Preventing CAN Injection Car Theft – PlaxidityX Ep 13

00:00:00:10 - 00:00:03:13 Welcome to cars, hackers and cybersecurity. 00:00:04:02 - 00:00:07:02 Here we break down the latest in automotive cybersecurity, 00:00:07:02 - 00:00:10:16 helping you stay ahead in building secure connected vehicles. 00:00:12:17 - 00:00:20:23 Hi today will uncover can injection car attacks. Breaking down how these hacks work and how automakers can secure their vehicles. 00:00:21:06 - 00:00:48:04 Automotive websites and global media outlets such as MarketWatch, MSN and The Telegraph have been packed with news about the latest trend in car theft, a hacking technique known as can injection, or, in more graphic jargon, headlight can injection the ease with which car thieves can break into, start and drive away with a parked car has created a major ruckus among both car owners and automakers. 00:00:48:06 - 00:00:53:02 Let's examine how can injection works and what automakers can do about it. 00:00:53:10 - 00:01:15:17 Auto theft has been around as long as automobiles themselves. Back in 1919, the Dyer Act in the U.S., also known as the National Motor Vehicle Theft Act, made the interstate transport of stolen vehicles a federal crime. The first vehicle anti-theft device, a removable steering wheel, hit the market during the 1920s. 00:01:15:18 - 00:01:37:21 This was before door locks were invented. Car alarms took off during the 1950s, followed by immobilizer that required having possession of a smart key fob to start the engine. But car thieves adjusted quickly rather than breaking into a car owner's residents to steal the key. They developed a way to wirelessly copy the key and thus gain full access to the car. 00:01:37:23 - 00:01:51:12 In response, metal key protectors were invented to block the keys wireless signal, and so the cat and mouse game between thieves and security professionals continues. The latest twist is impressive. There are videos showing thieves stealing a 00:01:51:12 - 00:01:54:15 2021 Toyota Rav4 in under two minutes. 00:01:54:15 - 00:01:58:22 without breaking into the car. The thieves did not have access to a smart key. 00:01:59:00 - 00:02:21:08 Instead, they focus their efforts on the headlight. More specifically, they pulled off the bumper and unplugged the headlight to reach its wiring. The question is, how is it possible to steal a car equipped with modern and sophisticated security systems? By tapping into the headlight wiring in a blog by Doctor Ken Tyndall, a Can network security expert, he uncovers the mystery. 00:02:21:10 - 00:02:32:20 The thieves used a technique known as can injection in order to unlock the car. Bypass the immobilizer and start the engine all in under two minutes and with no key access. 00:02:33:09 - 00:02:44:06 What is a can and how is it compromised? A controller area network, also known as a Can bus, is a common vehicle network protocol that's been around for decades. 00:02:44:08 - 00:03:01:23 It enables electronic control units, or ECUs, to communicate with each other without complex dedicated wiring. A modern car may have over a hundred acres which control every electronic component from brakes, airbags, infotainment door locks, the engine 00:03:01:23 - 00:03:05:11 to, you guessed it, the headlights. 00:03:05:11 - 00:03:08:08 Vehicle ECUs are connected to multiple networks. 00:03:08:08 - 00:03:10:16 which are typically connected to one another 00:03:10:16 - 00:03:13:06 With special ecus that act as gateways. 00:03:13:17 - 00:03:37:14 So how does a hacker break into this network? In connected cars, sophisticated hackers can try and exploit vulnerabilities and issue software code to hack into the car remotely. But our headlight thieves don't rely on remote connections. Instead, they pick a convenient physical entry point the headlight, whose wiring is easily accessible by pulling off the bumper and exposing the wires that connect to the headlight. 00:03:37:16 - 00:03:47:21 The hacker then connects a simple electronic device, available for purchase by professional thieves on the dark web to the wires, and voila! They are connected to the network. 00:03:48:09 - 00:04:01:21 Can injection impersonates the smart key. The next step in the car theft process is impersonating the Smart Key, which is designed to exchange cryptographic messages with the vehicle in order to prove it is genuine. 00:04:01:23 - 00:04:26:04 Decoding the cryptographic encryption is a heavy task, so instead the thieves attack a much weaker link. They hack into the can bus and inject a fake message indicating that the key was validated and the immobilizer should be disabled. To put the icing on the cake, they send another fake message to the door lock ECU instructing it to unlock the car, then get in and drive off into the sunset. 00:04:26:06 - 00:04:51:02 Can injection is a huge problem? Beyond the anguish of the owner of the stolen car? Can injection theft is also a major concern for OEMs. The financial damage to an OEM whose cars get the reputation of being easily stolen can be huge, and affect the sales of a particular make or model. In cases where a physical recall is required to address the problem, the cost to the OEM grows significantly. 00:04:51:04 - 00:05:09:17 Increased theft is also a big problem for insurance companies that have to pay for the insurance claims. At the end of the day, consumers bear the final cost when insurance companies inevitably raise premiums or worse, refuse to insure certain cars in areas considered prone to car theft. 00:05:10:05 - 00:05:39:08 So how can OEMs fight back? One very effective and easy to implement measure is to deploy an intrusion detection and prevention system, or IDPs, in the vehicles. Can network IDPs software monitors computer networks and detects malicious in vehicle communication and IDPs recognizes irregular ities in messages as well as deviations from the expected sequence. This may be manifested in several ways, such as message content. 00:05:39:10 - 00:06:08:03 Each message has a predefined structure instead of allowed values, and IDPs can detect when this structure and values are violated. Message transmission timing. Each message on a Can bus has its own transmission method and expected intervals. For example, a periodic message is expected to be seen on the bus only once for every cycle time. Deviation from this timing is detectable by an IDPs, even if the message is well constructed. 00:06:08:05 - 00:06:40:13 Pattern recognition. When considering a specific process or a specific attack, we expect to see a known pattern of messages, or lack thereof, and IDPs can be set to identify such patterns and alert accordingly. Being a software solution, IDPs can be deployed as a software update without requiring additional hardware or physical modifications. More importantly, this means that OEMs can introduce this protection to vehicles that are already on the road, depending on the vehicle's architecture. 00:06:40:19 - 00:06:50:14 IDPs can be implemented either in a gateway ECU, stopping the propagation of the attack to the critical ECU or in the critical ECU itself. 00:06:50:14 - 00:07:02:23 Attack. Prevention occurs when the IDPs is placed in the gateway. When a fake message is injected, it reaches the gateway and is blocked before it can reach critical components such as the engine control ECU. 00:07:02:23 - 00:07:10:08 Alternatively, when the IDPs is placed in the engine control ECU, the malicious message will pass through the gateway. 00:07:10:10 - 00:07:28:03 Nevertheless, the IDPs in the engine control ECU will detect and block the false message such that the immobilizer would still refuse to start the car. In both cases, the critical ECU won't be impacted by the malicious injected messages, effectively rendering the thieves powerless. 00:07:28:15 - 00:07:40:02 Additional layers of defense to consider in vehicle IDPs is the first line of defense, detecting malicious messages and preventing them from impacting critical vehicle components. 00:07:40:04 - 00:08:08:12 Beyond that, there are additional layers of protection an OEM can deploy. Vehicle vulnerability management. This tool continuously analyzes the Vehicle Software bill of materials to detect public or private vulnerabilities. Automotive cyber attacks will usually exploit one or more software vulnerabilities in order to penetrate and compromise a component in the car. Addressing newly discovered vulnerabilities on a regular basis makes it more difficult for hackers to get in. 00:08:08:14 - 00:08:37:07 Fleet monitoring. Using a Vehicle security operations center, also known as V SoC, OEMs use V SoCs to monitor millions of connected vehicles. Leveraging machine learning algorithms to detect anomalies and uncover cybersecurity related incidents. If you're unsure what's the most appropriate solution for your company, Placidity XSS Automotive cybersecurity experts can help you analyze your specific vehicle architecture and recommend the best course of action. 00:08:39:02 - 00:08:45:00 That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp. 00:08:45:00 - 00:08:49:12 Stay connected by subscribing and visiting placidity. X-Com. 00:08:49:13 - 00:08:53:13 Until next time, stay safe on the road and in the cloud.