30
IOActive, Inc. Copyright ©2014. All Rights Reserved. The Current State of Automotive Security Chris Valasek Director of Vehicle Security Research
IOActive, Inc. Copyright ©2014. All Rights Reserved.
The Current State
of Automotive Security
Chris Valasek
Director of Vehicle Security Research
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Introduction
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Hello
• Chris Valasek• Director of Vehicle Security
Research• BS in CS from Pitt (2005)• Reverse engineer, Exploitation
research, Automotive security
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Agenda
• External perspective
• Concerns and correlations
• Desired advancements
• Q & A
IOActive, Inc. Copyright ©2014. All Rights Reserved.
My Perspective
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Years of Research
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Tools, Analysis, Methods
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Outsider’s perspective
• The following presentation is from my perspective
– There’s a chance some issues are being resolved
• Regardless, I think outside assessments are valuable
– Example: Proof reading
http://www.carthrottle.com/post/gangs-are-stealing-17-luxury-cars-every-day-in-london-by-hacking-the-keyless-entry-system/
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Concerns
IOActive, Inc. Copyright ©2014. All Rights Reserved.
My Concerns
• Revolve around physical safety and remote exploitation
• Worried about remote wireless => ECU compromise
– As opposed to insider threats
• I think privacy is important, but I focus on physical safety
• Outsider threats to cars are difficult to cash in on, so I’ll talk
on physical controls
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Concerns: Bus Systems
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Bus communications I
• CAN: Invented before vehicle connectivity was even a thing• Trust issues
• Ethernet• Expensive
• Complications
• Fragmentation, out of order, etc
• Could have similar deficiencies as CAN
• Spoofing
• Broadcast communications
• Carry known diagnostic data
• Security limitations usually revolve around diagnostic routines• What about legitimate traffic?
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Bus communications II
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Bus communications III
• Remote compromise….
• Encryption• Keys will have to reside somewhere the attacker can acquire them
• Diagnostic software or ECU itself
• Authentication• Remote compromise will happen on a pre-authenticated ECU
• Authorization• Legitimate messages will most likely be authorized
• Example: Pre-Collision System messages
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Concerns: Connected Devices
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Interconnectivity
http://upload.wikimedia.org/wikipedia/commons/0/07/PandaBoard_described.png
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Familiar attack surface
http://www.akhbarelyoum.dz/ar/images/ghoughl__tttlk_altttbik_alkhas_bndham_Android_Auto_llsiarat.jpg
http://motorburn.com/wp-content/uploads/2014/03/Apple-CarPlay.jpg
http://blogs-images.forbes.com/andygreenberg/files/2014/07/screen-shot-2013-02-05-at-7-35-23-pm-1024x547.png
IOActive, Inc. Copyright ©2014. All Rights Reserved.
1-to-N
• Windows does not come
with a VPN to Redmond,
your vehicle does
• Owning 1 internal asset
may lead to N
compromised vehicles
http://electronicdesign.com/site-files/electronicdesign.com/files/uploads/2013/05/0606_Onthesafeside_fig3.gif
IOActive, Inc. Copyright ©2014. All Rights Reserved.
No carrier restrictions
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Bad at secure coding
https://www.youtube.com/watch?v=LuWKXsteTNY
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Concerns: Architecture
IOActive, Inc. Copyright ©2014. All Rights Reserved.
OBD-II connectivity
http://cdn2-
b.examiner.com/sites/default/files/styles/image_content_width/hash/95/b7/95b774c969717ef38e9d
b8e54b2404c1.jpg?itok=e0nlongg
IOActive, Inc. Copyright ©2014. All Rights Reserved.
More data, more problems
http://www.zdnet.com/article/fords-big-data-experiments-can-it-transform-the-company/
http://vehicle-electronics.biz/sites/default/files/field/image/redbend.jpg
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Desired Advancements
IOActive, Inc. Copyright ©2014. All Rights Reserved.
VSDL
http://blogs-images.forbes.com/tonybradley/files/2014/03/Memo1.png
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Patching
IOActive, Inc. Copyright ©2014. All Rights Reserved.
IDS / IPS
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Conclusions• Let’s admit things are possible and there is a problem
• A breach is bad for everyone, not just the specific vendor
• Hard to justify security when there is no immediate threat
– MSFT 2006 v. MSFT 2014
– Server v. Client side
• Vehicle security is even harder than regular software security
– And more scrutinized
– People are concerned due to the possibility of physical harm
– We need to work together to improve the products we all use
• V2V will bring additional complications
• Patching is a HUGE problem right now
– OTA updates will help address the issue
• I’m Chris and I’m here to help!
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Q&A
IOActive, Inc. Copyright ©2014. All Rights Reserved.
Thanks!
• Chris Valasek• Director of Vehicle Security Research | IOActive• [email protected]
