All the knowledge you want to know about automobile information security is here!

If a hacker breaks into the vehicle network, he can control the ECU at will, or cause the CAN bus to fail by sending a large number of error messages, thereby causing the ECU to fail.

Security threats to vehicle terminal architecture

At present, each intelligent networked car is basically equipped with fifty or sixty ECUs to realize different functions of mobile Internet, even free "communication" between cars, seamless exchange of operating system ecological data, etc. Therefore, the information security of intelligent networked cars needs to consider the security issues of the vehicle terminal architecture.

Traditional in-vehicle software only needs to process the data received by the ECU through sensors or other electronic control units. However, the ECU was not originally designed to detect each CAN uploaded data packet. In the era of intelligent connected vehicles, the data it receives not only includes content downloaded from the cloud, but also malware implanted through network connection ports, which greatly increases the risk of intelligent connected vehicles being hacked.

02

Network transmission security threats

01. Certification Risk

There is no verification of the sender’s identity information, identity forgery, dynamic hijacking, etc.

02. Transmission Risk

Vehicle information is not encrypted or is not strong enough, key information is exposed, and all models use the same symmetric key.

03. Protocol Risk

Communication process disguise, disguising one protocol as another.

In addition, in the case of autonomous driving, the car will determine the driving route based on the V2X communication content. Attackers can use false information to induce the vehicle to misjudge, affect the vehicle's automatic control, and trigger traffic accidents.

03

Cloud Platform Security Threats

01. Data privacy

The data collected and uploaded to the cloud platform through the smart terminal GID or OBD device will involve the owner's vehicle-related private data. How to ensure that the user privacy information stored in the car cloud platform is not leaked.

02. Data integrity

Data integrity is the basis of Internet of Vehicles big data research. How to ensure that the integrity of user data stored in the cloud is not destroyed.

03. Data recoverability

When users access data stored in the car cloud platform, service providers need to respond to users' requests without errors. If a security attack occurs, how can service providers ensure the recoverability of erroneous data?

04

External Internet Ecosystem Security Threats

01. Mobile APP Security Threats

Hackers can directly see the interfaces, parameters, and other information of TSP (remote service provider) by reverse analyzing and mining those unprotected apps. Even if some vehicle remote control apps have taken certain security protection measures, due to insufficient security strength, hackers with certain technical skills can still easily discover the core content of the app, including the keys and important control interfaces stored in the app.

02. Information security threats of charging piles

Charging piles are important infrastructure for electric vehicle service operations. Their input end is directly connected to the AC power grid, and the output end is equipped with a charging plug for charging electric vehicles. The network composed of charging piles is called "pile network". Data and information transmitted in the charging pile network may be intercepted, stolen, deciphered, passively attacked, illegally impersonated, maliciously tampered with, and other malicious threats. Once hackers invade the "pile network" through the Internet, they can control the voltage of the charging pile and even modify data such as the charging amount at will.

If an attacker accesses the EV supply equipment and uploads malicious charge controller firmware to the charger and vehicle, the EV supply system may continue to supply energy to the EV after the EV is fully charged, which may cause damage to the EV traction battery system. By accessing the configuration files or the communication between the charger and the web server, the attacker can also obtain personal information such as billing history and customer identity.

Types of cyber attacks

• Malicious code, phishing

• Denial of Service (DOS), Man-in-the-Middle attacks

• Side channel attacks, zero-day attacks, password attacks

• GPS/GNSS spoofing, sensor spoofing

01

Malicious code, phishing

01. Malicious code

Malicious code can negatively impact the way a system operates, damage or steal data on a system, or cause a system to take actions that are within its operating parameters but harmful. Malicious code can be installed through a variety of methods, from phishing attacks to dropper attacks.

02. Phishing

Phishing attacks are one of the most common types of cyberattacks and involve tricking a user, company employee, or employee of a third-party organization into sharing a password, encryption key, or other information designed to gain access to a given computer system. In the case of cars, this could involve obtaining the password for a user's account connected to the car's services.

02

Denial of Service (DOS), Man-in-the-Middle Attacks

01. Denial of Service (DOS)

Denial of service attacks are designed to overwhelm servers with so much traffic that they crash, thus preventing them from communicating with external systems. This type of attack is often used to shut down a company's servers, particularly in other industries such as video games, where many games require players to access a company's servers in order to play. In the automotive industry, this could take the form of preventing a company from communicating with its vehicles.

02. Man-in-the-middle attack

Man-in-the-middle attacks include IP spoofing and replay attacks. The attacker intercepts the communication between two parties and can then change the content of the message/data the receiver receives. This can involve IP spoofing, for example, the vehicle attempts to connect to the server, but the request is diverted to a malicious server controlled by the attacker. Another example is a replay attack, where a valid message is maliciously repeated or diverted.

03

Side channel attacks, zero-day attacks, password attacks

01. Side channel attack

A side-channel attack involves using information "leaked" from a device's electronics to discover weaknesses and exploit them. For example, measuring electromagnetic emissions from a vehicle's ECU to discover cryptographic keys that would allow an attacker to decrypt received and sent messages/data.

02. Zero-day attack

A zero-day attack is an attack that targets a previously unknown vulnerability in a given system.

03. Password Attack

This type of attack typically involves attempting to "brute force" different possible passwords in order to correctly generate the correct password and gain access to the system.

04

GPS/GNSS spoofing, sensor spoofing

01. GPS/GNSS spoofing

An attacker can use specialized hardware to emulate GNSS signals and sense fake GNSS signals to a given receiver. This type of attack mainly causes problems in embedded navigation systems and smartphone projection systems (i.e., sending fake signals to smartphones used for navigation).

02. Sensor spoofing

This attack involves using cameras and software to display a modified image (such as a sign) to the vehicle, allowing it to operate autonomously to some degree. People usually don't notice the modification to the image, but the onboard software will interpret it as meaning something that humans can't. An example is a modification of a speed limit sign, which a human would see and interpret as a 40 kph limit, but the onboard system would interpret as 100 kph.

Safety protection technology

• Vehicle safety protection technology

• Network security protection technology

• Cloud platform security protection technology

• External ecological safety protection technology

01

Vehicle safety protection technology

01. Secure Boot Loader

The relevant ECU checks the digital signature and product key of the bootloader, as well as the signatures of other operating system files to ensure that these components have not been modified. If the system detects any invalid files, it will prevent them from running.

02. Anti-tampering mechanism

Use sensors to detect tampering (voltage or temperature sensors), delete encryption keys when physical compromise is detected, harden the enclosure (to prevent physical access), and use error-correcting memory.

03. Side-channel attack protection

Resist side-channel attacks by randomly masking the keys used in operations and by randomizing delays; and modifying the cryptographic protocol to reduce the amount of information an attacker can obtain from a side-channel attack.

04. Unique device ID

Each ECU on the network has a unique identity that is stored on the device to ensure the manufacturer knows the identity of each device and prevent devices without a known/approved identity from accessing the vehicle network and associated systems.

05. Hardware acceleration of encryption algorithms

Providing a dedicated algorithm coprocessor to handle encryption-related tasks can not only accelerate algorithm performance, but also ensure that key information is not easily leaked, and free up the host processor for other purposes.

06. Firmware Security

Firmware is securely stored to prevent disassembly and reverse engineering, and firmware can be securely upgraded.

07. Data Security