Connected cars, signals systems, mischief and European drivers. These scare me.
Accidents are bad, and ones in cars tend to leave occupants and people outside in a worse way than most. Car manufacturers do a lot to protect both parties (airbags, ABS, interior and exterior shape etc). However, there is a limit as to what can be done. After all, 2000kg moving at speed is a lot of momentum…
Some bright spark has come up with the idea of connecting cars together, in what I guess is some form of automotive Internet (heh, the *real* information superhighway… (I’ll get my coat)).
According to that Europa.eu press release:
“Imagine that you are driving along, and a message is projected on your windscreen, warning you of an accident that has just happened around the next corner. This could soon be a reality thanks to new European standards. Connected cars, able to communicate with each other and with road infrastructures, are expected to appear on European roads in 2015.”
Too much trust
We’re all familiar with vulnerabilities in Radio Frequency based protocols (WiFi, Bluetooth, ZigBee and so on). At least in those protocols, in general, there is no direct potential for loss of life. However, we’ve all seen news about people going the wrong way (and may have occasionally done so ourselves) due to blind faith in the sentience and power of the humble sat nav. The phenomenon is known as “Brain abdication” (I’m not sure if this is a scientific term, but it describes the idea well).
But what happens when people start acting on information about road conditions? Will it lead to better traffic flow and less road problems? For what it’s worth, I doubt it (and those of you who use any of the UK’s motorway network will likely agree). But, what about when nefarious types start hacking the system? What then? And don’t think for one moment that the system won’t be hacked…. Road signs, for example, have been hacked before, and for some you have to give credit for imagination.
Hacking car control systems
Like many things that vendors think won’t be hacked, they generally will be. There has also been plenty of research into hacking car control systems:
- “Adventures in Automotive Networks and Control Units” Miller and Valasek
- “How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles” Staggs
Both of those presentations were given at DefCon 21 last year. Another presentation at an earlier DefCon focused on traffic update systems for cars. In the latter example, they managed to convince in-car navigation systems that serious events had occurred. I’m not an expert on TPS, but as far as I know it’s another broadcast medium. There aren’t, as far as I’m aware, all that many transmitters which means that you don’t get highly granular information. I assume this is what the EU wants to rectify.
What the EU is looking to do is to take all of this information and blend it together. On paper it sounds like a good idea. Like I’ve already mentioned, increasing human safety is always a good thing. With this idea it seems that you can actually reduce safety! Hmm, probably not what the bureaucrats had in mind…. Of course, you also have to take into account the fact that the project will be rushed. And with that comes corner cutting and failure to observe secure coding practices.
What about security?
What about security? How will they secure the system? You can’t limit how RF is broadcast when the requirement is for all nodes in a network to receive the same information. That means that an attacker, situated almost anywhere and with a powerful enough antenna, can overwhelm the legitimate signal to the cars.
Create a fake accident to block a road? Yup, that could be done. Just broadcast the code and location and the cars will pick it up. Then they become digitally herded into a specific location. This could be done for many reasons, the most innocent of which is simple mischief.
However, remember “The Italian Job” (the original, not the poor remake!)? They “hacked” the traffic network to take control of the traffic light system in Turin in order to carry out a heist. What if modern day thieves also wanted to do this? Create a diversion by creating a traffic problem. Set traffic up to block police stations, or routes from them. Carry out the heist and clear your way to a spectacular escape.
Let’s say that they decide to implement some form of encryption and authentication. How is that going to be managed? Every user will have access to a device and will, given time, skill & motivation, be able to take it apart. More likely is that they will leave JTAG ports on the PCB with some form of debug console. Will it be a shared key, or some form of PKI?
Let’s take this a step further. Google, and others, have been trialling self-drive cars. At the moment, the cars rely on an array of sensors to gather information about their environment and use GPS to plan a route between points. In order to avoid other road users, the sensors are hooked up to computers that run a whole bunch of sophisticated machine vision algorithms.
For anyone that is interested in this sort of stuff look up Sebastian Thrun, his team won the 2005 DARPA Grand Challenge. If driverless cars use the EU “smart car grid” for real-time traffic information, then it wouldn’t take much for an attacker to be able to re-direct the car to where they want them to go. It would make kidnapping people a lot easier (theoretically, I’ve never done it so I can’t comment directly….). Now we have an autonomous car that believes what the road is telling it. No driver to intervene when things go awry. Now I’m definitely going to get my coat, and my road bike…
A real threat to life?
All this goes to show that the consequences of poor computer security are no longer simply constrained to financial or reputational arenas. There is a genuine threat to life with systems like this, and I, for one, hope that the designers, implementers and guardians of such systems take security very seriously and build it in from step one.