Cybersecurity continues to be an issue in our environment. This concerns both old and new technology applied commercially and with consumers. Cybersecurity is also applicable to various industries. Recent examples abound in the current news. There has been hospitals recently being the recipient of ransomware and other malware. Granted this was traumatic for the respective hospital as their patient records were encrypted, however the reach goes far beyond this with the issues for the patients. There were also however a number of associated issues with this as any stolen patient records were being sold on the dark web, loss of trust and rapport within the community, the hospital administrator had to decide whether to pay the ransom or not, and analyzing the possible fines for the HIPAA violations. Banks have also been targeted by malware, in the form of phishing and SWIFT involving millions of dollars. Other businesses have been the victim of the executive wire scam.
Cybersecurity is becoming more of an issue. The government is planning more of a focus on this, as shown by the FCC becoming more involved with ensuring businesses apply the appropriate level of security to their enterprise. This has been handled in various cases as of late, with a hotel chain and other entities. One area not addressed at length is vehicle cybersecurity. Two congressmen, Senators markey and Blumenthal from Massachusetts and Connecticut respectively, have requested the FCC focus more on this aspect of our society (Markety, 2016). As of mid-September 2016, the vehicle manufacturers have not been assessed fines for the lack of vehicle cybersecurity, as other industries for their cybersecurity breaches.
Vehicle Vulnerability-Remote Door Control
There are a number of vulnerabilities with vehicles from various sources. These can be internal to the vehicle or from external sources. Specifically for this topic, the subject vehicles have a vulnerability with the unlocking of the doors using a remote or fob. One method to unlock remotely a vehicle a vehicle involved RFID functionality. The issue with this generally is the cryptographic keys tend to be too short (Bono, Green, Stubblefield, Rubin, Juels, & Szydlo, n.d.) As the length is too short, and cracked too easily. The other method involves the key fob.
VW
This year has certainly brought a certain level of notoriety to the VW nameplate. The first significant issue was concerning the misrepresentation of the diesel-emission test results. This proved to be very costly, financially and reputationally. If this was not a sufficiently negative event, there is now another issue regarding a significant vulnerability. This affects millions of VW vehicles manufactured since 1995 (McHugh, 2016; Utermohlen, 2016; Auchard, 2016; McGoogan, 2016; Ross, 2016; Bing, 2016; Abel, 2016; Reuters, 2016; Greenberg, 2016; Brown, 2016). This vulnerability was found in 2012 (Pagliery, 2016). The researchers were ready, willing, and able to publish this in 2013 but were sued by VW to cease the researchers from publishing for two years (Greenberg, 2016; Pagliery, 2016).
Manufacturing Process
In this case, the key fob is involved. This is used as the user pushes the button, the fob communicates to the vehicle and authenticates itself, as the car door(s) unlock, the lights blink, and the user is able to enter the vehicle. This appears to be a relatively simple process.
The manufacturing process itself also appears to be relatively straight-forward process. As the vehicle moves along the line, the equipment is added to the frame and vehicle as it takes the familiar shape. Near the end of the manufacturing line, the key fob for the vehicle is ready for programming. At this point, the application and code are programmed into the vehicle (Intagliata, 2016). This is done for every var. As the fob is coupled to the vehicle, the crypto-algorithm is applied to the code for each car. Years ago, this methodology was fine for that short time period. However after millions of vehicles, or samples to test, the cryptographic measures are not so robust. For the purpose of this discussion, this was the process for the Volkswagen Group for 20 years (Intagliata, 2016).
Hardware
The researchers were able to easily clone the remote keyless communication between the key fob and vehicle. This was done using common equipment (McHugh, 2016) that may be secured by anyone. Specifically this used an RF transceiver made with a Arduino processor, a handful of other basic parts, and a 9 volt battery. Although these cost approximately $40 USD (Abel, 2016; Ross, 2016; Bring, 2016; Greenberg, 2016; McGoogan, 2016). This assisted the researchers to break/decode the crypto-algorithm used to encrypt the communication via analyzing the chips in the VW group vehicles and fobs (Intagliata, 2016). The researchers are not divulging where or how it acquired the crypto key (Davies, 2016; Khandelwal, 2016). Once decrypted, the researcher and attackers are able to put this into a generic fob and unlock the vehicles (Intagliata, 2016). With this in hand, the attackers do not require any damage to the vehicle to steal it (Bing, 2016). Thus, the hardware itself to exploit the vulnerability is relatively simple.
The hardware of this attack uses a radio transmitter to complete the man-in-the-middle (MitM) attack to sniff the communication between the fob and the car (Hopping, 2016; McHugh, 2016). This communication contains a limited amount of data, including the master key code (Ross, 2016). This coupled with the algorithm allows the attacker to reach the goal of unlocking the vehicle. The attack can done up to 300 feet away (Bing, 2016; Greenberg, 2016) or 100 meters (Kan, 2016).
The decryption of the signal and cloning it (McHugh, 2016; Bing, 2016; Courtney, 2016) describes the more basic attack on these vehicles. The more advanced attack, Hitag2, was focussed on the Chevrolet, Renault, and Ford select models (Ross, 2016; Tung, 2016). This version focussed on cracking the rolling code, as this was used with these models, which took merely one to a few minutes to crack (Davies, 2016; Solon, 2016). As this is cracked, the final checksum for this is predictable (Ross, 2016; bing, 2016; Garcia, Oswald, Kasper, & Pavlides, 2016).
Remediation
First, it is notable and disturbing how VW handled this issue. VW stated in their manufacturing process the state of the art security is implemented with their vehicles. This is beneficial to the users. They however noted that there is no 100% guaranty in their vehicle security (Murdoch, 2016). This is a well-accepted generalization for the info sec industry. The issue is with VW stating this, it appears as though this has been fully internalized by VW and they are accepting to secure every aspect. Granted, securing every aspect is not possible due to unknown vulnerabilities, however a fully secure vehicle should be a goal striven towards.
This attack, both versions would explain the stolen vehicle insurance claims when the owner claimed the vehicle was locked (Zorz, 2016).
VW had been aware of the issue for years (Intagliata, 2016; Bing, 2016; Reuters, 2016) since 2012 (Greenberg, 2016). In 2013, the researchers were ready to publish this when VW sued them to stop this publication for two years. The models affected include Ford, Chevrolet, Nissan, and Mitsubishi as these used the same process for the fob as VW. This also affected GM’s Opel and Renault models (McHugh, 2016) and Peugeot (Brown, 2016). Of these,the VW models are the most at risk (Hopping, 2016; Bing, 2016). All of these had the same weak crypto-algorithm in place (Intagliata, 2016).
With recent models, VW has stated the issue has been corrected (Davies, 2016; Utermohlen, 2016; Tragianis, 2016). This has been updated with the unique security keys (Brown, 2016) and the MQB Modular Transverse Matrix (McGoogan, 2016).
References
Abel, R. (2016, August 12). Volkswagon bug: 100M vehicles vulnerable to door unlocking hack. Retrieved from http://www.scmagazineuk.com/researchers-vulnerability-affecting-every-volkswagon-since-1995/article/515616/
Auchard, E. (2016, August 11). Keyless entry systems on most volkswagens, audis, can be hacked: Researchers. Retrieved from http://theglobeandmail.com/globe-drive/culturetechnology/keless-entry-systems-on-most-volkswagens-audies-can-be-hacked-researchers/article31379613
Bing, C. (2016, August 12). 100 million vehicles are vulnerable to hack that unlocks door. Retrieved from http://fedscoop.com/volkswagon-hack-ford-nissan-fiat-august-2016
Bono, S., Green, M., Stubblefield, A., Rubin, A. Juels, A., & Szydlo, M. (2016). Exploiting RFIDs: Car immobilizers and the exxon mobile speedpass. Retrieved from https://securityevaluators.com/knowledge/case_studies/rfid/
Brown, B. (2016, August 11). 100 million volkswagen vehicles can be unlocked wirelesslessly by hacker thieves. Retrieved from http://www.digitaltrends.com/cars/remote-key-fobs-vulnerable-vw/
Cockfield, B. (2016, May 3). Volkswagen beetle-The most hackable car. Retrieved form http://hackaday.com/2016/05/03/volkswagen-beetle-the-most-hackable-car/
Courtney, W.S. (2016, August 11). 100 million volkswagen cars threatened by wireless key hack. Retrieved from http://www.thedrive.com/news/4801/100-million-ovlkswagen-cars-threatened-by-wireless-key-hack
Davies. C. (2016, August 11). Volkswagen hack renders millions of car locks useless. Retrieved from http://www.slashgear.com/volswagen-hack-renders-millions-of-car-locks-useless-11451502
Fadilpasic, S. (2016, December 8). Got a volkswagen? You might want to read this one. Retrieved from http://www.itproportal.com/2016/08/12/got-a-volkswagen-you-might-want-to-read-this-one/
Garcia, F.D., Oswald, D., Kasper, T., & Pavlides, P. (2016). Lock it and still lose it-On the (in)security of automotive remote keyless entry systems. Retrieved from https://assets.documentcloud.org/documents/2010178/Volkswagen-amp-HiTag2-Keyless-Entry-System.pdf
Greenberg, A. (2016, August 10). A new wireless hack can unlock 100 million volkswagens. Retrieved from https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/
Hopping, C. (2016, August 14). Keyless car entry systems could be a huge security risk. Retrieved from http://www.itpro.co.uk/hacking/27088/keyless-car-entry-systems-could-be-a-huge-security-risk
Intagliata, C. (2016, August 12). Remote door controls are car security flaw. Retrieved form http://scientificamerican.com/podcast/episode/remote-door-controls-are-car-security-flaw/
Khandelwal, S. (2016, August 11). Car thieves can unlock 100 million volkswagens with a single hack. Retrieved from http://thehackernews.com/2016/08/hack-unlock-car-door.html?utm_source=feedburner&utm_medium=feed&utm+campaign=Feed%3A+TheHackerNews+%28The+Hacker+news+-+Security+Blog%29&_3...
Knight, H. (2016, July 18). Understanding electronic control units (ECUs) in connected automobiles and how they can be hacked. Retrieved from https://www.alienvault.com/blogs/security-essentials/understanding-electronic-control-units-ecus-in-connected-automobiles-and-how-they-can-be-hacked
Liberatore, S. (2016, August 12). Security experts reveal $40 device that would allow thieves to wirelessly unlock nearly every volkswagen made since 1995. Retrieved from http://www.dailymail.co.uk/sciencetech/article-3737375/Security-experts-reveal-40-device-allow-thieves-wirelessly-unlock-nearly-Volkswagen-1995.html
Markey, E.J. (2016, August 4). Markey and blumenthal call on the FCC to help improve vehicle cybersecurity and privacy protections. Retrieved from http://www.markey.senate.gov/news/press-releases/markey-and-blumenthal-call-on-the-fcc-to-hep-improve-vehicle-cybersecurity-and-privacy-protections
McGoogan, C. (2016, August 11). Bought a volkswagen in the last 20 years? It can probably be unlocked by hackers. Retrieved from http://www.telegraph.co.uk/techology/2016/08/11/bought-a-volkswagen-in-the-last-20-years-it-can-be-probably-be-unlo/
McHugh, D. (2016, August 12). Security experts: Remotes are hackable on many vehicles. Retrieved from http://napavalleyregister.com/news/world/security-experts-remotes-are-hackable-on-many-vehciles/article_3e2c5da6-16ad-532a-b56f-7bdc7de2ae94.html
Murdoch, J. (2016, August 12). Volkswagen security vulnerability leaves 100 million cars wide open to wireless key hacking. Retrieved form http://www.ibtimes.co.uk/volkswagen-security-vulnerability-leaves-100-million-cars-wide-open-wirless-key-hacking-1575624
Pagliery, J. (2016, August 14). Volkswagen hid a car hacking flaw for two years. Retrieved from http://money.cnn.com/2015/08/14/techlogy/volkswagen-car-hacking/index.html
Reuters. (2016, August 11). Millions of vw’s cars can be hacked with a cheap device, experts show. Retrieved from http://www.nbcnews.com/business/autos/millions-vw-s-cars-can-be-hacked-cheap-device-experts-u628271
Ross, P.E. (2016, August 15). Millions of volkswagens can be unlocked by hackers. Retrieved from http://spectrum.ieee.org/cars-that-think/transportation/safety/millions-of-volswagens-can-be-unlocked-by-hackers/?utm_source=CarsThatThink&utm_medium=Newsletter&utm_campaign=CTT08172016
Solon, O. (2015, August 14). VW has spent two years trying to hide a big security flaw. Retrieved from http://www.bloomberg.com/news/articles/2015-08-14/vw-has-spent-two-years-trying-to-hide-a-big-security-flaw
Tragianis, N. (2016, August 11). Researchers find security flaw with vws built since 1995. Retrieved from http://driving.ca/volkswagen/auto-news/news/researchers-find-security-flaw-with-vws-built-since-1995
Tung, L. (2016, August 11). Millions of vw cars at risk: Wireless hack lets crooks clone volkswagen keys. Retrieved from http://www.zdnet.com/article/millions-of-vw-cars-at-risk-wireless-hack-lets-crooks-clone-volkswagen-keys-at-100m/
Utemohlen, K. (2016, August 11). Millions of vw cars at risk of unlocking hack. Retrieved from http://investorplace.com/2016/08/vw-hacked/#.V6zZhPkrK00
Zorz, Z. (2016, August 11). Hundreds of millions of cars can be easily unlocked by attackers. Retrieved from https://www.helpnetsecurity.com/2016/08/11/cars-easily-unlocked-attackers/
No comments:
Post a Comment