Cybersecurity for connected automation vehicles is related to the protection of its electronic systems, communication networks, algorithms, software, hardware, and data. There are several types of cyber-attacks commonly performed on automotive vehicles, which can be classified based on their types and entry points.
Types of cyber attacks
Among these are physical devices used to attack the vehicle. The following are some examples:
When a computer’s physical infrastructure is attacked, hardware hacking and modification occur. Hardware hacking can also occur as a result of replacing, removing, or replicating components of a car’s hardware systems.
Node replication entails replicating the physical hardware. When an attacker compromises the functionality of a network or communication device by injecting a clone, or replica, into the environment, this occurs. This type of attack could be carried out through a network in which a car is considered a node
Physical damage refers to the destruction of vehicle components as well as the vehicle itself. This potential attack has the potential to cause physical damage to a vehicle by damaging headlights, locks, and other components that may be responsible for a vehicle’s power windows.
Side channels are based on data obtained from the implementation of a computer system that allows direct access to the vehicle in service. When a vehicle is sold to a third party (such as a registered dealer), data may be wiped or left on components of the vehicle, potentially exposing information disclosure vulnerabilities, privacy, and sensitive user data.
The term “sensor” refers to any component of a connected vehicle that receives data, not just sensor components such as oil or oxygen sensors. The following are some examples of sensor attacks:
USBs, SDs, external drives, and mobile device chargers are examples of potential inputs that could broaden the attack area.
Radar attacks are typically classified as sensor jamming, denial of service, spoofing, and interference. Attacks in these categories may result in situations similar to those seen in LiDAR.
The controller area network (CAN bus) enables microcontrollers and devices within the vehicle to communicate with one another. Signal injection, physical device disruption, spoofing, and other attacks on these devices are possible.
CDs are commonly used to play music, but it is possible to embed code in music files so that when a CD is played, the corrupt codes are transmitted to the CAN bus, allowing the cyber attacker to gain access to the vehicle and execute commands on ECUs.
Light detection and ranging (LiDAR) sensors send out light pulses and time how long it takes for the light to return after bouncing off surfaces. LiDAR in a vehicle is commonly used for collision avoidance, adaptive cruise control, and object recognition. Typical attacks on these systems include providing false information to the LiDAR data algorithms, spoofing, and a denial-of-service attack (DoS). DoS is a type of cyber attack that attempts to disrupt the device’s normal functionality.
Software attacks are programs that are designed to intentionally harm or misuse a system. Examples of such attacks include:
Firmware is software that provides low-level control over the hardware of a device. These attacks take advantage of vulnerabilities in the firmware itself. Attacks may occur as a result of updates that conceal malicious software. Attacks can be carried out over the air or by connecting to an external device within the system.
Integrated & Third-Party Applications
Software attacks do not necessarily harm the vehicle, but rather provide additional access to areas that have been unlocked, typically via the infotainment system. Rogue (using computer malware to trick users), malicious, and compromised applications are commonly used in attacks.
Android, Integrity real-time operating system (RTOS), Linux, QNX, and Windows Embedded Automotive are common operating systems used in infotainment. Potential attack vectors include ransomware, crypto mining, keylogging, and rootkits, among others.
Wireless (Bluetooth, WiFi, and Remote Keyless Entry) or In-Vehicle Network (FlexRay, CAN, LIN, and Ethernet) communications could be used to launch network attacks.
Controller Area Network (CAN)
Malicious agents frequently target CAN. One of the most common attacks is the substitution of an authorized ECU program for an unauthorized and malicious program, as well as the use of an unauthorized device to connect to the CAN bus. A malicious invasion may cause a DoS attack and generate messages with ID 0, which have the highest priority, rendering the CAN bus inoperable.
Local Interconnect Network (LIN)
The LIN protocol is used to facilitate ECU intercommunication, which is used to control lights, engines, air conditioning, steering wheels, seats, and doors. After CAN, LIN is the network most vulnerable to attack by malicious agents. The most common and frequent threats to LIN are Message Spoofing (criminals send messages with incorrect information, causing vehicle communications to stop), Response Collision (using the LIN’s error-handling mechanism), and Header Collision attacks (an attacker sends a fake header to collide with a legitimate header).
FlexRay is an automotive network protocol that aids in the management of on-board systems. This network is vulnerable to common attacks such as spoofing, which allows an attacker to create and inject requests. Furthermore, FlexRay is vulnerable to DoS attacks.
Ethernet has a wide range of attack vectors, including unused ports, MAC spoofing, and bandwidth abuse, as well as more sophisticated attacks such as TCP hijacking, etc.
Bluetooth networks enable cyber attackers to intercept data and images transmitted between a car and a mobile phone. BlueBorne and Carwhisperer are two examples of Bluetooth network attacks. BlueBorne is an attack vector in which hackers use Bluetooth connections to gain complete control of targeted devices. Carwhisperer is a hacking technique that attackers can use to compromise a hands-free Bluetooth in-car system and connect it to a Linux system.
When it comes to vehicle connectivity, WiFi is a more stable and secure protocol than Bluetooth. It does, however, have its own set of attack vulnerabilities. Man-in-the-middle attacks (or attack hijacking) and WiFi spoofing are two examples of such attacks. The attacker intercepts communications between two parties in a Man-in-the-middle attack. WiFi spoofing is carried out via an open network or public free WiFi networks, in which the user who joined the WiFi network is prompted to login to a spoofed page.
Remote Keyless Entry
There are two ways to communicate with Remote Keyless Entry. The communication in passive keyless entry and start (PKES) is based on bidirectional challenge-response schemes, which allows for replay attacks. The communication in remote keyless entry (RKE) is based on unidirectional data transmission from the remote control embedded within the key. Side-channel attacks are possible with either type of communication.