Have you ever imagined owning a car that can drive itself; that can independently determine the fastest route to reach your end destination with its navigation system, but also finds the most fuel efficient journey? At the same time, it automatically registers itself for servicing, renews its own insurance and is smart enough to prevent accidents by assessing driver’s vital functions and alerting passengers to potential problems. Also imagine that this car drives on its own through traffic jams and motorways.
If this all seems very futuristic and more of a pipedream, the reality check is that this technology is here today. This disruption in the car market is already in progress, thanks largely to the integration of the Internet of Things.
These cars are known as ‘Connected Cars,’ and are equipped with Internet access (wireless and LAN) that can be shared with other devices, both inside as well as outside the vehicle. These cars are often fitted out with special technologies that tap into the internet or wireless LAN and provide additional benefits to the driver. Examples include automatic notification of crashes, notification of speeding, safety alerts and so on.
However, none of these sub-systems are protected from any kind of hacking. Hence, it is a piece of cake for any hacker who has the ingenuity and talent to hack into these cars and tamper with the system. For example, a hacker can apply the brakes through wireless technologies when the car is moving, without the knowledge of the driver. It’s not difficult to imagine the tremendous damage that will be caused when a car is in motion and suddenly stops without the driver knowing this is about to happen.
It is imperative to prevent these types of attacks, and in today’s increasingly connected world of IoT, there is a growing need for more security around products, like cars for example, that didn’t previously need it.
So where does the problem lie in securing connected cars?
All modern cars have computer networks to control their functions. These networks control the engine, the brakes, the navigation systems and so on. These networks are also used to control the entertainment systems. They have a common protocol underneath the wires that carry the messages, which is known as the Controller Area Network or CAN. The CAN network is the central part of all the communication taking place, carrying messages to and from various nodes inside the car. These nodes serve different functions, for example, one might be controlling the engine and is usually called the Power Train Controller, and another might be controlling the windows. These nodes are generically named Electronic Control Units (ECU).
The CAN network, curiously, does not have any addresses for those nodes, which are in fact nameless entities on the CAN network. The source of all the insecurity in the CAN bus, this was determined by the overriding committee which created CAN. That said, the CAN messages themselves, emanating from the nodes, do have addresses. Hence, any node which is interested in any message will filter these and receive the relevant message based on its address. As a consequence, the node which receives the message will never know from where this actually originated.
There are many CAN networks inside a car, which are joined together in a certain way and accessed via a specially designed gateway called the OBD interface. The CAN buses are also tied together in the instrumentation cluster as well. Hence, if somebody accesses the CAN network through Bluetooth in the instrumentation cluster, they can send malicious commands to the network, causing the car to stop, accelerate and so on, without the knowledge of the driver.
So, what is the solution?
One possible solution is to have a master-slave relationship in the CAN network, which will be in contrast to what the CAN bus is all about. The CAN bus is a master-master network and would require huge change in terms of how it is designed to be repositioned as a master-slave setup. However, this will enable the CAN network to work with encryption and the keys can be created and exchanged through the master-slave architecture, preventing any attacks from outside the CAN bus. Another possible solution is to move away from the CAN network altogether and to utilise a different network with encryption inbuilt. One example that a famous car company has been experimenting with is Ethernet technology.
Of course, CAN is a very resilient network and is therefore difficult to replace, but these problems must be addressed in order to control the very real menace that exists and is hacking these types of cars. At the end of the day, this problem is only set to rise as we get more and more connected cars hitting our roads and motorways, and I for one wouldn’t want to be in a car that suddenly becomes the victim of a malicious attack.