The automotive industry is experiencing a situation of uncertainty that does not favor a smooth transition. In addition to the traditional risks associated with driving or owning a car, there are now various technological revolutions to consider, such as the emergence of artificial intelligence and the impact of cybercrime. The resulting scenario is increasingly complex.
All vehicles, whether electric or not, contain numerous components that are susceptible to attack. Brakes can be locked, sensors can be altered, or proximity radars can be deactivated. The maximum speed limit can also be manipulated, as well as the car’s most private data (where it rests each night, which highway it crosses in real-time).
S2GRUPO has just prepared its Second Report on Cybersecurity in Connected Electric Vehicles, which analyzes the threats to the sector with the objectives of validating the use of a specific methodology for risk analysis development and identifying appropriate security measures to protect the availability, integrity, and confidentiality of Connected Electric Vehicles (CEV).
Limitations in traditional models
Researchers have identified the limitations of traditional industrial cybersecurity models:
Linearity in approach. Until now, risks have been evaluated individually and in isolation, without considering that industrial environments are becoming more complex and current attacks often combine several techniques and stages. This perspective is not appropriate for examining new risk scenarios.
Relationship between threats and impacts. Dangers do not usually materialize in isolation. It is often necessary to consider simultaneous vulnerabilities.
Problems in estimating probabilities. A critical risk scenario results from the combination of vulnerabilities at different levels of the system and the sequential nature of attacks. S2GRUPO proposes the Microsoft Threat Modeling Tool (TMT) methodology, which uses attack trees to calculate the probability of risk scenarios materializing, successfully tested in other mobility-related environments, such as the railway or naval sectors, and in critical infrastructures.
The TMT focuses on functional security, network segmentation, and defense in depth. The connected vehicle should not be confused with the autonomous one, designed to control its own movement without the need for a driver (it is only a small part of connected vehicles). Autonomy is possible thanks to the ability to detect environmental elements and respond independently to them, allowing circulation without human intervention.
The components of the CEV, as well as their communications and architectures, facilitate the identification of critical elements in the field of cybersecurity. S2GRUPO analysts have proven in the laboratory that attacks can exploit different entry points, such as physical intrusion, wireless access, or through diagnostic protocols.
Main threats
Unfortunately, the possibilities for attack are numerous:
- Brake locking through malicious manipulation of ABS valves, using diagnostic packet injection (UDS).
- Permanent centralized locking.
- Modification of the behavior of visible and audible sensors and actuators.
- Deactivation of proximity radar through the sending of CAN Standalone messages.
- Disabling the vehicle in motion by deactivating the EVC ECU during acceleration.
- Manipulation of eCall by modifying the emergency number.
- Alteration of the vehicle’s maximum speed limit.
- Unauthorized access to telemetry. Exfiltration of critical information, such as GPS location, speed, and vehicle status.
- Use of insecure protocols. The CAN bus (Controller Area Network) was initially designed to facilitate communication between a vehicle’s various components, but it is vulnerable to attacks that can intercept, modify, or inject messages into the network.
- Absence or low effectiveness of authentication mechanisms and protections against code modification. These mechanisms were initially designed to ensure that the software functioned correctly, but the need to protect it against malicious modifications was not considered, leaving the door open to potential attacks.
- Insufficient network segmentation. The vehicle’s network is structured to facilitate communication and data exchange between its components, but not enough segmentation measures are implemented to limit unauthorized access and contain possible threats.
- Low effectiveness in the vulnerability management process. Cybersecurity requires active and continuous management.
- Absence of mechanisms for monitoring and detecting anomalies or cyberattacks.
