Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.   IDPS for cars? Once inside, an attacker can utilize the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs). Therefore, there is no “trusted device” anymore. Everything has to be assumed to be compromised. The…

Do you actually need a security product in your car? Part 2: the classical antivirus

I wrote in the first part of this article about Detection, Protection, Remediation and I stopped at the part where we analyze what kind of security products do you need in the car of tomorrow. 1)The classical antivirus We know it to be used mostly for files. But it can much more than that. a) Files There are many files that can enter the car and can produce damages: music video updates (binary or data) scripts configuration files for various subsystems html and javascript (plain text) for rendering Java compiled files (especially if you run Android) possibly Adobe Flash (not sure though) possible Microsoft Silverlight (not sure though) PDFs (reports, help files) Emails (MIME) SMSs Plenty of files to scan, isn’t it? These files can either contain malicious code (Java, JS) or may be specially crafted to exploit known vulnerabilities. This means that there has to be a kind of file checking, so classical antivirus is definitely not dead, despite the vehement comments of some executives and marketing people that wanted to advertise their newest technologies. However, it should be kept in mind that these scanners are mostly signature based. I say “mostly” because even though there are a lot of other detection…

Let the competition for “securing the car” begin!

I didn’t actually want to write such a post, but several press releases drew my attention. So, the competition to protect the car has begun. Big players are now on the hunt for customers. But, when you talk to customers like Daimler, VW, BMW, Nissan and others, the discussions  will take a while. I will maintain the list below with technologies I see in categories. Please note that I write here only vendors that actually have a technology that mitigates threats in the cars and not just any vendor that talks generic about IoT or embedded solutions. I also exclude solutions which address only encryption and/or authentication because this is not enough to protect vehicles. Feel free to contact me if you see a vendor is not here and it should be.     Classic security vendors Company Technology Symantec Symantec Embedded Security: Critical System Protection       Newcomers Company Technology Argus Security Partnered with CheckPoint IDS/IPS TowerSec ECUShield             Vendors that have only papers: Company  Link Intel/McAfee

Do you actually need a security product in your car? Part 1: Prevention, Detection, Remediation

Note: This is going to be a somehow longer article which I will finish in a couple of related posts.   A security product is a program that Prevents that malware enters the system Detects if previously unknown malware is running on the system Remediates the actions of detected malware on the system Note that it is not mentioned *how* PDR gets implemented in practice. There are many ways to implement them and it is out of the scope of this article how this gets realized.   Back to our question: Do you actually need a security product in your car? Today, no, you don’t. But in 1-2 years the situation will change. Remember that in the automotive industry innovations need time until they reach the end-customers. Why? Read on…   The “Today” Why not today? The cars today are just beginning to become connected. It is like it was in the 80′ with the PCs: have little to no attack surfaces. They are mostly closed systems or have a single encrypted connection to a backend from which they get the data they need. the entry points in the car are: the infotainment system the ODB2 port the in-car Wi-Fi network…

More insecure software around car (in)security

As I mentioned already, anything that runs software has to abide to secure coding principles. Cars run more software than many other devices around us. And they run special software… which needs to be taken care of by other special software. And when that software is vulnerable, then you’re in trouble! Now some researchers discovered that by exploiting a zero-day exploit found in car mechanics software used to debug and fix cars sold by the Volkswagen Group. This software is built and sold by third-parties, not Volkswagen. This is not new, I already wrote an article about this: As expected: the USB Stick-like infection from PCs goes to automotive as well! The researchers said they only experimented with the exploit on an Audi TT model, but other car makes and models may be vulnerable as well, at least in theory. The attack leverages poor PC security measures, not the actual car software (source: Softpedia) The attack, as described by the three scientists, relies on infecting with a car dealership’s computers with malware which leverages this vulnerability in the car computer debug tools used by mechanics. When this tool is connected to an Audi TT to perform routine maintenance checks or fixes, the malware…

Self-driving cars and ethics: would you drive a car that would sacrifice you instead of others?

I stumbled upon this nice article with the title: Why Self-Driving Cars Must Be Programmed to Kill Not many ask this question now, but it has to be asked. How should the car be programmed to act in the event of an unavoidable accident? Should it minimize the loss of life, even if it means sacrificing the occupants, or should it protect the occupants at all costs? Should it choose between these extremes at random?   Who would buy a car programmed to sacrifice the owner? Here is the nature of the dilemma. Imagine that in the not-too-distant future, you own a self-driving car. One day, while you are driving along, an unfortunate set of events causes the car to head toward a crowd of 10 people crossing the road. It cannot stop in time but it can avoid killing 10 people by steering into a wall. However, this collision would kill you, the owner and occupant. What should it do?   What do you think? I honestly don’t know how to answer this question. But then, I am thinking to my behavior… If I would be behind the wheel in the position described in the picture above, I would probably…

As expected: the USB Stick-like infection from PCs goes to automotive as well!

Just seen this article on Wired Magazine: Car Hack Technique Uses Dealerships to Spread Malware At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch. Smith’s invention, built with around $20 of hardware and free software that he’s released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of vehicles. If a hacker were to bring in a malware-harboring car for service, the vehicle could spread that infection to a dealership’s testing equipment, which in turn would spread the malware to every vehicle the dealership services, kicking off an epidemic of nasty code capable of attacking critical driving systems like transmission and brakes, Smith said in his Derbycon talk. He called that car-hacking nightmare scenario an “auto brothel.” “Once you compromise a dealership, you’d have a lot of control,” says Smith, who founded the open source car hacking group Open Garages, and wrote the Car Hacker’s Handbook. “You could…

Where PC security and Automotive security meet

I visited yesterday the IAA in Frankfurt. IAA stands for International Automobile Exhibition and takes place every year in Frankfurt, Germany. This is the place where every year the latest cars are being presented but also the newest technologies around cars. This year it was a lot about mobility, interaction, autonomous parking and driving, interconnectivity between cars and IoT. I addressed more the car parts suppliers than the car manufacturers. For us it was more interesting to get involved in the devices that are easily and directly attackable. Things like entertainment systems, connected devices of the car, GPS devices,etc.. Challenges: Nobody from the car manufacturers or car parts suppliers wants to openly speak about security. Speaking about security is like causing “bad luck” on them. Why speaking about something that nobody wants to happen? 🙂 The most used argument by the car components suppliers was: “Why would anyone hack us/our device? They don’t have anything to gain.”   About security in the car Here is the list of things that can happen if a device in the car, or a car, is hacked: Accidents can be caused if the car detects that the speed limit is 50 KMH, a hacker…

No Image

First time in history: 1.4 mil vehicles recalled due to security issues (hacking)

Fiat Chrysler will recall 1.4 million vehicles in the United States to install software to prevent hackers from gaining remote control of the engine, steering and other systems in what federal officials said was the first such action of its kind. The announcement on Friday by FCA US LLC, formerly Chrysler Group LLC, was made days after reports that cybersecurity researchers used a wireless connection to turn off a Jeep Cherokee’s engine as it drove, increasing concerns about the safety of Internet-enabled vehicles. This is happening when you want to hit a milestone instead of doing the things right from the beginning. The costs of the recall must be very high, but they deserve it. Let this be a lesson for all those who release software just to meet targets instead of meeting customers expectations.   Read here more details: Explanation from the researchers: Jeep Hacker: ‘We wanted to show it was possible’ Reports: After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix Fiat Chrysler to recall 1.4 million vehicles over hacking Fiat Chrysler recalls 1.4 million cars after Jeep hack Once your car’s connected to the Internet, who guards your privacy?

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.