The security behind: Cars

Posted on 2024/01/25 by Felix

In this episode we see that while car hacking is a well-known issue in the cybersecurity community, many people are unaware of the digital fragility of today’s vehicles and the extensive attack surface they present.

Felix explores various motivations for hacking cars, ranging from targeting public figures for eavesdropping or disruption, to stealing high-end cars, to accessing the contents of a vehicle. He mentions more complex motives like environmental extremism or cyberterrorism, where the goal might be to cause widespread disruption. He also speculates about the use of cars as tools for mass data collection, though he deems this unlikely due to the effort involved compared to existing methods.

The podcast delves into the different attack surfaces of cars. These include user and mechanic facing equipment like keys and diagnostic ports, components interacting with the external environment like cameras and sensors, and internet-connected features such as navigation updates and emergency services. Felix acknowledges that while some might consider these risks theoretical, there have been practical demonstrations of car hacking. He cites examples, including hobbyist devices tracking cars through tire pressure monitoring systems, and reports of foreign entities modifying cars to track movements.

Felix highlights a significant event in the field of automotive cybersecurity: the first Pwn2Own automotive competition in Tokyo, where security researchers demonstrate exploits for vulnerabilities in cars. The competition is divided into categories such as Tesla-specific challenges, in-vehicle entertainment systems, electric vehicle chargers, and automotive operating systems.

The podcast focuses on the CAN bus system used in cars, a network protocol connecting various car components. Felix explains its lack of authentication, making it vulnerable to attacks where any device can imitate another. He also discusses the evolution of car networking from a single CAN bus to multiple networks, which has inadvertently improved security by limiting the attack surface.

This entry was posted in Uncategorized. Bookmark the permalink.