IN-VEHICLE HACKING

Cyberattacks to the in-vehicle network can result in large-scale damage. By accessing the Automatic Emergency Braking (AEB) system, hackers can delete or change outgoing messages from the network, ultimately taking control away from the vehicle.

This can result in disturbing the traffic flow of an entire city, or worse, affecting the safety of the driver and passengers of the vehicle, threatening their lives.

Related Product

A vehicle’s internal system consists of Electronic Control Units (ECUs), which control the several electrical subsystems required for a vehicle to properly function, be efficient, and be a connected, smart car.

차량 내부통신 예

The network protocols that enable the ECUs are largely categorized into the Controller Area Network (CAN) and MOST (Media Oriented System Transport) systems.

CAN manages a vehicle’s internal communications for controlling power, direction, brakes, etc. MOST manages the systems for transmitting in-vehicle audio, video, and data via fiber-optic cables. Other network protocols like FlexRay and Ethernet govern high-capacity on-board computing.

차량 내부 통신 네트워크 프로토콜 변화

CAN is a message-based protocol, but it was not built with the intent to track the origin of messages communicated with the internal network. 

This means that the vehicle may become an unwilling, yet susceptible target for attackers. 

차량 내부 통신 흐름도 및 각 통신 설명

If an attacker were to take over an ECU, for example through infotainment, the attacker would then be able to send any message they want, thereby controlling, extracting, and manipulating data. They would be able to access sensitive information, as well as send malicious code into the vehicle.

Hackers may attempt to establish a foothold in the vehicle’s various systems by executing attacks through making changes to the memory disk, damaging the ECU functions, or infiltrating the core data storage units of the vehicle.


___________

통신을 이용한 차량 해킹 사례

Ensuring the security of a vehicle’s internal structure is of utmost importance.
If the security of the network is compromised, it becomes the ideal environment for hackers to seize control of the vehicle’s core functions like steering, braking, data collection, and network communication.

Network Infiltration Attack Cases

2010. 08    |   Message fabrication from tire-pressure monitoring system (TPMS) resulting in false activation of warning lights and announcing falsesystem failure in ECU systems
2013. 10     |   Demonstration of potential attack on vehicle's CAN bus by sending random malicious CAN packets, resulting in the yield of complete control of the vehicle's display, acceleration, and brake settings. 
2015. 02    |    Allegemeiner Deutscher Automobil-Club (ADAC) confirmed the vulnerability of BMW’s ConnectedDrive by demonstrating that it is possibleto open and close vehicle doors by sending a simple SMS text.
2015. 07    |   Vehicles with GM's OnStar system were found vulnerable regarding security of door locks and jumpstarting
2019. 03    |   Toyota had a security breach that leaked sensitive information. More than 3.1 million people were affected. Additionally, unauthorized attempts to enter the systems of Toyota's subsidiaries were detected. 

AUTOCRYPT provides complete security for the internal network of the car.

Not only does AUTOCRYPT’s security solution block malicious threats from outside the vehicle, it also monitors communications within the vehicle, responding to any abnormal or malicious activity. With its Intrusion Detection System (IDS) and essential firewall, AUTOCRYPT provides a complete, secure ECU security module for the vehicle.

security layer 자동차 보안 레이어

Find out more about our in-vehicle security solution: 

CONTACT US

PRODUCT
PR
PARTNERSHIP
INVESTMENT
OTHER
Subscribe to our Newsletter