Jeep and Nissan breaches demonstrate scale of car security challenge
Cesare Garlati, prpl Foundation
The automobile industry is further down the IoT road than many others, writes Cesare Garlati, the chief security strategist at the prpl Foundation. Smart sensors control a range of functions inside automobiles from emissions to the in-vehicle entertainment system, brakes and even steering on some advanced models.
However, it was just such a reliance on embedded technology that researchers Miller and Valasek exploited to take control of a Jeep in 2014. And Troy Hunt more recently demonstrated how the Nissan Leaf electric car could be drained of its battery life using little more than its vehicle identification number (VIN) and accessing the car’s climate control system.
Currently, there are four main issues that are breaking the Internet of Things as it stands that need to be addressed in order for it to thrive and keep consumers safe in the process.
1)Proprietary software
Most IoT security flaws, including the case of the Jeep, were discovered thanks in part to reverse engineering of proprietary software. Charlie Miller and Chris Valasek did this to expose vulnerabilities in the Uconnect 8.4AN/RA4 system running in a 2014 Jeep, allowing them to remotely control its steering and brakes.
If security researchers can do this, then the bad guys can, too. Over and over again, closed proprietary software has proven to be simply unfit for purpose. Compared to mainstream open source software, it represents the path of least resistance for a determined and sufficiently resourced attacker.
2)Network connectivity
The most dangerous Achilles heel of IoT is connectivity. It gives attackers who have found a weakness in the code a means to hack victims remotely.
The situation is compounded because many of the engineers tasked with designing and building IoT systems are not experts in network protocols and even less in network security. They may know how to put together hardware components, but implementing TCP/IP protocols is a rarefied discipline which requires expert knowledge and extensive debug and testing. Weak implementation of network protocols enabled Miller and Valasek to infiltrate the Jeep’s D-BUS via port 6667 left inexplicably open and unauthenticated, for example.
3)Broken firmware updates
Miller and Valasek exploited this weakness to modify TI OMAP-DM3730 chip firmware inside the 2014 Jeep and reflash the image, allowing them to reboot and execute arbitrary code. A simple example of this is someone installing the best alarm system money can buy to protect a house, but a robber coming along and merely replacing it with their own.
The issue with this kind of attack is that it gives the hackers complete control of the device and it is persistent – it can’t be undone via a system reboot, for example.
4)Systems promiscuity
Taking the example again of Miller and Valasek, their initial incursion was into the car’s on-board entertainment system, the head unit. After compromising this they managed to achieve a refresh of microprocessor firmware, allowing ultimately for access to the CAN mcu Renesas v850, and then remote control of the car. Similarly, Troy Hunt figured out that the Leaf’s smartphone app interface (API) used only the VIN to control car features, such as current battery life, times and distances travelled and climate control, remotely without passwords.
Separation is one of the fundamental principles of security, so it’s not only dispiriting to see it ignored in so many cases when it comes to IoT-related systems, it’s downright dangerous.
Secure separation might have meant Miller and Valasek were able to interfere with the Jeep’s in-car entertainment system, but crucially not then move to the vital system which controlled steering and brakes. We must act now to lock down the risks that come from software vulnerabilities.