Remote control in 3 minutes! How to ensure the safety of intelligent driving?-EEWORLD

Collect

On October 24, 2024, at the GEEKCON conference, a security team demonstrated how to crack the protection system of a smart car through a live demonstration, unlocking and starting the vehicle using remote control . The demonstration revealed the potential cybersecurity risks of smart cars in the Internet of Vehicles system and aroused great attention from both inside and outside the industry to the security of smart cars. The problems revealed by the incident show that with the rapid development of smart cars and Internet of Vehicles technology, the cybersecurity issues of cars are becoming increasingly serious.

Event review: Internet of Vehicles security vulnerabilities exposed

At the GEEKCON hacker conference, the organizer arranged a smart car for a live demonstration. The referee first physically locked the vehicle and sent the vehicle identification number (VIN) to the hacker challenger on the scene. The VIN is like the ID number of the car and can be easily obtained on the windshield of most vehicles. In just three minutes, the hacker team completed the remote unlocking and even successfully started the smart car through simple computer operations. This process exposed the serious loopholes of smart cars in network security.

The incident makes people wonder whether the chassis number, as a key vehicle identity information, was used by hacker teams as the key to intrusion. Although the chassis number is public and easy to obtain, it should not be the only identity identifier for controlling a car. If car companies only rely on this public information in the security mechanism of the Internet of Vehicles without further encryption and authentication, it will provide hackers with an attack entry point that cannot be ignored.

Analysis of common attack methods for smart cars: near-field attack threats

The remote control problem exposed by this hacker demonstration is not the only cybersecurity challenge facing smart cars. As smart cars become more popular, hacker attack methods are constantly being innovated, and near-field attacks are one of the more common and risky attack methods. The so-called proximity attack refers to an attack carried out by hackers using wireless communication technology within a short distance, usually including Bluetooth , Wi-Fi, infrared (IR) and near-field communication ( NFC ).

1. Bluetooth Attack

Bluetooth is an important tool for smart cars to connect with smartphones and external devices. Once hackers can bypass Bluetooth encryption authentication, they can use signal hijacking technology to read, manipulate or tamper with the communication content between the owner and the vehicle around the vehicle. The keyless entry system of some models may use Bluetooth for verification, and hackers may intercept and copy the signal through relay attacks to unlock the vehicle.

2. Wi-Fi hijacking

Many smart cars are equipped with in-car Wi-Fi functions, which makes it easy for users to connect to the Internet in the car . However, this also brings certain security risks, especially in public places. Hackers can establish a connection with the vehicle through phishing Wi-Fi hotspots, disguised as legitimate networks, etc., and then sneak into the car system, steal data, and even issue malicious control commands.

3. Near Field Communication (NFC) Vulnerability

Near-field communication technology is widely used in smart car payment systems and short-distance connections within the car, but it is extremely vulnerable to unauthorized attacks. For example, hackers can establish a fake NFC connection to communicate with the vehicle and transmit malicious programs to the vehicle system, which in turn causes more serious security issues. These attacks show the weaknesses of smart cars in wireless communications: insufficient encryption standards, loose protocol verification, and loose signal isolation, which allow hackers to easily break through the defense line with the help of wireless technology . This hacker demonstration also further shows that any public vehicle identifier in the Internet of Vehicles system should not be used as the only source of control signals , otherwise it will open the door to malicious attacks.

Smart car Internet of Vehicles security status and industry challenges

The development of smart cars is in full swing. Internet of Vehicles technology, as its core pillar, connects vehicles, smart phones, home appliances and even transportation facilities. However, security issues have always been an obstacle for smart cars on the road to the "future."

1. Weak network security design

At present, the network security system of most smart cars still remains in a single-layer architecture, and there is a lack of an effective isolation layer between the vehicle's internal control system and external communication system . Once hackers obtain the vehicle's external network control authority through the Internet of Vehicles, they can use this authority to manipulate the vehicle's core control system, threatening the safety of the driver and passengers. In addition, the Internet of Vehicles system lacks a layered security protocol, and many sensitive instructions such as vehicle unlocking and starting are still transmitted in an unencrypted or low-encrypted manner, providing hackers with a huge attack space.

2. Unmanned driving Combination of technology and cybersecurity issues

As driverless technology is gradually implemented, vehicles are increasingly dependent on network signals. If vehicles lack the ability to identify and filter the source of received signals, driverless systems will face huge safety risks. Currently, most driverless systems rely heavily on external signals (such as navigation and road condition data), and lack detection and isolation mechanisms for malicious signals in the system. Therefore, once an attacker successfully invades an driverless system, they may directly interfere with the vehicle's driving trajectory, seriously threatening public transportation safety.

3. Lack of standardized guidance in security system construction

Although major automakers have gradually realized the importance of Internet of Vehicles security, a unified security standard has not yet been formed in the industry. Each automaker has different Internet of Vehicles architecture, encryption measures, and verification mechanisms, which makes it difficult to form an effective unified defense when dealing with cyber attacks . In addition, some automakers have a "formalism" problem in the construction of their security systems, that is, they simply stack them up to meet certain tests or certifications, rather than truly protecting the entire process. Such a security system is difficult to resist complex cyber attacks in actual applications, and may even become a channel for hackers to invade.

Suggestions for building a security system for smart car networking

In order to effectively respond to the increasingly complex security threats posed by the Internet of Vehicles, automakers need to establish a comprehensive and systematic security protection system.

1. Layered architecture design and layered defense implementation

Automakers should adopt a layered defense concept and establish "multiple lines of defense" in the Internet of Vehicles system, with independent identity authentication and encryption mechanisms between each layer. Specifically, the Internet of Vehicles system can be divided into an external communication layer, a command processing layer, and a core control layer. A strict authentication and filtering mechanism should be set up in the external communication layer to ensure that all commands entering the vehicle system must pass multiple identity authentications, reducing the direct threat of external commands to the core control system.

2. Strengthen encryption and identity authentication mechanisms

Improve the encryption standard of vehicle communications to ensure data security during transmission . Mechanisms such as two-factor authentication and dynamic keys can be used to prevent attackers from gaining control of the vehicle through a single identifier (such as the vehicle frame number). In the future, multiple authentication methods such as biometrics and smart cards can even be used to ensure that only legitimate users can access the vehicle's control system.

3. Strengthen the security of wireless communication protocols

In the selection and implementation of wireless communication protocols such as Bluetooth and Wi-Fi, smart cars should give priority to using protocol versions with high security levels and fewer vulnerabilities, and at the same time add protocol verification and encryption measures at all stages of wireless communication to ensure that any communication connection is strictly authenticated. In the future, car companies can consider using isolated signal communication, that is, automatically shielding or interrupting other unnecessary signal connections when key instructions are transmitted, to reduce the possibility of being exploited by hackers.

4. Promote the integration of unmanned driving technology and safety protection technology

The popularity of driverless technology makes smart cars more dependent on external signals, and car companies need to ensure that vehicles have intelligent self-detection functions. The concept of "safety sandbox" can be introduced in the autonomous driving system . After identifying malicious signals, malicious instructions are isolated in the sandbox to ensure that the core system is not affected. In addition, it can be combined with artificial intelligence algorithms and machine learning models to analyze and identify external signals in real time, and automatically screen and block potential risk signals.