Jump to content

Talk:Automotive security

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
[edit]

14. "CycurIDS". ESCRYPT. Retrieved 5 July 2019.

This citation link leads to a 404 page. — Preceding unsigned comment added by 47.17.170.3 (talk)

Looks like the current url for the Escrypt CycurIDS system is [[1]] but from a quick glance I'm not sure it reflects the level of detail it's being used to support on the page. Retswerb (talk) 06:48, 11 October 2020 (UTC)[reply]
The existing souce was very much business-to-business advertisement oriented. I changed it to a journal article which more or less supports what's said. @Retswerb:. Graywalls (talk) 08:04, 13 October 2020 (UTC)[reply]
Nice find. Retswerb (talk) 23:51, 16 October 2020 (UTC)[reply]

Cyber security in Automotive vehicles

[edit]

Abstract: Automated Vehicles have widely been used as they offer convenience and satisfactory driving experience. However, as much as these automated vehicles have quite been widely adopted, there are vast security risks, which could compromise the configured security systems. With the outburst of information systems and use of Internet of Things (IoT), most automated vehicles have technological features, which help drivers navigate through vast transport networks. The automated vehicles are thus embedded with vast data including transportation routes, private information such as address, music streaming accounts, locations etc. There has been increased cases of hackers and terrorist targeting the automated vehicles, with the aim of compromising the security of these AV vehicles by misconfiguring information, identity theft, and falsification of data. There is hence need for advanced security approaches seeking to increase the confidentiality, availability and integrity of data integrated within these Automated Vehicles. Comprehensive measures such as adhering to the proper security measures as well as ensuring compliance with the existing legal regulations and guidelines while adopting the autonomous vehicles could be one of the vast ways of making the autonomous vehicles resilient against the different cyber threats.

Introduction:

          The digital age entails increased and continuous interaction with data which necessitates actions to keep electronic data from being used illegally or without authorization. Connected vehicle technology equips a vehicle with smart sensors and network access to optimize its operation and maintenance, and also passenger comfort (Kim et al., 2021). Cyber terrorists and hackers could take advantage of the connected vehicle technology by using it as a means to an end to cause violence disruption (Kim et al., 2021). As more car manufacturers continue to innovate features in autonomous vehicles, there is strong likelihood that hackers could continue to target these vehicles with the aim of interfering with the software and hardware configurations of the vehicle technologies Installing software in linked cars is usually the first step in preventing cybersecurity-related disruption to violence and further integrating security in depth mechanism in protecting layered architecture, methods and protocols used in designing autonomous vehicles. Governmental and business leaders agree that this extremely sensitive area of technology must be protected, despite minimal progress in creating efficient cybersecurity standards.

The history of vehicle automation technology:

          The earliest application of connected automotive technology was in the 1990s when General Motors Corporation adopted the OnStar system (Takahashi, 2018). The OnStar system facilitated communication through phone calls between drivers in the cars and the GMC call center regarding the location and driving conditions of the car to coordinate emergency responses. With advancements in technology as the years went by, automobile manufacturers increased their connected vehicle offerings and connectedness in their product models when responding to the growing consumer demand (Takahashi, 2018). For example, a broadcast-display screen for both information and entertainment broadcasts that consumers accessed via a touch screen.
          It is through technological acceleration in the 2010s that linking or automating vehicles at any level became a reality, especially with the advancements in automotive technology. The first instance of remote manipulation to automotives was recorded a connected in Austin, Texas in 2010. Since then, cyber terrorists from around the world have constantly proven that cybersecurity software is vulnerable and could be subject to hacks and unauthorized access (Taeihagh & Lim, 2019). There have been countless cases where insecurity in vehicle automation technology has led to the damage of confidential information of clients and the exposure of critical financial information of manufacturers through hacks by cyber terrorists to the technology (Taeihagh & Lim, 2019). Emergence of both white hat hackers and black hat hackers arose in attempting to compromise the effective functioning of the automated vehicles in altering features such as braking, infotainment, etc.
           Understanding the historical evolution is important as it shows the foundation on which vehicle automation technology is built. It also prepares the public for embracing driverless automobiles, deliveries by drones, and other autonomous technologies predicted to be part of their daily life (Jahan et al., 2019). From the historical account of events, an evolution from the manual operation of automotive industry practices to potentially fully autonomous implementation of operations is shown together with the importance of the autonomy strategy designed to determine the extent of automation implemented (Jahan et al., 2019). There is a possibility that manufacturers develop a system of contractual assumption of risk for linked vehicles to cater for responsibility taking in case of accidents happening.

Cybersecurity issues and vulnerabilities in vehicle automation technology:

          Technology adoption in automobiles is beneficial as it lowers fuel use and helps avoid car accidents brought by human error among other advantages. However, vehicle automation technology has a downside like any other technological advancement. For example, in pre-AV technology, vehicle hijacks were confined to in-person attempts compared to post-AV where cyber terrorists could gain access to a vehicle's steering, braking, or acceleration systems by breaching the vehicle’s source code which would enable the cyber-terrorist to weaponize that vehicle and potentially, others of the same model (Kim et al., 2021). An alternative way of hijacks through AV technology would be the use of ransomware that would hold the driver of a vehicle captive until the ransom is paid to the hijackers.
          Another new security risk for drivers and automobile manufacturers that could arise from aspects of connectivity of the AV technology is that by having a clustered computer network for control of all operations of a vehicle, numerous points of entry into the internal network that were previously unattainable are opened giving a potential route into the vehicle for malicious actors (Kim et al., 2021). Many electronic control units (ECUs) are required to facilitate the operation of the numerous electronic components in a car thus the creation of a central computer network. Centralization of the network helps to control and monitor the functioning of a host of digitally interlinked elements within a connected automobile.
          Another cybersecurity vulnerability in automotive technology is where communication between parties is over a wireless network, there is the risk of complete infiltration into the internal network of a vehicle by an outsider, (Takahashi, 2018) due to the presence of an external server. For example, hackers can access communication between an emergency assistance agent of a manufacturer company and a buyer of a new vehicle from the manufacturer company. Addressing vulnerabilities becomes more challenging when manufacturers have their automotive supply chains spread out globally.

Another key vulnerability in the autonomous vehicles include that hackers could remotely access these vehicles systems and misconfigure safety and other critical operations. For instance, the hackers could interfere with the remote control of vehicle features and other key vehicle configurations, and this could potentially cause significant damage such as accidents (Parekh et al., 2022). Hackers could perform comprehensive actions by controlling wipers, killing the engine, controlling the radio etc. The fact that autonomous vehicle systems could be access remotely, increases the threat surface of attack, and require manufacturers to adopt better ways of securing these vehicles. Cases of terrorist attacks and vehicle hijacking have been mainly possible due to hackers compromising the security of the AV technology (Golden, 2018). Specifically, with the hackers being familiar with most of the technologies used in automated vehicles, it becomes quite relatively easier for the hackers to monitor the movement of the autonomous vehicles and make specific compromises, hence affecting the performance (Gaber et al., 2021). It is further possible to weaponize a vehicle while accessing its systems, unlike the traditional non-AV technology where there was limited action on what hijackers could do; today there are vast improved ways of accessing the system configurations of these autonomous vehicles. As automotive technology continues to advance, there is high likelihood that there could be more vulnerabilities in AV technologies. Most of the modern automobiles have lane assist features, advanced sensors, automated emergency braking system etc. The vast technological improvements on the AV technology just increases the surface of attack as hackers have the potential to attack more than just one feature of the car system (Golden, 2018). As more system configurations tend to be embedded in most vehicles’ systems, there is high likelihood of more hacks onto these systems. The case of 2015 Jeep Cherokee: The 2015 Jeep Cherokee was one of the autonomous vehicles, which was breached by white hat hackers. The hackers controlled the braking, steering wheel, wipers and other specific configuration and manipulating the initial set up of the manufacturer’s security configurations. Before the 2015 Jeep Cherokee was successful remote controlled the hackers had managed to easily access the 2010 Toyota Prius and the 2010 Ford Escape by merely using a wired connected to access the radio amongst other features (Pandey, 2022). From the 2015 Jeep Cherokee system access, it became evident that the autonomous vehicles could be easily identified and accessed by third parties. Additionally, the head control unit in autonomous vehicles is not as secure as it seems, with infotainment on most vehicles becoming easily manipulated (Pandey, 2022). The 2015 Jeep Cherokee had been using an infotainment manufactured by Harman Kardon, where the code used in executing commands was not securely configured. From this incidence, there is need for comprehensive approaches by car manufacturers in effectively configuring and securing the automated vehicles. Potential solutions to AV technology-related cybersecurity concerns:

          The first way of dealing with the vulnerabilities of AV technology is by continuously experimenting with the existing connected automotives to determine how vulnerable they are to cyberattacks (Taeihagh & Lim, 2019). Continuous testing of these vehicles before their release in the market could be another approach towards improving the performances of these vehicles. Experimenting and testing could possibly enable vehicle manufacturers identify mistakes and errors and possibly deriving ways of solving them. Installation of appropriate error and mis
Another way of reducing AV technology’s susceptibility to cyberattacks is through lawmakers and cybersecurity experts working cohesively to create software and digital structural proposals that align the best commercial practices with quality cybersecurity technology for automobiles (Taeihagh & Lim, 2019).  A fruitful collaboration of the named two parties, in this case, would contribute towards preventing the impending potential chaos and destruction of cyberterrorism.
          Another potential way to reduce AV technology’s susceptibility to cyberattacks would be creating global standards that can be upheld by law or contract as it would also foster consumer confidence in the usage of new and high-tech automobiles (Taeihagh & Lim, 2019). Global standards would help manage and control the supply automotive chains of manufacturers in various countries. Addressing AV technology-related cybersecurity concerns could also be done by defining to distinguish the responsibilities of original manufacturers and their third-party software developers’ counterparts to know who is to blame for unreasonable safe faults in the autonomous technology.

Adopting an effective approach in managing risks by identifying them and developing an appropriate way of preventing these risks could be one of the approaches towards preventing cyber-attacks on the Automated vehicles (Pandey, 2022). Risks could be identified by continually implementing penetration measures, in identifying vulnerabilities with the configuration of the hardware and software components of the overall systems. Application of qualitative and quantitative risks analysis and assessment techniques is vital in the overall risk identification and deriving the appropriate ways of overcoming the given risk. Car manufacturers need to derive proactive ways in managing risk to prevent the action of attackers in compromising the configurations of software and hardware of autonomous vehicles. Advanced security measures such as layered security approach could further increase security configurations and hence limit the cases of attacks and cyber security issues on the automated vehicles. A layered approach could entail examining the architectures, design methods, codes, programs, and failover and recovery approaches of the underlying security measures (Pandey, 2022). It is important to adopt a multi-faceted approach while securing the automated vehicles as this could increase their resilience towards the vast threats and risks that could compromise their effective functioning. Conclusion:

         There is work to do if high standards in automotive cybersecurity are to be achieved. The automotive manufacturing industry could use help from governments in addressing cyberattacks. Public opinion surveys conducted in the recent past have constantly revealed considerable customer anxiety about the possibility of a connected car being compromised (Kim et al., 2021). Collaboration would help the industry become more consumer-responsive and address the concerns of the public regarding the technological preparedness of the industry. Collaboration would also help shape and arrive at the most suitable policies to better the automotive manufacturing industry. It is also advisable for individual companies to build a testing and validation facility that would boost the industry’s readiness to handle threats to connected automotive cybersecurity.



References: Gaber, T., El Jazouli, Y., Eldesouky, E., & Ali, A. (2021). Autonomous haulage systems in the mining industry: Cybersecurity, communication and safety issues and challenges. Electronics, 10(11), 1357. https://doi.org/10.3390/electronics10111357 Golden, J. (2018). The Darkening Storm of Cyberterrorism: International Policy Adaptation for Automotive Cybersecurity Regulations. Jurimetrics, 59, 267. https://www.proquest.com/docview/2308459367?accountid=10181&parentSessionId=YVUdAfnXE6FysexcNhVw7vtJtiyyf6YdAvn01ZrWv14%3D Jahan, F., Sun, W., Niyaz, Q., & Alam, M. (2019). Security modeling of autonomous systems: a survey. ACM Computing Surveys (CSUR), 52(5), 1-34. doi.org/10.1145/3337791 Kim, K., Kim, J. S., Jeong, S., Park, J. H., & Kim, H. K. (2021). Cybersecurity for autonomous vehicles: Review of Attacks And Defense. Computers & Security, 103, 102150. doi.org/10.1016/j.cose.2020.102163Get rights and content Pandey, M. (2022, May). A review of factors impacting Cybersecurity in Connected and Autonomous Vehicles (CAVs). In 2022 8th International Conference on Control, Decision and Information Technologies (CoDIT) (Vol. 1, pp. 1218-1224). IEEE. https://ieeexplore.ieee.org/abstract/document/9804071/ Parekh, D., Poddar, N., Rajpurkar, A., Chahal, M., Kumar, N., Joshi, G. P., & Cho, W. (2022). A Review on Autonomous Vehicles: Progress, Methods and Challenges. Electronics, 11(14), 2162.; https://doi.org/10.3390/electronics11142162 Taeihagh, A., & Lim, H. S. M. (2019). Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks. Transport reviews, 39(1), 103-128. DOI: 10.1080/01441647.2018.1494640 Takahashi, J. (2018). An overview of cyber security for connected vehicles. IEICE TRANSACTIONS on Information and Systems, 101(11), 2561-2575. DOI: 10.1587/transinf.2017ICI0001 PKSS myname (talk) 04:51, 3 November 2022 (UTC)[reply]