New “Internet of Vehicles” Tech Makes Carthieves Easier To Crash And Steal.
There is a significant discourse within the automobile industry around the concept of the new “Internet of Vehicles” (IoV) tech that makes carthieves easier.
This elucidates a network of automobiles and other modes of transportation that possess the capability to share information via the Internet, to enhance the autonomy, safety, and efficiency of transportation systems.
The Internet of Cars (IoV) has the potential to facilitate the detection of obstacles, traffic congestion, and pedestrians by cars. Which can be helpful depending on the geographical location.
The implementation of this technology can enhance a vehicle’s road placement, potentially leading to autonomous driving capabilities, as well as facilitating more efficient defect diagnosis.
The implementation of smart motorways is currently underway, employing advanced technologies to optimize the management of traffic flow on motorways.
To enhance the Internet of Vehicles (IoV) system, a higher level of sophistication necessitates the installation of more sensors, software, and other technological components within both vehicles and the surrounding road infrastructure.
Modern automobiles are equipped with an increasing number of electronic systems, encompassing features like cameras, mobile phone connectivity, and infotainment systems (which we shall get more in-depth about later).
Nevertheless, it is important to acknowledge that certain technologies may render our vehicles susceptible to theft and malicious attacks, as malevolent individuals find and subsequently exploit weaknesses within this emerging technology. Indeed, this phenomenon is currently being observed.
The Security Flaw
Smart keys are designed to provide security measures for contemporary automobiles, with the primary objective of preventing theft. To enable the operation of the vehicle, the user must activate a button located on the key, therefore deactivating the car’s immobilizer.
The immobilizer, an electrical mechanism designed to safeguard the vehicle from unauthorized ignition, prevents the automobile from being started in the absence of a corresponding key.
However, a commonly employed method to circumvent this security measure involves the utilization of a portable relay device, which deceives the automobile into perceiving the proximity of the smart key to be closer than its actual distance.
The process entails a collaborative effort by two individuals, with one positioned near the vehicle and the other in proximity to the location where the key is located, such as outside the residence of the vehicle’s owner. The individual near the residence employs a device capable of intercepting the signal emitted by the key fob, then transmitting it to the automobile.
Relay devices utilized for executing such illicit activities can be readily procured online at a cost below £100, and the perpetration of such acts is frequently undertaken during nocturnal hours.
To mitigate potential risks, it is possible to employ Faraday bags or cages to enclose automobile keys, therefore effectively obstructing any signal transmission originating from the keys.
Nevertheless, there is a growing trend toward the adoption of a more sophisticated approach to targeting automobiles. This type of attack is commonly referred to as a “CAN (Controller Area Network) injection attack.” It operates by establishing a direct connection to the internal communication system of the vehicle, known as the CAN bus.
The primary pathway to the Controller Area Network (CAN) bus is located beneath the vehicle, prompting criminals to attempt unauthorized entry by targeting the front lights of the automobile. To do this task, it is necessary to detach the bumper to facilitate the insertion of a CAN injector into the engine system.
Subsequently, the perpetrators possess the capability to transmit counterfeit messages that deceive the automobile into perceiving them as originating from the smart key, so rendering the immobilizer inoperative.
After successfully obtaining entry into the vehicle, individuals can initiate the engine and proceed to operate the vehicle in motion.
The zero-trust approach is a security framework that challenges the traditional notion of trust within a network.
In light of the probable emergence of an epidemic in vehicle thefts, manufacturers are actively exploring novel strategies to promptly address this newfound vulnerability.
One option that can be employed is the implementation of a “zero trust approach,” which entails exercising caution and refraining from placing faith in any communications received by the car. However, it is necessary for these messages to be transmitted and authenticated.
One potential approach involves the installation of a hardware security module within the vehicle. This module operates by producing cryptographic keys that facilitate the encryption and decryption of data, as well as the creation and verification of digital signatures within the transmitted messages.
The automotive industry is progressively adopting this system in newly manufactured vehicles. Nevertheless, the integration of this technology into current vehicles is not feasible from a practical standpoint, mostly due to the constraints of time and expense.
Consequently, a significant number of automobiles on the road continue to be susceptible to potential attacks via Controller Area Network (CAN) injection.
What About The Infotainment?
An additional security concern pertaining to contemporary automobiles involves the presence of the onboard computer system, commonly known as the “infotainment system.” The system’s potential vulnerability is frequently disregarded, despite its potential to result in severe consequences for the driver.
An instance of concern involves the potential for malicious actors to exploit “remote code execution” as a means to transmit harmful code to the computer system of a vehicle. In a documented instance within the United States, the infotainment system was exploited as a means of ingress for the assailants, enabling them to introduce their own programming code.
The user-issued commands to manipulate the actual components of the vehicles, including the engine and wheels.
An assault of this nature possesses the capacity to impede the operational capabilities of the car, thereby leading to a collision. Consequently, it is imperative to acknowledge that the issue at hand extends beyond safeguarding the personal data housed within the infotainment system.
Attacks of this sort have the potential to exploit numerous weaknesses, including the internet browser of the vehicle, USB dongles that are connected to it, software that requires updating to safeguard against known attacks, and passwords that are poor in strength.
Hence, it is imperative for individuals operating vehicles equipped with infotainment systems to possess a comprehensive comprehension of fundamental security processes that can effectively safeguard them against potential hacking endeavors.
The potential for an outbreak of vehicle theft and subsequent insurance claims resulting from Controller Area Network (CAN) assaults is a disconcerting proposition.
It is imperative to strike a harmonious equilibrium between the advantages offered by the Internet of Vehicles, such as improved road safety and greater vehicle recovery capabilities, and the possible problems associated with its implementation. New “Internet of Vehicles” tech makes carthieves easier with each passing day.
With all of this new tech, there is more room for remote attacks to become prevalent.