IoT
8/15/2018
05:14 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Miller & Valasek: Security Stakes Higher for Autonomous Vehicles

Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.

No '80s-era Adidas tracksuits. No video of a hacked Jeep Cherokee slowing to a crawl from 70 mph on a highway after losing its acceleration power. No steering-wheel hijacked Jeep stuck in a muddy ditch. This time, famed car hackers Charlie Miller and Chris Valasek came purely as defenders - rather than hackers - of automobile security.

Valasek and Miller, now both principal security architects for autonomous-vehicle manufacturer Cruise Automation, at Black Hat USA last week mapped out the key issues surrounding securing this new generation of driverless cars, based on their past three years working in the self-driving vehicle industry collectively for Uber, Didi Chuxing, and now Cruise, of which General Motors is a majority owner.

"We have a unique perspective ... we've done a bunch of car hacking," Miller said in an interview in Las Vegas prior to his and Valasek's presentation. "In the last three years, it's all been all about protecting" cars from attack, he says.

His and Valasek's 2016 hack of the Jeep Grand Cherokee steering at speed was at least physically defendable, he says: Such a remote attack on an autonomous vehicle would not be. "The moment we turned the steering wheel, we [the driver] had a shot at resisting the attack. But in the future, there's not going to be steering wheels and brakes, so you're completely reliant on the car to drive itself," Miller says of autonomous cars. "So the stakes are even higher."

The goal of their driverless car security work, they say, is not about sniffing out the most or least hackable self-driving cars, but to make hacking them too much work for an attacker to bother doing. "[It's] how to make the ROI [return on investment] so low for an attacker that it's not worth doing," Valasek explains.

Among the devices they're helping secure are the tablets that serve as the human interface to the autonomous vehicles. Reducing the potential attack surface found in many of today's modern driver-run cars is a goal: if Bluetooth is unnecessary, it shouldn't be included, for example.

"There's always going to be vulnerabilities in code. So if you don't need something, take it out," Miller says. If the vehicle needs Bluetooth, for instance, it should have as few ways as possible to take data from the outside world to the car, he says.

Ethernet is the communications network infrastructure of choice for autonomous vehicles, the researchers say. And the key is isolating connected components from components that control the vehicle. "For example, the communications module should not have a direct connection to the CAN bus and should not be the same as the main compute module. Likewise, the tablets should be isolated as much as possible from more trusted components of the vehicle," Miller and Valasek wrote in a white paper they published last week.

Autonomous vehicles do come with some inherent advantages security-wise: since they're owned and deployed by a service in many cases, that provider also handles monitoring and maintenance of its fleet. The cars return to a garage each day where they get checked or fixed, and their software can be updated, while traditional cars rarely get software updates.

If a problem is detected in a self-driving car, it can be remotely powered down, or returned to the garage. In addition, the vehicles come with custom communications modules rather than a standard Web interface.

Threats

Among the possible remote threats to an autonomous vehicle, they say, are attacks on: the listening service in its communications module; remote assistance features; and on the infotainment system, for example. An attacker also could target the vehicle's fleet management service, or its software update service.

On the local side, Wi-Fi, Bluetooth, and tire pressure-monitoring systems could be targeted, as well as sensors in the vehicle. But Miller and Valasek say the biggest concern is a remote attack that could result in an attacker physically controlling the vehicle.

"We know what to do. We know what's on the line," Valasek says of their security work.

"It doesn't matter if it's Cruise, Waymo, or Uber - the hack of a driverless vehicle is bad for everybody," he says. "We want to share our thought process here. We don't want anyone to have incidents."

The new security advancements being forged in autonomous cars likely will trickle down to traditional driver cars, too. "Once [security] is in the firmware, it will be easy to do in regular cars," Valasek says.

Meanwhile, Cruise has not yet rolled out its autonomous vehicle models nor has it provided a timeframe for the release.

"We're the pre-flight [security] check," Valasek says.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/16/2018 | 10:34:45 AM
The horror of it all
Let's look a few years down the road (no pun) and we start to have self-flying commercial aircraft.  It's out there and can happen, we already have auto-pilots.  Now put terrorist into this mix and you have something awful.  Disclaimer - been there on September 11 - 101st floor of the south tower. 
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
CVE-2019-8354
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.