Security of connected vehicles by Synacktiv


As the automotive industry continues to produce increasingly con-nected vehicles, a new range of risks and security concerns arise. Some of these risks exist since years but are now taking a new dimension as
car technologies evolve. As early as 2014, security researchers have been concerned by the automotive field [4] and the impact of connectivity in those product. One particularity of automotive security if that there are a wide range of attacker profiles, each exploiting different parts of the car. One of the main risks with connected cars is car theft, which has always been a concern even for non-connected cars. But attacks on connected cars that enable theft can now be executed on a larger scale and with greater ease.

A recent study [3] revealed that there are real-world attacks using CAN injection to steal cars by connecting a device to the CAN bus at a convenient, easily accessible location. Keyless entry systems are more and more common in modern vehicles. Therefore, car theft through relay attacks on this system is a common problem, and there are many public researches on that. Another important risk is the vehicle safety, car components are connected together through various CAN buses. By gaining access to these
buses through hardware modification or by software attacks, attackers may affect the safety of the vehicle and cause people injuries or material damages.

The infotainment system has become one of the main component of modern cars, its screen provides many features: car control, internet connection, access to many external services. Like smartphones, this
system contains many personal data: accounts credentials, connection tokens, browsing history, navigation history and even tokens to open the owner’s garage. Gaining access to these data can facilitate attack that extend beyond the vehicle itself, and can also be used to track the vehicle position or for espionage activities.

Modern cars like Tesla ones also have many limitations enforced by software. For example, some features like advanced autopilot can be purchased during the vehicle life and do not require hardware modification or going to a service center. Bypassing these limitations (hardware and software) has always been the passion of some people, and they are sharing their findings to a large community. That kind of modifications (or attacks in some cases) must be taken into account by the car manufacturer in its security model.


Leave a Reply

Your email address will not be published. Required fields are marked *