Car-Hacking Prototype Passes Crash Test

  /     /     /  
Publicated : 22/11/2024   Category : security


Car-Hacking Prototype Passes Crash Test


Sensor-based technology--with military drone roots--created to detect and automatically stop cyberattacks on cars.



Technology initially created for protecting US military unmanned aerial vehicles--aka drones--from cyberattacks soon will be available to help protect cars from hacking as well.
Researchers from the University of Virginia and Perrone Robotics recently completed a
pilot track-test of cyberattacks on vehicles using prototype sensor technology
 from startup Mission Secure Inc. (MSi). They simulated cyberattacks on cars that attempted to take over the braking, acceleration, and collision avoidance features of the vehicles. Perrone provided the autonomous ground vehicles for the track tests, which implemented MSis sensors in the vehicles to detect and stop the cyber-sabotage of the cars.
The technology basically monitors for anomalous behavior by a cars automated functions, and automatically corrects, for example, any malicious acceleration activity. Its based on research and technology by UVA and the Department of Defense for protecting UAVs, which MSi in turn is developing into a commercial product for the auto industry called Secure Sentinal.
As part of the test pilot, the researchers programmed a wireless key FOB to trigger the cyber attacks on the unmanned cars, which were tested both with and without MSis prototype sensors. The sensors were able to detect the attacks on those functions and automatically take back control of the vehicle function under attack.
The potential for car hacking, or hackers wresting control or manipulating networked and automated features in newer-model cars, was demonstrated two years ago by security researchers Charlie Miller and Chris Valasek who
pioneered some of the most eye-popping car-hacking research
to date. The pair purchased a 2010 Toyota Prius and the 2010 Ford Escape and tore apart the dashboards of the vehicles to learn how the various automated features were networked and run, and ultimately wrote code to control the electronics that run the steering wheel, brakes, and other functions. Last year, they published a report that evaluated the most hackable vehicles by a hacker with no physical access to the cars.
Since then, members of the security industry have been working to school the automobile industry on cyber security vulnerabilities in cars, and worries over possible car attacks have even hit home on Capitol Hill, as Sen. Edward Markey recently published 
a report
 on how cars could be vulnerable to hackers.
MSi plans to roll out a commercial version of the so-called Secure Sentinal product sometime next year, says David Drescher, CEO of Charlottesville, Va.-based startup.  Like seat belts and airbags, this would be a standard security feature in future cars, he says. Secure Sentinal sensors are 3-inch by 3-inch, self-contained processors that ultimately will communicate via the cars CANbus network and also have the option to communicate wirelessly to a Secure Sentinal management console.
MSi has been meeting with automotive OEMs, Drescher says, and two of the largest tier-1 suppliers to the automakers have been inquiring about the anti-hacking sensors. He says he and his team believe automakers will adopt a core technology such as MSis that would also be adaptable to new attack threats and techniques.
[Not all car security flaws can be patched simply -- or at all. Read
BMWs Software Security Patch A Sign Of Things To Come
.]
Chris Valasek, who heads up the vehicle security research practice at IOActive, says MSis sensor concept is interesting and would likely work. The challenge, though, is selling the carmakers, he says.
Getting them to put anything thats not theirs, or their suppliers, into their vehicles is a tough sell, says Valasek, who notes that there are other ways to detect bad behavior without sensors, such as an intrusion detection system sitting on the cars CANbus network.
Theres also the issue of different car models employing features like adaptive collision control differently, he says.
The concept is great … But adding more things that could potentially go wrong in a car will be tough to convince carmakers, he says.
Making the technology affordable and flexible enough to adjust to new forms of attack is key, MSis Drescher concurs. $15 per car for each solution is a target one former CEO of a big three automaker indicated would be feasible for an affordable anti-hacking solution in a car, he says. At some point, these features will become standard and either passed on to the consumer, or be absorbed like the cost of a seat belt and air bags.
He says his firm also has been investigating how to apply the technology to different vehicle models, and it appears to be feasible to work across different makes and models, he says, and should be replicable and scalable.
The car-hacking sensors also gather forensics information about an attack.
Barry Horowitz, chair of UVAs Systems and Information Engineering Department, led the initial DoD-sponsored research on embedded security that led to the sensor technology effort. He says securing physical systems is a bit more straightforward than securing logical systems: Cyberattacks on physical systems are much more bounded than they are on information systems, Horowitz says. There are only so many things you can make them do, and they are bound by the laws of physics ... If you go fast, your position changes a lot, for example, he notes.
Detecting malicious activity requires establishing the baseline parameters, for instance. I dont park a car at 80 miles per hour, he says. There are things you can do that are anticipatory to prevent attacks, says Horowitz, former CEO of Mitre Corp. and developer of the collision avoidance system prototype that later became the FAAs TCAS system.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Car-Hacking Prototype Passes Crash Test