Yes, embedded systems are important

 

Do you drive a car? have you in the last five years flown on an airplane? Have you purchased any goods that were shipped to your location? If you have answered Yes to any of these, then embedded systems have played a role in your life. 

Generally, you can separate the cybersecurity area of operations into enterprise and embedded systems. The enterprise is the system we learn so much about in school and for certifications. These are the efforts to secure servers, data located on these, communication, etc. Embedded systems are a bit different. These are the modules in your vehicle controlling and monitoring steering, tire pressure, GPS, and other functions required for the machinery to operate. 

While the functions are distinct, there is a complication. Each of these systems interacts with others. The data collected and commands are used by the other systems. This is especially the case as transportation systems become more connected and autonomous systems are used more. This includes vehicles, airplanes, farm equipment, and other equipment being engineered to operate without human interaction and direction. These systems need to communicate quickly and clearly. Imagine a vehicle of your choice, receiving incorrect or malicious information and data from a "trusted" source. With someone else in control, there could be immediate and serious consequences for anything in or near the equipment. 

All is not lost though. There are steps to assist with securing these systems. The first step is to conduct a threat assessment for the device or module. This has to be done end-to-end and includes all aspects, including hardware, software, data, communications, and anything else involved with the equipment. The analysis itself is static for that point in time. The analysis should be part of the product's lifecycle. When there is a change or update, this needs to be addressed again. The update may affect other parts of the system, and create other issues. 

The next step is to review the current advanced security designs and use these to the fullest extent possible. There are a number of these including virtualization and hypervisors. 

There are further steps to follow based on the individual environment. The important aspect to acknowledge is the embedded systems are very different and need to be tested and secured in a specific manner. 

Military autonomous vehicles need security too!

 Vehicles continue to be targeted by malicious attackers and cybersecurity researchers. There is a certain notoriety involved with successfully exploiting a vehicle and/or its modules. This is a quick track to your 15 minutes of fame. The modules focused on recently have been concentrated on the consumer market. This is a natural extension, as the consumer market is massive, with cars everywhere across the globe. One area though not directly noted in abundance has been the military vehicles. These certainly have the same or nearly same embedded systems the consumer vehicles do. Granted there may be more specialized equipment in certain vehicles, however, they are more alike than different. What is an addition to this is the autonomous factor. Vehicles, consumer and military, are moving towards this. There have been numerous articles emphasizing this, especially over the last three years.

Recently a team of six student from Texas A&M University has been working on this segment of the cybersecurity industry and were recognized as one of the top hackathon teams. The team developed the PHC (picryption, HIVE, clutch) Defense. This was designed to be used with the military autonomous vehicles. What makes this more pertinent are the vehicle's  mission and critical nature. With the work these are tasked with, a hack on one or more vehicles would prove to be disastrous. The developed defense is a nuance to the defense in depth, combining software and mechanical means to secure the vehicle. The Picryption is based on a more proactive measure, with not merely noting and logging an issue but alerting the crew in the vehicle.

This is clearly a step in the right direction. These vehicles in particular have to have protection against these attacks


Resource
https://today.tamu.edu/2021/05/11/aggies-develop-cybersecurity-solutions-for-autonomous-military-vehicles/ 

Interesting new Tesla Hack!

 This is from the “What will they think of next” file. Imagine you have just purchased your dream car-the Tesla Model X. You drive it home, with the windows down and the music on. Life is good. You park in the driveway and start to walk up to your house with a smile on your face. Just before you unlock the door, you look back at your new purchase. There’s an annoying drone nearby. Your new pride and joy starts acting odd, especially since you are not in the vehicle. The doors begin to open together, then one at a time. The trunk opens and closes rhythmically with the doors. 

As odd as this sounds, this is possible and has been done. Researchers presented this work at the CanSecWest conference (virtual) on April 29, 2021. The researchers used two vulnerabilities to attack the Tesla vehicle. Their new exploit was termed TBONE. 

Method

The Tesla uses ConnMan in their network. The researchers focused on this point for their attack. To design portions of the attack, the researchers used a ConnMan emulation tool, KunnaEmu. With this, they did not require access and use of Tesla at all times when testing. What makes this a bit different and interesting is the configuration. 

ConnMan is used to manage the network connections. The attack itself combined a stack buffer overflow when processing DNS requests vulnerability (CVE-2021-26675) with a loophole in the DHCP stack (CVE-2021-26676). 

For the attack hardware, the equipment is easy to source. All the attacker needs is a Wi Fi dongle and a drone. Nothing too complicated. There is also no user interaction required. The complete attack can be done in three minutes. Once done, the attacker can, among other things, inject malicious code. 

Result 

Once exploited, the attacker can do most things a driver can, except start the vehicle. This includes unlocking the doors, unlocking the trunk, changing seat positions, changing steering modes, and changing acceleration modes. This allows full access to the vehicle. This isn’t a thought experiment. The researchers had a full recording of the attack, which they played during the presentation. 

On a tangent, they could have weaponized this. The vehicle could have uploaded the malware, and be used as an access point to infect other Teslas. This is a big deal since this could compromise any Tesla Model X that has not received the patch, even the parked ones. What makes it worse is the system is used by other OEMs who may not have patched this yet. 

Responsible Disclosure 

The vulnerability and attack weren’t sprung on the interested parties a week prior to the conference. They did inform Intel, who created ConnMan. The vulnerability was remediated with FOTA update 2020.44 by Tesla in late October 2020. 

Resources 

https://www.forbes.com/sites/thomasbrewster/2021/04/29/watch-a-tesla-have-its-doors-hacked-open-by-a-drone/?sh=d6f4c271a2bd 

https://flipboard.com/@HotCars2020/aerial-attack-cybersecurity-researchers-managed-to-hack-tesla-with-a-drone/a-li8iYV-aTQC9yfvTZ3ivig%3Aa%3A3466759924-982d88ebd6%2Fhotcars.com 

https://securityaffairs.co/wordpress/117441/hacking/tesla-model-x-hacking.html?utm_source=rss&utm_medium=rss&utm_campaign=tesla-model-x-hacking 

https://www.autoevolution.com/news/hackers-break-into-tesla-using-a-drone-flying-over-the-car-160447.html 

https://www.deskvip.com/a-tesla-car-has-its-doors-hacked-open-by-a-drone 

https://www.torquenews.com/1/tesla-hacked-drone-company-informed-and-fixed-loophole 

https://www.hackread.com/tesla-cars-remotely-hacked-with-drone/ 

https://dronedj.com/2021/04/30/german-pilots-film-their-drone-hack-of-a-tesla/ 

https://www.hotcars.com/aerial-attack-cybersecurity-researchers-managed-to-hack-tesla-with-a-drone/ 

https://kunnamon.io/tbone/