Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

of attack vectors and showed bluetooth, radio, wireless, etc were all sources of potential exploits. They didn’t make their methods public because understandably potential bad actors that could wreak havoc. Again this landed on deaf ears from the automotive industry.Next, Charlie Miller and Chris Valasek obtained funding from DARPA in 2012 to develop a library of tools to aid in automotive security research and ultimately make vehicles safer. The response from the auto industry was again more of the same carpet statement — we believe car systems to be robust and secure.Then, in 2015, <a href="http://illmatics.com/Remote%20Car%20Hacking.pdf">Miller and Valasek</a> famously showed that they could gain complete remote access of a Jeep Grand Cherokee through vulnerabilities in the UConnect entertainment system. The key first step it turns out, the UConnect system was connected to Sprint, and any Sprint device can connect to another one. All they needed to do was to connect a cheap Sprint device to a laptop, scan for other devices, and potentially locate one on board a Jeep Grand Cherokee. They were even able to send messages, and ultimately these messages were relayed to the vehicle ECUs through the CAN bus. Notoriously, the CAN bus does not know where messages are coming from, and treats all messages as legit. Along with a <a href="https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">reporter from Wired</a>, in a demonstration, they showed they could blast music, swerve the car, and completely stop it, while the poor driver (Wired reporter Andy Greenberg) had no control! Finally, this caused a stir in the auto industry, and Jeep recalled 1.4 Million vehicles.These incidents spurred a flurry of research on other manufacturers including Tesla and each manufacturer was found to have their own vulnerabilities. The possibilities of vehicle compromise are seemingly endless.<figure id="f30f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*mVt3_XyT-_tUDvDYPuI8cw.png"><figcaption>Records compromised through hacks (in billions) vs year show a trend of increase in exposure over the years. Images of prolific data breaches along with the Miller Valasek Jeep Cherokee hack are shown.</figcaption></figure>Adding to the seemingly endless methods to compromise a vehicle is another scary thought. Miller and Valasek showed that in principle, their hack could be easily scaled to a large number of compromised vehicles. In the last few years, hacking has been on the rise and large scale hacks involving millions of credit cards, accounts, SSNs etc have become common place. But what if hundreds or thousands of vehicles are hacked simultaneously? Something like this has never occurred, and the coupling of the cyber and physical realms would lead to disastrous consequences: driving in traffic is literally a very physical experience and just a small fraction of vehicles behaving badly could be life threatening. A single vehicle hack would be bad enough for one person, but multiple vehicles hacked could disrupt an entire city, or even an entire country.How does one solve this problem and make the connected vehicle society robust against such malicious actors? The first step is to first quantify potential risks of a large-scale hack of connected vehicles, and then figure out how to protect against scenarios that are particularly concerning.To reveal potential risks, we developed a simple model where hacked vehicles act as obstacles on the road. This could be as a result of multiple scenarios: Accidents caused due to badly behaved hacked vehicles, or vehicles intentionally stopped, or even stopped as a failsafe. Treating hacked vehicles as obstacles allowed us to use statistical physics principles to give an estimate of how many vehicles it takes to block a road with certain number of lanes, based on the probability that hacked vehicles on adjacent lanes block the entire road.<figure id="99c4"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*4I73dSi_WDDwFlpR97QUkg.png"><figcaption>Colors denoting connected road clusters. With 0 hacked vehicles, all roads are connected (yellow). With more hacked vehicles, more colors show up, each colored cluster is inaccessible from another. Between 10–20% of vehicles at rush hour hacked, more than half the city is inaccessible from the rest.</figcaption></figure><p i

Options

d="5f45">Next, we applied this to the city of Manhattan and found that it only takes 10-20% of vehicles at rush hour, corresponding to one of the four car manufacturers with the larges market share in Manhattan being hacked, that essentially freezes the entire traffic in Manhattan. Freeze as in nobody is going ANYWHERE. This is particularly concerning for emergency hospital access, etc. Once we published <a href="https://arxiv.org/pdf/1903.00059.pdf">our study</a> on potential large-scale impacts of a large-scale hack that cripple Manhattan transportation, we got a bunch of publicity from Forbes, arsTechnica, etc.I want to emphasize here that this as just starting the dialogue. There are of course criticisms. If the auto industry viewed the hackers that actually did the hack as not concerning, what will they think of a couple of physicists coming up with a simple model of a plausible scenario, without even specifically claiming how the hack was performed in the first place?Here’s the problem with that: one vehicle being hacked could be a liability. Remember the Uber incident where a pedestrian was killed? If a person or the driver was killed, due to software malfunction or say a hack, then the company would look pretty bad, but could maybe get away with it. It’s happened a lot in history where a few unfortunate people pay the ultimate price, and ultimately results in better safety regulations. Think about seat belt laws, or even the triangle shirtwaist factory fire where 123 women and 23 men died, and this led to better worker safety laws and regulations.However… connecting the cyber and the physical leads to potential disruptions on an unprecedented scale, think about thousands of accidents happening all at once in an entire city. If an entire telecommunications network or an entire car manufacturer is hacked, the transmission of the hack is almost instantaneous, and the scale could be significant enough to cause a national calamity the size of a hurricane, and think about a hurricane that you’ve never prepared for. It’s possibly even worse since we’ve had millennia to protect against nature, but never had such an incident to deal with.A month after we published our study, consumer watchdog came out with an <a href="https://www.consumerwatchdog.org/report/kill-switch-why-connected-cars-can-be-killing-machines-and-how-turn-them">assessment</a> that a large-scale hack could potentially lead to loss of life on the scale of 9/11. They suggested all vehicles be equipped with a kill-switch in the event they are hacked.Another interesting incident was a hacker could hack <a href="https://www.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps">more than 25000 accounts</a> from GPS tracking device companies iTrack and ProTrack. They found that they could kill the engines of these vehicles, which in essence is the exact scenario we envisioned, what are the chances of that! Apparently all customers were given a default password of 123456 when they signed up. This highlights another flaw in vehicle security. You can design your vehicle telematics to be very secure, but there’s no policy preventing manufacturers to connect poorly authenticated apps to vehicles.<h1 id="a30c">Where do we go from here?</h1>Hopefully I’ve laid out that vehicle security concerns don’t stop at preventing entry, but because vehicles are embedded in a physical world, security should be viewed from a broader perspective. The usefulness of thinking from ‘what-if’ scenarios is that this allows us to plan around the event that vehicles are hacked, without prior knowledge of how they are hacked, thereby planning for future events. Once you install a new door, there’s always risk that someone you never wanted to get access, does get access, no matter how secure you make the locks on the door. Which is why you need to be prepared and have a contingency plan to ensure safety in the unlikely event of break in. The same goes for vehicles. The internet has opened your car doors to the entire world. And we have a long way to go, with a lot of hard discussions, to make us secure against a large-scale hack of connected vehicles.If you are interested in this article or assessing and mitigating the impacts of a large-scale hack in your industry, please contact me at ChaosControl: [email protected]</article></body>

What if the next large-scale hack involved your vehicle instead of your security camera?

But my vehicle doesn’t connect to the internet….Are you sure? Statista estimates 40% of vehicles connect to the internet as of 2019 in the US (that’s 2 out of every 5 vehicles capable of accessing the internet!), and this is expected to rise to 74% (3 out of 4 vehicles) by 2023.

Even if you are not using in-car wifi, you might be using an entertainment system, or your car might be updating apple car play software. All of these need the internet. And even if you are not actively using these features, unless the car manufacturer or chip manufacturer took the ‘necessary’ precautions (we will get to multiple reasons of why that is just not the case, and why necessary is in quotes), you are at risk!

Navigating around hacked vehicles in traffic illustrates the problem that cyber connected vehicles are embedded in a physical world, and can cause physical harm.

I’ve broadly heard 2 opinions on this: 1) Yes, but this is all hearsay 2) I’ve been convinced, and you’ve strengthened my convictions of never getting behind an internet connected car. Both of these are not right or useful in my opinion. In the first case, this is just not true. Read below for a short history on connected vehicle hacking:

It all started in 2010. Atleast that’s as far back as I’ll go for this article, and it’s a good point to start. A group of researchers from UW and UCSD posed an interesting problem: for 80 years or so, automobiles have remained mostly static, containing an internal combustion engine, wheels, gearshift, throttle, and brake. However since the 1970’s, 10’s of millions of code have been introduced, spread among 50–70 independent computers, called Electronic Control Units (ECU’s). Why was this done? It started with California. California being the pioneer, started to introduce strict pollutant regulations, and it made sense to electronically monitor and dynamically adjust fuel/oxygen ratios- which had the added benefit of improving efficiency and being more cost effective. Thus the ECU was born. Back in the day, California was clearly allowed to pioneer auto emission rules, and it wasn’t such a controversy. Subsequently there was a boom in ECUs as manufacturers started to realize the benefits of electronically monitoring and controlling throttle, brakes, airbag deployments, entertainment, lighting, climate, so on and so forth.

These ECU’s then could communicate with each other using a developed standard vehicle communication protocol, called the CAN bus. However, while the ECU and CAN systems were matured, it wasn’t designed to be secure from outside interference in the first place, which is what the 2010 paper posed: did these designs properly anticipate an adversary that could take control of your computers? And what could the possible damage be?

They did a bunch of experiments connecting a laptop to the OBD II port, and wrote a custom software, CARSHARK to communicate with ECUs through the OBD-II port. Ultimately, they found that they could send packets of data to ECUs without any authentication. More scary, was that through reverse engineering of what packets corresponded to what outcome, they were able to control the radio, even disable the engine, locked brakes and control the HVAC. A particularly scary scenario was the ‘Self-Destruct’ mode where they could display a 60 second countdown on the dash, and after that all functions seized and the car came to an abrupt halt. They showed that these attacks could in principle occur wirelessly, when another car could connect to the laptop in the test car, that in turn was connected to the OBD II port.

You might have thought that this was enough to cause the entire automotive industry to seriously consider revising old protocols to make more cybersecure vehicles. However, it didn’t. Their criticism was that this hack required physical access to the OBD II port, and someone might as well just slash the tires or heck even cut vehicle cables.

The same group did a systematic analysis of attack vectors and showed bluetooth, radio, wireless, etc were all sources of potential exploits. They didn’t make their methods public because understandably potential bad actors that could wreak havoc. Again this landed on deaf ears from the automotive industry.

Next, Charlie Miller and Chris Valasek obtained funding from DARPA in 2012 to develop a library of tools to aid in automotive security research and ultimately make vehicles safer. The response from the auto industry was again more of the same carpet statement — we believe car systems to be robust and secure.

Then, in 2015, Miller and Valasek famously showed that they could gain complete remote access of a Jeep Grand Cherokee through vulnerabilities in the UConnect entertainment system. The key first step it turns out, the UConnect system was connected to Sprint, and any Sprint device can connect to another one. All they needed to do was to connect a cheap Sprint device to a laptop, scan for other devices, and potentially locate one on board a Jeep Grand Cherokee. They were even able to send messages, and ultimately these messages were relayed to the vehicle ECUs through the CAN bus. Notoriously, the CAN bus does not know where messages are coming from, and treats all messages as legit. Along with a reporter from Wired, in a demonstration, they showed they could blast music, swerve the car, and completely stop it, while the poor driver (Wired reporter Andy Greenberg) had no control! Finally, this caused a stir in the auto industry, and Jeep recalled 1.4 Million vehicles.

These incidents spurred a flurry of research on other manufacturers including Tesla and each manufacturer was found to have their own vulnerabilities. The possibilities of vehicle compromise are seemingly endless.

Records compromised through hacks (in billions) vs year show a trend of increase in exposure over the years. Images of prolific data breaches along with the Miller Valasek Jeep Cherokee hack are shown.

Adding to the seemingly endless methods to compromise a vehicle is another scary thought. Miller and Valasek showed that in principle, their hack could be easily scaled to a large number of compromised vehicles. In the last few years, hacking has been on the rise and large scale hacks involving millions of credit cards, accounts, SSNs etc have become common place. But what if hundreds or thousands of vehicles are hacked simultaneously? Something like this has never occurred, and the coupling of the cyber and physical realms would lead to disastrous consequences: driving in traffic is literally a very physical experience and just a small fraction of vehicles behaving badly could be life threatening. A single vehicle hack would be bad enough for one person, but multiple vehicles hacked could disrupt an entire city, or even an entire country.

How does one solve this problem and make the connected vehicle society robust against such malicious actors? The first step is to first quantify potential risks of a large-scale hack of connected vehicles, and then figure out how to protect against scenarios that are particularly concerning.

To reveal potential risks, we developed a simple model where hacked vehicles act as obstacles on the road. This could be as a result of multiple scenarios: Accidents caused due to badly behaved hacked vehicles, or vehicles intentionally stopped, or even stopped as a failsafe. Treating hacked vehicles as obstacles allowed us to use statistical physics principles to give an estimate of how many vehicles it takes to block a road with certain number of lanes, based on the probability that hacked vehicles on adjacent lanes block the entire road.

Colors denoting connected road clusters. With 0 hacked vehicles, all roads are connected (yellow). With more hacked vehicles, more colors show up, each colored cluster is inaccessible from another. Between 10–20% of vehicles at rush hour hacked, more than half the city is inaccessible from the rest.

Next, we applied this to the city of Manhattan and found that it only takes 10-20% of vehicles at rush hour, corresponding to one of the four car manufacturers with the larges market share in Manhattan being hacked, that essentially freezes the entire traffic in Manhattan. Freeze as in nobody is going ANYWHERE. This is particularly concerning for emergency hospital access, etc. Once we published our study on potential large-scale impacts of a large-scale hack that cripple Manhattan transportation, we got a bunch of publicity from Forbes, arsTechnica, etc.

I want to emphasize here that this as just starting the dialogue. There are of course criticisms. If the auto industry viewed the hackers that actually did the hack as not concerning, what will they think of a couple of physicists coming up with a simple model of a plausible scenario, without even specifically claiming how the hack was performed in the first place?

Here’s the problem with that: one vehicle being hacked could be a liability. Remember the Uber incident where a pedestrian was killed? If a person or the driver was killed, due to software malfunction or say a hack, then the company would look pretty bad, but could maybe get away with it. It’s happened a lot in history where a few unfortunate people pay the ultimate price, and ultimately results in better safety regulations. Think about seat belt laws, or even the triangle shirtwaist factory fire where 123 women and 23 men died, and this led to better worker safety laws and regulations.

However… connecting the cyber and the physical leads to potential disruptions on an unprecedented scale, think about thousands of accidents happening all at once in an entire city. If an entire telecommunications network or an entire car manufacturer is hacked, the transmission of the hack is almost instantaneous, and the scale could be significant enough to cause a national calamity the size of a hurricane, and think about a hurricane that you’ve never prepared for. It’s possibly even worse since we’ve had millennia to protect against nature, but never had such an incident to deal with.

A month after we published our study, consumer watchdog came out with an assessment that a large-scale hack could potentially lead to loss of life on the scale of 9/11. They suggested all vehicles be equipped with a kill-switch in the event they are hacked.

Another interesting incident was a hacker could hack more than 25000 accounts from GPS tracking device companies iTrack and ProTrack. They found that they could kill the engines of these vehicles, which in essence is the exact scenario we envisioned, what are the chances of that! Apparently all customers were given a default password of 123456 when they signed up. This highlights another flaw in vehicle security. You can design your vehicle telematics to be very secure, but there’s no policy preventing manufacturers to connect poorly authenticated apps to vehicles.

Where do we go from here?

Hopefully I’ve laid out that vehicle security concerns don’t stop at preventing entry, but because vehicles are embedded in a physical world, security should be viewed from a broader perspective. The usefulness of thinking from ‘what-if’ scenarios is that this allows us to plan around the event that vehicles are hacked, without prior knowledge of how they are hacked, thereby planning for future events. Once you install a new door, there’s always risk that someone you never wanted to get access, does get access, no matter how secure you make the locks on the door. Which is why you need to be prepared and have a contingency plan to ensure safety in the unlikely event of break in. The same goes for vehicles. The internet has opened your car doors to the entire world. And we have a long way to go, with a lot of hard discussions, to make us secure against a large-scale hack of connected vehicles.

If you are interested in this article or assessing and mitigating the impacts of a large-scale hack in your industry, please contact me at ChaosControl: [email protected]