Blog series: QAC Automotive and Robotics Quality Assurance (No. 8)

Blog series: QAC Automotive and Robotics Quality Assurance (No. 8)

QAC Automotive and Robotics (QAaR) Quality Assurance

Welcome to the eighth edition of the QAaR newsletter. In this edition, we’ll be sharing a bit of the state-of-the-art automotive cybersecurity.

Here, you’ll learn more details about the challenges and threats that a cybersecurity attack might present to the automotive domain and how quality assurance is crucial to address those issues.


QA Consultants’ Automotive and Robotics Quality Assurance Workstreams

Research and Grand Projects
Grant budgets allow for research and development of new technologies that position QAC to become a world leader in quality assurance services.

AQS (Automotive Quality Services)
Testing and Quality Assurances services exclusively developed for Automotive and Autonomous Road vehicles.

RQS (Robotics Quality Services)
Testing and Quality Assurance services exclusively developed for Robotics and Autonomous small vehicles.

Safety and Cybersecurity
Focus on developing services that adhere to ISO’s compliance verification testing automation Cybersecurity, and Connectivity standards.

Current advancements in Connected Autonomous Vehicles (CAVs) made safety and security a key factor for manufacturers. Any malfunction or cyberattack could lead to severe consequences for the driver, passengers, or others outside of the vehicle. There are several types of cyber attacks that frequently target automotive vehicles, which can be classified according to their types and entry points. Thus, in this newsletter, we will talk about some of the attack types and specific attack entry points when it comes to CAVs.

Cyber Attack Entry Point Levels

For the automotive industry, cybersecurity is related to the protection of its electronic systems, communication networks, algorithms, software, hardware, and data. Due to the connectivity of all the electronic components, this breach range encompasses an entire car. The main objective is to guard against malicious attacks, unauthorized access, and any unwanted manipulation. There are different entry points for attackers in CAVs which can be classified in levels 0 to 5.

Level 0:
This level involves interactions between sensors and drivers. Some example potential entry points are communication interfaces, debug interfaces, memory chips, etc. Also, the physical equipment
making up the car itself such as the car doors, windows, trunk, and so on are within the scope of level 0.

Every mentioned level as the potential entry point is subjected to different types of attacks such as Physical, Network, Sensors, Software attacks, etc. In this newsletter, we will only cover the first two types which are physical and network attacks.

Level 1:
This level looks at controls such as drive control, process control, safety controls, etc. Some examples of potential entry points include door control, light control, climate control, Anti-lock Braking System (ABS), Supplemental Restraint System (SRS), and Emergency Brake Assist (EBA).

Level 2:
This level looks at interfaces such as the infotainment system which communicates with levels 0-1). Additionally, the infotainment system could be a third-party application such as Apple CarPlay and Android Auto, which provide direct access to the CAN bus. Since the CAN bus allows microcontrollers and devices to communicate with each other, it is vulnerable to attacks.

Level 3:
This level assesses applications on both mobile and infotainment system interfaces. Some potential entry points are peripherals and connected devices such as rear-seat entertainment.

Level 4:
This level focuses on technologies that leverage communication channels such as those found in wireless entry points. Attackers in this level look at onboard Wi-Fi within the car, GPS, LIDAR, RADAR, and other network communication capacities as entry points.

Level 5:
In this level, attacks and entry points fall under the cloak and dagger methodology. Specifically, this deals with mismatched permission issues to access certain features on Android devices.

Level 0: Sensor interaction and driver interaction
Level 1: Controls
Level 2: Interfaces
Level 3: Applications
Level 4: Communication channels
Level 5: Cloak and dagger

Hackers use vulnerabilities that exist in some versions of Android devices to launch undetectable attacks. Passwords, pins, and all permissions could be captured leaving sparse clues.

In our next edition, we will present research that the QAaR team has completed that highlights the exposures, knowledge sharing of Connected and Autonomous vehicle cybersecurity threats, and opportunities to use advanced QA techniques. Physical attacks usually include hardware modification, node replication, physical damage, and side channels attacks. Hardware and modification hacking involves attacking the physical infrastructure of a computer and occurs at the lowest level of the vehicle. Hardware hacking may be the result of replacing, removing, or replicating components of hardware systems within a car. Replication of the physical hardware itself is called node replication. It occurs when an attacker can harm the functionality of a network or communication device by injecting a clone or replica into the environment. This type of attack may be done via a network where a car is considered a node. Attackers could
damage vehicle components or even the vehicle itself in a physical attack scenario. Other vulnerable areas include headlights, locks, and other components that may be responsible for the power windows in a vehicle. There is one type of attack which is based on the information gained from the implementation of a computer system. A vehicle may be sold to a third party (such as registered dealer), so data may be wiped or left on components of the car, which could serve as potential information disclosure vulnerabilities, privacy, and sensitive user data.

CAVs have several communication network architectures with other entities which are FlexRay, Controller Area Network (CAN), Local Interconnect Network (LIN), and Ethernet. Generally, real-time safety-critical applications use FlexRay to establish communication. FlexRay can be subjected to standard attacks such as spoofing where an attacker can create and inject requests.

Spoofing is defined as an email sent from a false sender address that asks the recipient to provide sensitive data. One of the most common attacks is the replacement of an authorized ECU program
with unauthorized and malicious programs, connecting to the CAN bus using an unauthorized device. A malicious invasion may cause the Denial of Service (DoS) attack and create messages with ID 0, which are of the highest priority, which causes the CAN bus to become inoperative.

LIN network is used to facilitate the intercommunication of the ECU, which is used to control lights, engines, air conditioning, steering wheel, seats, and doors. After CAN, it is the most subject to exploitation by malicious agents. Among the threats to LIN, the most frequent and common are Message Spoofing (criminals send messages with inaccurate information, so that vehicle communications are stopped), Response Collision (take advantage of the error-handling mechanism of the LIN), and Header Collision attacks (an attacker sends a fake header to collide with a legitimate header). Ethernet interfaces in CAVs interact similarly to the way Ethernet would react in a traditional computer network. It has a variety of attack vectors, from unused ports, MAC spoofing, and bandwidth abuse, to the more sophisticated, such as TCP hijacking, etc.

Currently, we are working with the Ontario Tech University to list all security concerns and choose specific types of attacks to focus on and build a comprehensive cybersecurity testing framework for CAVs. More information will be provided in the next newsletter.