place normally through malware, with a specific Trojan viruses which allows the cybercriminal to start controlling the environment. The answer is to ensure an Application control function, Botnet detection with IP Reputation and Distributed Denial of Service (DDoS) system is in place to monitor and defend against such attacks. If the driverless car is receiving email type messages or the same type of format, nothing stops this way of communication being compromise.
Ransomware: Ransomware is certainly on the rise on PCs and mobile phones. But driverless cars represent an almost ideal target. Imagine the following scenario: a hacker uses the in-car display to inform the driver that his car has been immobilized and that a ransom must be paid to restore the vehicle to normal operation. While a laptop or tablet may be restored relatively easily with potentially no damage, assuming backups are available, a car is a very different story. The owner may be far from home (the ransomware could be programmed to only launch when the car is a predetermined distance from its home base.) Naturally, few dealerships would be familiar with resolving this sort of problem, and specialist help would most likely be required to reset affected components. The cost of such a ransom is expected to be very high, and will likely take time. In the meantime, the vehicle may have to be towed. So the question is, what is the amount of the ransom demand that we expect to see? Estimates are that it is likely to be significantly higher than for traditional computer ransomware, but probably less than any related repair costs so that the car owner is tempted to pay.
Spyware: Perhaps a more attractive target for hackers is collecting data about you through your car. Driverless cars collect massive amounts of data, and know a lot about you – including your favourite destinations, your travel routes, where you live, how and where you buy things, and even the people you travel with. Imagine a hacker, knowing that you’re travelling far from home, sells that information to a criminal gang who then breaks into your home, or uses your online credentials to empty your bank account.
That last risk exists because your driverless and connected vehicle is likely to become a gateway for any number of electronic transactions, such as automatic payment of your daily morning coffee, or parking charges, or even repairs. With sensitive information stored in the car, it becomes another attack vector to obtain your personal information. And with RFIDs and Near Field Communications (NFC) becoming commonplace in payment cards, accessing their details through your car would be another way to capture data about you and your passengers.
And last but not least, there are legal and authenticity issues. Can we consider the location data of the car as authentic? That is, if your car reports you opened it, entered it, and travelled to a particular location at a certain time of the day, can we really assume everything happened as recorded? Will such data hold up in court? Or can this sort of data be manipulated? This is an issue that will need to be addressed. Similarly, if cars contain software from several different providers, and spends the day moving from one network to another, who is accountable or liable for a security breech and resulting losses or damage? Was it a software flaw? Was it negligent network management? Was it on-board user-error or lack of training?
Auto rivals team up for connected car demo
Rivals BMW, Ford and Groupe PSA, maker of Peugeot and Opel cars, have teamed up with the 5G Automotive Association (5GAA), Qualcomm Technologies and Savari for Europe’s first live demonstration of C-V2X direct communication technology operating across vehicles from multiple auto manufacturers.
The live demonstration also featured a live showcase of C-V2X direct communication technology operating between passenger cars, motorcycles, and roadside infrastructure. C-V2X is a global solution for vehicle-to-everything (V2X) communication in support of improved automotive safety, automated driving and traffic efficiency.
The demonstration exhibited the road safety and traffic efficiency benefits of using C-V2X for Vehicle-to-Vehicle (V2V) collision avoidance, as well as Vehicle-to-Infrastructure (V2I) connectivity to traffic signals and Traffic Management Centers (TMC). C-V2X was operated using real-time direct communications over ITS spectrum and demonstrated its ability to work without cellular network coverage, and underscores its commercial readiness for industry deployment as early as 2020. Superior performance and cost-effectiveness compared to other V2X technologies, along with forward-compatibility with 5G, make C-V2X direct communications a preferred solution for C-ITS applications.
Six demonstrations were shown including: Emergency Electronic Brake Light, Intersection Collision Warning, Across Traffic Turn Collision Risk Warning, Slow Vehicle Warning and Stationary Vehicle Warning, Signal Phase and Timing / Signal Violation Warning and Vulnerable Road User (pedestrian) Warning. The vehicles involved included two-wheel e-scooters provided by BMW Group, and automotive passenger vehicles provided by Ford, Groupe PSA, and BMW Group, all of which were equipped with C-V2X direct communication technology using the Qualcomm® 9150 C-V2X chipset solution. V2X software stack and application software, along with roadside infrastructure, were provided by industry leader, Savari.
C-V2X is globally supported by a broad automotive ecosystem, which includes the fast growing 5GAA organization. The 5GAA involves over 85 global members comprised of many leading automakers, Tier-1 suppliers, software developers, mobile operators, semiconductor companies, test equipment vendors, telecom suppliers, traffic signal suppliers and road operators.
Cellular modems will be key to the C-V2X deployment in vehicles to support telematics, eCall, connected infotainment and delivering useful driving/traffic/parking information. As C-V2X direct communication functionality is integrated into the cellular modem, C-V2X solutions are expected to be more cost-efficient and economical over competing technologies, and benefit from accelerated attach rates. C-V2X direct communication field validations are currently underway in Germany, France, Korea, China, Japan and the U.S.
C-V2X currently stands as the only V2X technology based on globally recognized 3rd Generation Partnership Project (3GPP) specifications, with ongoing evolution designed to offer forward compatibility with 5G. C-V2X also leverages and reuses the upper layer protocols defined by the automotive industry, including the European Telecommunications Standards Institute (ETSI) organization. C-V2X includes two complementary transmission modes:
- Direct communication as shown in this demonstration for V2V and V2I use cases
- V2N network communication, which leverages mobile operators for connectivity and delivers cloud-based services, including automated crash notification (ACN, as mandated by eCall), hazard warnings, weather conditions, green light optimal speed advisory (GLOSA), parking spot location, and remote tele-operation to support automated driving, to name a few.
“This demonstration builds on the successful C-V2X showcase we organised with our members Audi, Ford and Qualcomm in Washington DC in April, said Christoph Voigt, Chairman of 5GAA.
“We are excited to witness the growing momentum behind this life-saving technology and to see our members working together to deploy C-V2X, and to make it hit the road as soon as possible.”
“The BMW Group introduced the first C-ITS use cases already in 2013 with the market introduction of the BMW i3. Today most of envisaged C-ITS use-cases are already institutionalized. With the implementation of C-V2X, the BMW Group accomplishes the last set of the puzzle with a practical path to C-ITS showing quick benefits,” said Christoph Grote, Senior Vice President Electronics, BMW Group.
“With its ability to safely and securely connect vehicles, along with its evolution into 5G, C-V2X is integral to Ford’s vision for future transportation in which all cars and infrastructure talk to each other,” said Thomas Lukaszewicz, Manager Automated Driving, Ford of Europe. “We are very encouraged by preliminary test results in Europe and elsewhere which support our belief that C-V2X direct communications has superior V2X communication capabilities.”
“We’re moving forward with seamless communication between cars and their environment for enhancing road safety, as well as our customers’ safety,” said Carla Gohin, Group PSA’s Vice President for Research and Advanced Engineering. “Following the first European C-V2X direct communications demonstration we hosted with Qualcomm Technologies last March, we’re pleased to work with leading automotive and technology companies today to highlight that C-V2X interoperability is a reality.”
“This demonstration of interoperability between multiple automakers is not only another milestone achieved towards C-V2X deployment, but also further validates the commercial viability and global compatibility of C-V2X direct communications for connected vehicles,” said Enrico Salvatori, senior vice president & president, Qualcomm Europe and MEA. “We look forward in continuing to work alongside leaders in the automotive industry, like the 5GAA, BMW Group, Ford, Groupe PSA and Savari, to help advance the automotive industry’s shift towards a safer, connected and more autonomous future.”
“As one of the V2X pioneers, our company is extremely pleased to continue to help enable the next step in the V2X revolution that we helped start back in 2008,” said Ravi Puvvala, CEO of Savari. “For the last year and a half, the Savari team has worked diligently alongside the dedicated C-V2X engineers in the 5GAA partnership. The resulting string of increasingly impressive demonstrations is continuing to convince the world that C-V2X will soon be deployed around the world.”
Fleet management in 360
An on-board dual camera system from global fleet management vehicle recovery and insurance telematics provider, Cartrack, reduces the costs of managing vehicle fleets, while creating new ways to motivate drivers and improve their on-the-road performance.
Historically, commercial drivers within fleets have been far removed from active management and oversight, with limited tools available in helping fleet owners understand how their drivers actually behave on the road. This lack of visual tracking ability has seen fleet managers struggle to achieve meaningful driver skills development, while also leaving companies vulnerable to poor operational performance and financial losses resulting from accidents.
Cartrack’s Drive Vision system is dramatically changing this status quo.
Drive Vision is an on-board dual camera system that records video footage with a 120-degree exterior view of the road ahead, and a 160-degree view inside the vehicle cab. Not only can fleet managers actively monitor all the footage that they wish, the system also records specific events such as speeding, harsh braking or an unforeseen action from a third-party.
Drive Vision’s video is continuously captured and then made available to users in two ways. The footage is either buffered in the unit’s memory card for up to five days, and selected time slots can be downloaded by the user via a web interface. Alternatively, footage is also automatically downloaded to the system when specific events occur, such as speeding or a collision. The captured footage is stored at a web address and is immediately accessible to the client at any time. In addition, the data centre’s driver exception reporting mechanism can review the footage against a client’s pre-determined driver behaviour stipulations, creating a balanced and flexible driver performance assessment tool.
Cartrack CEO, Andre Ittmann, notes why Drive Vision is so useful for companies.
“There are two key strategic benefits to the technology. Firstly, the company has a clear visual record of events in the case of an accident or legal dispute. Achieving this kind of detailed view hasn’t been possible before, and it can dramatically reduce the costs around incidents and accidents, on an ongoing basis. Secondly, Drive Vision is a highly functional, event-based coaching system. It therefore allows fleet managers to develop a culture that rewards excellent or improved performance, while also giving them the power to actively close skills gaps. “
Ittmann also notes that fleet video footage allows the company to monitor and manage aspects of its service and market performance, including the driver’s ability to access a work site, thereby ensuring timeous arrivals at designated locations and the ability to oversee passenger count and conduct.
Ittmann concludes that Drive Vision offers untold long-term advantages for companies.
“Beyond simply gaining a more efficient means to discipline errant drivers, Drive Vision also empowers fleet managers to proactively implement measures that will result in long-term benefits for their company. Ultimately, the company can also reduce costs related to driver mismanagement while simultaneously improving a driver’s skills and their performance on the road.”