Connected and Autonomous Vehicle Cybersecurity Threats

Infotainment is defined as a combination of vehicle information and entertainment systems. It is becoming more and more essential as we move toward smart vehicles. It provides an audio/video interface, such as a touch screen, and a voice command option to the occupant(s). Many modern vehicles are connected to the internet via infotainment systems, which allow for interconnectivity vulnerabilities. Infotainment systems can be classified as both input attacks and software-related attacks. Infotainments typically run operating systems using Android, Integrity real-time operating system (RTOS), Linux, QNX, and Windows Embedded Automotive. Additionally, infotainment systems are often accessible via a USB connection, Bluetooth, and in some instances Wi-Fi-enabled devices.

Given the attack vectors of a typical operating system, this allows connected vehicle operating systems to be susceptible to such operating system attacks. Common familiarity with these operating systems, allow hackers to transfer knowledge from computers to vehicles. In these devices, the attack surface is significantly reduced when compared to a traditional operating system. There are many realistic potential areas of attack such as ransomware, crypto mining, keylogging, and rootkits, etc.

Firmware is a class of software designed to provides low-level control for a device’s specific hardware. Custom firmware is an unofficial new or modified version of firmware which usually is used to unlock hidden functionality or add new features to the system. Typically, hackers take advantage of such custom firmware to install or run their software. Having control over the firmware enables attackers to evade traditional security and have access to the highest levels of privilege on the device.

Firmware attacks include vulnerabilities in the firmware itself. Attacks may be a result of over the air updates used to squash bugs within the system itself and physical updates by connecting to an external device. When it comes to attacks, firmware updates for automotive control units are a potential weak spot. BIOS and newer UEFI systems are common points of firmware attacks. Firmware modification attacks are a primary area of concern. Firmware changes may affect the overall system itself. Such an attack is capable of providing false information, hiding malicious software (rootkits, modifying packets that are sent), and can be used as a staging platform for further malicious software such as dropping exploit kits.

Software attacks do not necessarily affect the vehicle itself but rather provide additional access to unlocked areas accessed through the infotainment system itself. These exposed channels provide potential entry points to the hardware access layer (HAL). Once this point has been compromised, with malicious intent, the applications may provide access to areas of the vehicle. In turn, such an attack could affect multiple layers in the CIA triad (Confidentiality, integrity, and availability) and potentially be fatal to occupants.

Through attacks such as remote injection, rootkits, malware, ransomware, or other various areas, the security application itself provides access to the infotainment system and personal data a driver or passenger creates, uploads, or stores within these applications. This information could then be leveraged for additional attacks on the user or their vehicle in the future.

Bluetooth has been used in some vehicles since 2010. Bluetooth is a networking capability used to connect a mobile device or third-party device to a vehicle’s infotainment system. There are various security auditing tools that exist which depend on the version of Bluetooth. Bluetooth 5.0 is the latest version of the Bluetooth wireless communication standard. However, it has encryption vulnerability as it is based on a 20-year-old standard.

Since Bluetooth is a widely used standard within vehicles, a close-range hack attempt can intercept data and images passed between both vehicle and mobile phone. Additionally, BlueBorne, Carwhisperer, Bloover II, blue diving and several other data leak vulnerabilities create quite a large attack surface for vehicular communications.

Another added functions to the vehicle are Wi-Fi connection which needs strong security measures to prevent any intrusions that could threaten drivers, passengers, and others. Similar to Bluetooth, Wi-Fi is a more stable and secure option when considering vehicle connectivity since it links to the internet and the capabilities of the car. However, it facilitates the potential for remote attacks. In cases where an Android phone connects to the vehicle, Wi-Fi information may be stolen if the device itself is compromised. Eavesdropping or hacking these channels has been proven possible utilizing systems such as man in the middle attack and Wi-Fi spoofing. In these cases, vulnerabilities that leverage and attack WPA encrypted networks further extend the attack surface of vehicles.

MirrorLink is one of the most popular protocols which effectively mirrors a user’s smartphone to the infotainment system. It is done through a pair of applications on both the vehicle’s In-Vehicle-Infotainment and the smartphone. These applications might have a number of programming vulnerabilities which allow an attacker to manipulate the In-Vehicle-Infotainment system. This protocol does not have a secure device pairing.

As a result, this loophole enables hackers to gain access to not only the In-Vehicle-Infotainment systems but also CAN controller, which can affect critical safety systems such as manipulating navigation instructions.

Previously only found in luxury cars, this feature has made its way into a greater number of vehicles. Passive Keyless Entry and Start (PKES) rely on bidirectional challenge-response schemes. A valid response unlocks and deactivates alarm systems, once activated the engine is then capable of starting. The passive and touchless nature of remote keyless entry provides the potential for replay attacks. Contrary to PKES is remote keyless entry (RKE), which relies on unidirectional data transmission (RF frequency oscillation) from the remote control embedded within the key.

These attacks are also susceptible to replay attacks. These are susceptible to weak cryptography keys and potential side-channel attacks.