Welcome to the Pirate Tea House, everyone, I am the Pirate.
Preface
There are many names for cars that can go online, such as networked cars, connected cars, intelligent connected vehicles. Don't be confused; at the end of the day, they are all cars with network connectivity. When it comes to the safety of connected cars, I will统称为 vehicle safety. If you have read more materials, you will find that vehicle safety actually has two parts: safety and security. You can understand them broadly as the difference between non-networked and networked safety. The vehicle safety we will talk about later all refers to network-related safety, that is, security. The articles in this column may mostly be related to vehicle safety. If there are occasionally some other topics, don't be surprised, as it's a teahouse! There's tea, there are melon seeds, and there may even be crosstalk.
Short History of Vehicle Networking
The Weak Network Car Era
With the traditional vehicles adapting to the trend of adding network functions in recent years, it seems that overnight, cars without internet connectivity are not ashamed to go out. When you buy a car, the salesperson at the 4S store will also talk about the network function as a selling point. But in fact, the history of vehicle networking can be traced back many years. In 1996, Cadillac's three models were equipped with onstar, and for a period of time, some cars already had network connectivity, but the design at that time was mainly for collecting vehicle operating status information to help owners understand their vehicle conditions, etc. This era can be called the Weak Network Car Era. One reason is the limitations of communication infrastructure, and the other is the limitations of networking technology and demand. After the communication infrastructure improved, that is, after the network speed was improved, more and more needs began to be realized in the form of the network, such as remote vehicle start-up.
The Era of Networked Cars
While the networked cars we are familiar with actually started around 2013, car manufacturers began to think about how to add more applications to enhance the functionality of the car's onboard system in order to improve the quality of their cabins, especially after the large screens of Tesla cars appeared, and the trend of larger screens in car on-board systems emerged. After they became larger, car manufacturers started to consider adding more applications to increase the functionality of the car's onboard system. In addition, with the popularization of domestic 4G networked connectivity and the rapid development of mobile applications, it has become possible for the car's onboard system to have functions beyond the basic music and video playback (Audio, Video), navigation (Navigation), such as online music playback software, and other online services. This gradually formed the networked cars we know today. When vehicles join the network, various attacks that were originally on the network are also brought in.
Attack surface of connected vehicles
Although connected vehicles introduce attacks from the network when they connect to the network, but don't think that vehicle security is just a network security issue. From the perspective of usage scenarios, it is roughly clear which attack surfaces there are.
Contact
When using the vehicle's onboard system, the HMI (Human-Machine Interaction Interface, which can be understood as the system UI interaction interface of the onboard system) is the most common attack entry point. Take a simple example of an HMI attack: the CMD interface of various ATM or self-service machines in shopping malls that appeared a few years ago is a typical example of an HMI attack. Looking further back, the 3389 input method intrusion in Windows can also be categorized into the scope of HMI interaction. The typical feature of this type of attack is that it relies only on the existing interface and functions, and bypasses the limitations of HMI through some special methods to achieve direct interaction with the system. Secondly, there are common USB interfaces and OBD interfaces. OBD may not be well understood by many people, detailed information can be searched for independently. In simple terms, OBD is an external interface that can directly interact with the CAN network, usually used by 4S shops for vehicle status diagnosis or extraction of CAN information. USB is no exception, it is the USB interface on our computers and other electronic devices, usually used to provide users with an external storage or interaction channel with the system.
Near-field
Near-field and remote belong to a set of reciprocal descriptions. Near-field refers to a state where the vehicle is relatively close but not physically in contact. Remote refers to a state where it is physically invisible. By understanding the definition of near-field, one can roughly imagine what kinds of attack surfaces there are. Common near-field interaction methods include WIFI, Bluetooth, NFC, radio, etc. These can all be classified into the attack surface of near-field. With the introduction of functions such as autonomous driving and assisted driving, various sensors such as radar and cameras are integrated into the vehicle, which also introduces some less common near-field interaction methods, which also bring safety risks.
Remote
At first glance, the attack surface of remote attacks may seem relatively small, because it seems that there is only one network channel, that is, the GSM/4G network. However, in addition to this network channel, there are actually hidden attack surfaces on the other end of the network channel, such as mobile applications, vehicle manufacturers' service platforms, and vehicle application service platforms. In addition, GPS also belongs to the category of remote attack surfaces. However, there are also classification methods that include GPS in the category of near-field attack surfaces.
QA
Since the content to be introduced below is quite scattered and disorganized, it is not very easy to summarize. Therefore, using the QA method would be better.
How did I start? Do I need a car to begin with?
The ideal situation for researching vehicle security is not only to have one car but also to have a laboratory environment with several vehicle modules, which is what is called a test bench. In the laboratory environment, various issues are studied, vulnerabilities are exploited, and effects are verified, and finally, overall or final effect verification is carried out on the real vehicle. Researching vehicle security requires a lot of knowledge reserves, such as binary analysis, business security, network protocol analysis, mobile security, system analysis, CAN network analysis, etc. It is obvious that it is actually very difficult for one person to master all of them, which is why vehicle security is not as common as web security. However, this does not mean that individuals cannot conduct research on vehicle security. In 2019, I did a summary of the 2018 connected car attack events. According to the results of the summary, among the 12 attack events, teams accounted for 5 times, individuals accounted for 7 times; whole-vehicle attack events accounted for 3 times, attack on car keys 2 times, attack on car machines 3 times, attack on TSP 2 times, and attack on APP 2 times. However, among the 12 attack events, only 3 achieved root car machines. The other 9 times achieved varying degrees of body control (such as door opening and closing). From the above data, it can be seen that although the research directions are different and the investments are different, individual research can also achieve good results to a large extent. Such as car machines (system security), TSP (web security), APP (mobile security), car keys (wireless security) all belong to the research areas that individuals can invest in.
2. How to define whether the goal of vehicle work is completed? How to choose a research direction?
To answer this question, it is necessary to first understand the internal functional division of the vehicle. I am accustomed to dividing the internal network of the vehicle into 3 sub-domains. They are the entertainment domain, body control domain, and power control domain.
Entertainment domain
This refers to the multimedia part. For example, the car machine is an important component of the entertainment domain. It only completes the functions of providing entertainment-related or vehicle-related information to the people inside the vehicle.
Body control domain (comfort domain)
Including common network transmission control modules (usually called Tbox or TCU). Mainly includes common functions such as remote switching of doors and windows and remote acquisition of vehicle information.
Power control domain
Including CAN networks and various small electronic control modules (ECUs) on the network. This part will implement controls for operations such as acceleration, braking, and steering.
After understanding the vehicle network, it can be seen that there is a significant difference in the results between only implementing attacks on the entertainment domain (such as root car machines) and attacking the power control domain. The latter can directly affect the safety of the people inside the vehicle, while the former even cannot cause a significant impact on the vehicle. At present, most of the attack cases observed are concentrated in the body domain, and attacks on APPs and TSPs basically belong to attacks on the body control domain. After understanding the above distribution, analyze the specific business functions of the vehicle (go to the 4S store or download the vehicle's manual), and according to your own technical reserves, you can choose your own research direction.
What should I do if I have other questions?
Please pay attention to the follow-up articles in this column. :)
评论已关闭