Share this
by Career Guide on Jun 6, 2023 11:42:14 AM
New research from the University of Salerno provides methods on how to detect and protect connected vehicles from cyberattacks.
By Carlos M. González
What if your car was as vulnerable to hack into as your laptop? The reality is cars today are basically a computer on wheels. According to Car and Driver, 40 percent of a new car’s cost is driven by electronic components. The New York Times reported that a modern vehicle could contain more than 3,000 computer chips. Electronics are such an essential part of a car’s design that the shortage of semiconductors due to supply chain disruption from the pandemic has impacted auto assembly lines worldwide, creating a lack of new vehicles on the market.
By introducing computer systems into vehicles, hackers have found ways to exploit their vulnerabilities. In 2015, Black Hat security researchers Charlie Miller and Chris Valasek hacked a Jeep Cherokee via its infotainment system. Miller and Valasek exploited how the vehicle autogenerated its Wi-Fi password based on the time when the car’s multimedia system would turn on. Through the infotainment system, the hackers could manipulate the air conditioner, the radio, the windshield wipers, and even the transmission. On a road test with Wired magazine, the hackers cut the transmission as the vehicle was driving 70 mph on the highway. This past February, German teenager David Colombo identified a vulnerability in the TeslaMate, a third-party application used by Tesla owners to analyze car performance. By hacking the app, Colombo was able to unlock doors, turn on and off the headlights, and control the radio. He was even able to track in real-time the location of the car.
“We have connected vehicles today that exposed multiple internet access points to the internet. There is the infotainment system, but also smart sensors and various devices connected to smart roads and smart cities,” said Francesco Pascale, solution lead of embedded IIoT and device management at Almaviva Digitaltec.
Pascale, along with Marco Lombardi and Domenico Santaniello, professors at the Department of Industrial Engineering at the University of Salerno, recently authored a study on how cyberattacks can be detected in connected vehicles. The study “Two-Step Algorithm to Detect Cyber-Attack Over the Can-Bus: A Preliminary Case Study in Connected Vehicles” was published in the ASCE-ASME Journal of Risk and Uncertainty in Engineering Systems, Part B: Mechanical Engineering. The paper highlights how connected vehicles today receive over-the-air updates, transmit diagnostic information, and provide streaming entertainment options. These vehicle-to-everything connections make many cars vulnerable to being hacked. “Some types of cyberattacks can be targeted to take possession of sensitive data, but the most dangerous ones, as seen in past years, can aim to compromise the car motor functions or, even worse, to take possession of it while driving. It is not difficult to think that autonomous vehicles can become attractive targets for hackers in the not-too-distant future,” Pascale said. Last year, the European Union Agency for Cybersecurity (ENSIA) published the Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving report, highlighting the security challenges future autonomous vehicles face and how the artificial intelligence systems can be exploited. Possible attack scenarios include tampering with the car’s computer vision, jamming or blinding the sensors, hijacking communication channels, and information disclosure. To help identify these attacks, Pascale, Lombardi, and Santaniello propose to analyze the data flow that moves via the communication channels between various electronic control units (ECUs) inside the vehicle CAN-Bus, the internal communication system. Using a two-step algorithm that first performs a spatial-temporal analysis of the data and then a probabilistic analysis, the algorithm can understand if a given stream of data in a particular time box can be considered an attack or not with a certain probability.
“This methodology has been expanded to include the recognition of real-world scenarios, such as city traffic, driving on a motorway, extra-urban roads with animals, etc., in order to have even more precision and accuracy in the analysis,” Pascale said. The current algorithm is part of the Italian patent n.102021000009548, soon extending internationally. The patent will become part of MinervaS, a startup organization creating solutions for vehicles and energy systems, promoted by the University of Salerno. The global market for automotive cybersecurity is expected to increase significantly over the next decade. The projected market value will reach $5.3 billion by 2026. Drivers want smart and connected cars, providing detailed information about their trips and entertainment while driving. Companies such as SafeRide and Synopsys offer cybersecurity suites that help protect vehicles from cyber threats. According to Pascale, dealing with cyberattacks is a delicate approach. “An immediate solution could be to exclude the node that generated the attack from the system (virtually disconnect the ECU from the CAN-Bus). However, this solution is not always applicable because, at times, it could be a node belonging to a critical system such as everything concerning the mechanics of the vehicle; if the attack is carried out while driving, this would involve a risk for the health of people at the internal of the same,” Pascale said. Another approach could be to block the vehicle to avoid possible damage automatically. However, the problem with this approach is that if the attack targets a non-critical part, blocking the car may not be warranted. According to Pascale, “the right approach would be to consider the weight of the attack with respect to the node that is attacked and evaluate the risk associated with each and on the basis of that foresee targeted actions.” As cars become smarter and more connected, cybersecurity will continue to play an essential role in vehicles and their safety.
Carlos M. González is a technology writer in New York City.
Measuring Human Trust in Robots
Robot Turns Artist's Commands to Graffiti