2018, the entire automotive industry is talking about intelligence and networking, but there are not many discussions about the big problem that arises with intelligent cars: information security issues.
Today’s two protagonists are the globally renowned white-hat hackers and top security experts, Charlie Miller and Chris Valasek, who are currently the chief security architects of the General Motor’s Cruise self-driving car. How strong is their resume?
- In 2012, Miller and Chris began researching the CAN bus protocol of Toyota Prius and Ford Escape models.
- At the end of 2013, they hacked the Uconnect infotainment system of Jeep models and also hacked Cadillac Escalade and Infiniti Q50.
- In 2014, the attention of the two turned back to the Jeep Cherokee models, starting to crack the CAN bus protocol.
In 2015, Miller and Chris jointly accomplished a great event that shocked the automotive industry.
They used the vulnerability of the Uconnect infotainment system and implanted a virus into the firmware of the Cherokee model, sending instructions to the CAN bus to control the car. They hacked into the ECU system through the OBD interface, taking over the acceleration, brake, and steering of the car remotely.
Finally, the Jeep’s parent company FCA Group spent millions of dollars recalling 1.4 million vehicles worldwide for upgrades.
On December 18, Miller and Chris attended Tencent Auto’s 2018 Global Auto AI Conference and gave a speech, and we communicated with Miller, Chris, and Tencent Keen Security Lab Director Lu Yiping after the conference.
## Cohen Lab
We are relatively familiar with Cohen Lab, a young laboratory established in January 2016, which has intruded on Tesla Model X for two consecutive years. In 2018, Cohen Lab infiltrated three major modules, including Head Unit, T-Box, and Central Gateway, of BMW’s infotainment system, involving i Series, X Series, 3 Series, 5 Series, 7 Series, and so on.
Question: Has the entire automobile industry been increasing its emphasis on automobile safety since 2015?
Miller: From some informal conversations with our automotive manufacturer partners, we can see that there are indeed big differences now. They are doing a lot of research, listening to more opinions, and investing more budget in automotive safety. We cannot say for sure, but judging from our informal conversations with many engineers, there are currently significant differences.
Chris: At the beginning of our work, the car companies did not even set up a public email address specifically for receiving relevant (safety) issues, and you wouldn’t even know who to contact if you found a safety problem with their car. So, this is indeed progress.
Question: Autonomous driving cars can be classified as being either primarily dependent on on-board sensors or V2X technology for driving intelligence. What are the differences in terms of safety between these two technological paths?
Miller: I think there are two levels of problems here, one is engineering design – whether the design meets the requirements, and the other is safety. For engineering design, it is certainly better to have more information, but we don’t have that many roadside sensors – at least in the United States. So, the only way we can achieve this is by using on-board sensors and radars to make the car more intelligent, applying more technology.
Chris: In terms of safety, we have always been concerned about communication with the outside world, because this (stability) depends on the outside world. For example, the code of the other party may be incorrect, so incorrect data may be transmitted between each other.
Miller: If your car relies more on input from roadside information or other sensors from traffic lights or external environments, then your car cannot block the entry of incorrect data transmission.
So from a safety perspective, we still hope that cars can be more independent, to ensure safety as much as possible. Chris also mentioned safety earlier, such as the iPhone, which is very safe, so we hope that cars can also be like the iPhone. Being able to achieve complete autonomous driving and being less dependent on external input, because this is relatively safer.Question: From Uber to Didi to Cruise, from the travel platform to the OEM, has your work and approach to automotive cybersecurity changed?
Miller: Of course it has. At Uber, we used Volvo cars and our influence on the models was limited. If we wanted to modify any functions on the car, we could suggest it to them, but they could choose to ignore us.
Now that we’re working with General Motors, we’ve become their department and our collaboration has become tighter. We can directly suggest modifications to them, and our relationship has become closer.
Chris: Before, we only offered safety function suggestions to manufacturers. But now we can communicate directly with GM’s project engineers to design our functions directly into the car, instead of just submitting suggestions. This approach is more effective.
Lyu Yiping: We used to work on engineering work with OEMs, but now we’re directly connecting with the car’s R&D process. This enables us to directly incorporate security capabilities, which is also now a requirement for the OEM’s engineers.
Miller: For travel platforms, there is a lot of potential in enhancing safety as the car manufacturing process is long. The cars we bought in 2018 were designed 5 years ago, so the safety technology used in them is 5 years old.
However, the new car technology software we’re designing is the latest. So we can offer the latest security technology, which clearly means we can do more.
Chris: This is closely related to “relationships” which are within your organization, not from external OEMs or automotive parts suppliers. So if the relationship is closer, the time used and efficiency will be higher.
Question: A Chinese new-car maker said their models are equipped with independent security chips. What is an independent security chip, and how important is it in automotive security technology?**
Miller: We refer to it as a Hardware Security Module (HSM) or Trusted Hardware Module. We frequently use this technology. We store the key in a hardware location, and we can access it at any time. Even if hackers enter our system, although they may be able to use the key, they cannot take it away. So we are indeed able to take advantage of this feature.
Sometimes it can be an independent chip or it can be Trusted Execution Environment (TEE) technology. One problem is that the independent hardware chip is not perfect, so it can still be hacked, but it is just more difficult to do so.
Chris: It’s just a bit more expensive.# Lv Yiping:
Even if you have a security chip or a chip with security functions, it does not mean that it cannot be hacked. It just means that the cost of the attack may be much higher. Security research and analysis have penetrated from the software level to the hardware level. Therefore, the cost and time of the attack may be high. But it does not mean there are no problems.
As mentioned earlier, the issue of automotive information security is becoming more and more important. Lv Yiping introduced that many car companies have increased their investment in this area.
In the Internet field, an unwritten rule is that large companies will have a security emergency response process and mechanism, and there are channels for external communication. When the outside world discovers system vulnerabilities, companies will have corresponding bonuses and incentives.
Today, Tesla, FCA, Nissan, Audi, and GM all have similar emergency response mechanisms and incentive plans. In addition, Lv Yiping mentioned that BMW has invested heavily in automotive security and has done a lot of work, “should be in the top 5% of the (industry).”
In fact, after submitting security vulnerabilities to the Cohen laboratory, Tesla awarded the Cohen laboratory $40,000 and included the Cohen laboratory in Tesla’s security research hall of fame. Elon Musk personally sent a letter of thanks to the Cohen laboratory.
After the Cohen laboratory submitted the vulnerability mentioned above to BMW, BMW stated that the research was “the most comprehensive and complex test of BMW’s vehicle conducted by a third-party organization so far.” BMW awarded the Cohen Security Laboratory the “BMW Group Digital and Information Technology Research Award.”
How should car companies strengthen their information security layout? According to Cohen Labs’ statistics, about 45% of the problems with unsafe models on the market are related to unsafe technical architecture, and 55% are code problems. 45% came from an unreasonable design of the security architecture itself. Security was not considered sufficiently in the design.
Therefore, strengthening security design or strengthening security code are both very important. Looking forward to the performance of Chinese car companies.“`
“`
This article is a translation by ChatGPT of a Chinese report from 42HOW. If you have any questions about it, please email bd@42how.com.