Cars have become rolling computers by now, which obviously brings benefits with it … but also a few handicaps: they have become vulnerable, as some rather spectacular hacks have proven. Computer scientist Prof. Dr. Christoph Krauß and his team are therefore determined to stay one step ahead of the attackers. One way is by studying specific models in detail. The team has already discovered several security vulnerabilities.
By Nico Damm, 6.12.2021
Technology journalists are not especially well-known for risking their own lives at work, not so for one reporter for the US magazine ‘Wired’ who in found himself in a very precarious position in 2015 – as right in the midst of downtown traffic on a crowded highway, his car developed a mind of its own. The car’s air-conditioning unit jumped to maximum and the stereo loudspeakers to ear-splittingly loud. Then the windscreen washer system began to constantly spray water. Finally, as the motor simply cut out, making the car slow more and more, until cars were simply racing by on either side, the reporter picked up his mike with a slight edge of panic: “Err, this is getting really dangerous – I gotta get out of here!” The two hackers who had taken control of his vehicle – and who were listening in – finally enabled the reporter to re-gain control of his accelerator pedal. This particular instance was added to the IT history books as ‘Jeep Hack’, causing car manufacturers worldwide to sit up and take notice. The Jeep manufacturer put out an urgent recall for all Cherokee models.
For what security researchers Charlie Miller and Chris Valasek had discovered was nothing less than the ingredients for the most perfect of perfect murders: by causing a major car crash from a distance away, yet without leaving even the slightest of clues. For instance, they would have had access to the steering wheel as well. “10 to 15 years ago car manufacturers would have been reluctant to invest in hardware security if this had incurred costs of more than 2 cents per vehicle”, says Prof. Dr. Christoph Krauß from the Computer Science faculty at h_da, Darmstadt University of Applied Sciences. “Thankfully, people have woken up and grasped the situation better by now, for the damage these occurrences can have on reputations is horrendous.” At his faculty Krauß supervises the research group ‘Applied Cyber Security Darmstadt’ as well as coordinating the research area ‘Secure Autonomous Driving’ at the national research centre for applied cyber security ATHENE.
We meet up with Krauß in the electromobility lab of the faculty for Electrical technology and Information technology, along with one of his research items, an electric car. Now, Krauß and his research team are really delving into the car’s communication interfaces, evident by all of the devices ranged around it, cabled into the car. As Krauß explains “we are analysing the security concepts to discover potential weak points which could be remotely exploited”. Similar to Miller and Valasek's approach, Krauß and his team first use physical access to examine the systems to identify vulnerabilities that can also be remotely exploited.
Multimedia as a gateway for car hackers
These scenarios are only possible because of the advent of computers in cars. For just as cars used to be stand-alone entities, nowadays they are relatively open systems, or at least, they can be. For instance, it is pretty standard these days for passengers to connect their smartphones with the Internet via the car’s Bluetooth interface. Each modern car generally contains more than 100 controlling devices, all of them busily communicating with one-another. The multimedia system had been the hackers’ gateway in the Jeep-Hack case. They posed as a parking service, thus gaining access to the steering and braking systems. As Christoph Krauß says “we check out the in-place security measures, to see whether anyone other than authorised people – such as repair shops, etc. – can indeed gain access to the different communication interfaces”.
One currently vital focus of their research is access to the so-called ‘Automotive Ethernet’ – a physical network that connects all manner of components within a vehicle. Individual components ‘offer’ their services within modern vehicles, which can then be addressed, or called upon, as required – for instance a temperature sensor or drive-assist system. One particular communication ‘middleware’ termed SOME/IP, which enables these components to be linked within a network, and thus able to influence entire control systems – even when these are being monitored and protected – has been specifically scrutinised by Krauß and his colleagues. The group identified several attacks, which are possible even when security mechanisms are in place. They also propose several solutions to address these attacks. As Krauß points out “it was really interesting to observe that the established classical automotive security mechanisms were not able to protect against our attacks”.
The team is developing new security architectures. One option could be to separate the various systems from one-another far more efficiently, thus denying any potential hacker the opportunity to control all systems at once. Additional fields include digital forensics, whereby it can be vital, in certain cases, to be able to ascertain whether an unauthorised intrusion had actually occurred, or not. This can be of vital importance in accident cases, for instance. As Krauß points out “we most certainly need to be able to say who was in control of a car when it is involved in some form of road accident”. Likewise, it is important to be able to identify a potential attacker before they are able to wipe their tracks clean and clear evidence.
Data-theft at the e-charging station
Electromobility houses a few weaknesses, of its own. To this end our researchers will cooperate with colleagues from the electrical engineering and computer science faculties, as well as the machine engineering and plastics engineering faculties. After all, hack attacks can be launched physically just as easily as they can virtually, for instance when specific parameters are tweaked, thus rendering the rather safe charging of a car unsafe – to the degree that the car bursts into flames. Yet a more potent area is privacy. Charging stations are essentially controlled electronically – and thus automatically, without any external, personal support – whereby a significant amount of data will flow – including personal-related data. For instance, merely in order to determine who is to pay which sum to whom, a set of information will need to flow: how much energy, to whom etc. It gets more complex when charging at a charging station of a third-party provider. ”Then you have a roaming case, familiar to us when we use a mobile phone in a foreign country,” says Krauß. “A serious problem is that currently everyone is presented with all of the details. This includes the customer’s provider, the roaming service provider, and even the service provider of the charging station itself.” Creating a crystal-clear profile of such easily identifiable users would be child’s play. Yet such a profile reveals a huge amount of detail about a person: for instance, anyone who frequently parks right outside a hospital may well be suffering a serious illness. One solution may lie in the extended protocols being developed by Krauß and his team. These ensure that only those parties receive data that they actually need for their purpose. For example, it isn’t necessary for the service provider that actually owns and provides the charging station to know, precisely, who is using their services.
Autonomous driving – in the rail sector as well – will be delivering further challenges for IT-security, and therefore IT security scientists like Prof. Krauß and his team. Manufacturers are quite aware that vulnerabilities can occur, and they are appropriately thankful when researchers manage to identify possible security issues in time. These attacks are not about to cease overnight – ‘Jeep Hack’ was followed up by several well-documented attacks, aimed especially towards Tesla, VW and BMW.
Contact Details
Nico Damm
Science Editor
Press department
Tel.: +49.6151.16-37783
E-Mail: nico.damm@h-da.de
Award-winning paper
Daniel Zelle (Fraunhofer SIT), Timm Lauser (h_da), Christoph Krauß (h_da) und Dustin Kern (h_da) have received the „Best Research Paper Award“ on the 14th International Conference on Availability, Reliability and Security (ARES), ACM, in 2021. The name of the paper: „Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods“. More information can be found on the SEACOP website: https://acsd.h-da.de