The "Internet of Vehicles" (IoV) concept is widely discussed in the automotive industry. It envisions a network of cars and other vehicles interconnected through the internet, aiming to enhance transportation by introducing greater autonomy, safety, and efficiency.
IoV has the potential to help vehicles recognize obstacles, traffic congestions, and pedestrians. It could also contribute to precise vehicle positioning, potentially leading to self-driving capabilities, as well as facilitating easier fault diagnoses. This concept is already being realized to some extent through smart motorways, where technology is employed to optimize motorway traffic management.
Developing a more advanced IoV will necessitate the integration of additional sensors, software, and technological components within vehicles and the surrounding road infrastructure. Modern cars already incorporate a plethora of electronic systems, including cameras, mobile connectivity, and infotainment systems, showcasing the ongoing technological evolution in the automotive sector.
Nevertheless, certain aspects of these systems could potentially render our vehicles susceptible to theft and malicious attacks, as criminals identify and exploit vulnerabilities within this emerging technology. In fact, instances of such exploitation are already being observed.
Security circumvention Smart keys are designed to provide protection against vehicle theft. By pressing a button on the key, the car's immobilizer – an electronic system that prevents the vehicle from starting without the key – is deactivated, enabling the car to be driven.
However, a widely recognized method of bypassing this security measure involves using a handheld relay tool that deceives the vehicle into believing that the smart key is in closer proximity than it actually is.
This method involves a two-person collaboration, with one individual positioned near the vehicle and the other close to the actual location of the key, often outside the owner's residence. The person near the house employs a tool capable of capturing the signal emitted by the key fob, which is then transmitted to the vehicle.
Equipment used for executing these relay attacks is readily available on the internet for under £100, and these attempts are frequently executed during nighttime. To counteract such attacks, car keys can be safeguarded within Faraday bags or containers that block the emission of any signals from the keys.
Nevertheless, a more advanced technique for targeting vehicles is becoming increasingly prevalent. This technique, known as a "CAN (Controller Area Network) injection attack," establishes a direct link to the vehicle's internal communication system – the CAN bus.
The primary pathway to accessing the CAN bus is located underneath the vehicle, prompting criminals to attempt entry through the front lights of the car. To execute this, the bumper must be detached to insert a CAN injector into the engine system.
Criminals can then transmit counterfeit messages that deceive the vehicle into believing they originate from the smart key, leading to the immobilizer being disabled. Once access to the vehicle is achieved, they can start the engine and drive the vehicle away.
In light of the potential rise in vehicle thefts, manufacturers are rapidly exploring ways to address this latest vulnerability. One approach involves adopting a "zero trust approach," wherein all received messages are not automatically trusted. Instead, messages must be sent and verified. This can be accomplished by integrating a hardware security module into the vehicle, generating cryptographic keys to encrypt and decrypt data, as well as create and validate digital signatures within messages.
The automotive industry increasingly adopts this mechanism in new vehicles. However, retrofitting existing vehicles is not practical due to time and cost constraints, leaving numerous vehicles on the road susceptible to CAN injection attacks.
Another security consideration for modern vehicles centers around the onboard computer system, often referred to as the "infotainment system." Despite its potential vulnerabilities, its importance is sometimes underestimated, even though its compromise could have dire consequences for the driver.
For instance, attackers can employ "remote code execution" to introduce malicious code into the vehicle's computer system. In a reported case in the US, attackers used the infotainment system as an entry point to implant their code, issuing commands to control physical car components like the engine and wheels.
Such an attack can significantly impact the vehicle's functionality, potentially leading to accidents. Thus, safeguarding the infotainment system goes beyond protecting personal data, as these attacks can exploit various vulnerabilities such as the vehicle's internet browser, connected USB dongles, outdated software, and weak passwords.
Therefore, all vehicle owners with an infotainment system should have a solid grasp of fundamental security measures to thwart hacking attempts.
Balancing the benefits of the internet of vehicles – such as improved safety and enhanced recovery capabilities – with potential risks like an epidemic of vehicle thefts and insurance claims due to CAN attacks is imperative.
%20(1)-Photoroom.png)