SlideShare ist ein Scribd-Unternehmen logo

Securing the connected car - NDC Techtown 2019

Mender.io
Mender.io

Slides from my talk at NDC Techtown 2019. Abstract: Using recent real-world examples, Mirza Krak, Embedded Solutions Architect for the open source Mender.io project, will discuss the opportunity of connected cars and walk the audience through the following: - Key opportunities OEM’s have for connected vehicles, as demonstrated by Tesla’s ability to provide over-the-air (OTA) software updates - The anatomy of the Jeep Cherokee hack: the technical details of how the Jeep Cherokee was hacked and steps you can take to reduce your attack surface - Best practices on delivering over-the-air software updates with failover management.

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
Mirza Krak Embedded Linux Solutions Architect Mender.io NDC Techtown 2019 Securing the Connected Car
The software defined car 1990 2000 2010 2020 Hardware enabled Software enabled Software defined Telematics Infotainment Connected Assisted driving AutonomousElectronics
About me ● Mender.io ○ Over-the-air updater for Linux ○ Open source (Apache License, v2) ○ Remote deployment management (server) ○ Under active development ● Mirza Krak ○ 8 years in embedded Linux ○ Background in automotive ○ Board Support Package development ○ Open-source
Session overview ● Opportunities with the software defined car ● Anatomy of an attack: security risks of the connected car ● The patching problem & solution designs
Software defined car: New revenue streams ● “Automakers could add up to $27.1B annually from services such as car sharing and more” - Navigant Research ● Tesla ○ An OTA update system allows for easy additional software purchases after buyers drive their cars off the lot ○ Semi-autonomous Autopilot feature allows current Model S owners to add the feature for $2,500 USD when they order the vehicle or they can pay $3,000 USD to upgrade later
Cost savings by using open source platforms IVI stack Hardware Board support pkg. Operating system Middleware Apps HMI Cost 10% 30% 60% Differentiation Focus on open source here ● Lower layers are expensive and provides no differentiation ● Use open source here to ○ Shorten time-to-market ○ Lower cost ○ Reallocate development to differentiating features OTA updater
The software defined car requires OTA updates ● Increased software complexity requires more frequent improvements ● “33% of current recalls are for problems that could be fixed OTA” - ABI Research ● “OTA updates will save carmakers $35B in 2022” - IHS Automotive ● Fiat Chrysler hack (next up) required a recall of 1.4 million vehicles that could have been avoided with an OTA update
Jeep Cherokee hacked in July 2015 ● Presented at Black Hat USA 2015 ○ Charlie Miller ○ Chris Valasek ● Remote exploit giving full control of the car ● Clearly demonstrates physical safety risk ● No way to fix remotely ● 1.4 million cars recalled
Jeep Cherokee architecture CAN-C CAN IHS ECU’s ● Radio ● A/C ● …. ECU’s ● Engine ● Stearing ● Breaks ● …. “Head unit”, “IVI” ECUs handle things like adaptive cruise control, electronic brakes, parking assist and control of the steering column
Attack surface ● Bluetooth ○ The Bluetooth stack is quite large and represents a significant attack surface that has had vulnerabilities in the past ● WiFi ○ Wi-Fi security assessment methodologies have been around for years and access point hacking has been frequently documented in recent times ● Cellular ○ This is the holy grail of automotive attacks since the range is quite broad
Jeep Cherokee Head Unit with WiFi WiFi hotspot offered as a service ● Cherokee customers can buy wifi subscription as an add-on (~$40/month) ● Connect devices in the car to the car’s wifi to get online (phones, tablets, …) ● Wifi is password protected “Head unit”, “IVI”
Wifi-based breach: Short-range ● Inspected ISO image ○ Firmware files ● Wifi password based on system time since epoch ● January 01 2013 00:00 GMT +- 1 minute ● Scope: Control music player/radio/volume and track GPS coordinates when within wifi range Guessable password
Wifi-based breach: Short-range ● 9 open ports ● Focused on 6667 (IRC) ○ Was actually D-Bus (IPC and RPC daemon) ○ Allowed anonymous authentication ○ Used DFeet to inspect the D-Bus ● 4 lines of python code utilizing D-Bus API to execute commands as root ● Scope: Control music player/radio/volume and track GPS coordinates when within wifi range Software vulnerability
Cellular-based breach: Country-wide ● Scope: Control music player/radio/volume and track GPS coordinates countrywide ● Can also select a specific Jeep based on its GPS-coordinates Breach Sprint Cellular network Software vulnerability To find vulnerable vehicles you just need to scan on port 6667 from a Sprint device on the IP addresses 21.0.0.0/8 and 25.0.0.0/8.
The Controller Area Network (CAN) bus ● The CAN bus connects ~70 electronic control units (ECUs) ● V850 chip is designed to only read from the CAN bus, to isolate components V850 chip Read-only Diagnostics
CAN bus ● The head unit can update the firmware of the V850 ● Firmware update authenticity not checked properly V850 chip Full control Malicious firmware update
Putting it together Lessons ● Wifi hotspot password was predictable ● Remotely accessible service (in head unit) was vulnerable (and not updated) ● Firmware update (for V850) did not have proper authenticity checks ● The only way to fix the vulnerabilities is through a manual update (by customer or dealership) FW update Cellular breach Vulnerability
More complexity leads to larger attack surface ● 1-25 bugs per 1000 lines of code* ○ Assume that all software components have vulnerabilities ● Rely on well-maintained software and keep it updated ○ Open source vs. proprietary is a red herring ○ Do not build all the software in-house ● Principle of least privilege ● Separation of privilege ● Kerckhoff’s principle *Source: Steve McConnell, Code Complete
Security patching is done too late 60 days: >90% probability it is exploited 110 days: remediation time avg. 5-10 days: <10% probability it is exploited Source: How the Rise in Non-Targeted Attacks Has Widened the Remediation Gap, Kenna Security
Why security patching happens too late ● The value is invisible until too late ● Too costly or risky ○ Manual? Too expensive to integrate updater? ○ Requires downtime of production? Risk of breaking production? ● How often do you patch? ○ Do you have a way to do it? A process? ○ Often not a core competence and not a priority to develop updater
Patching connected devices is harder ● No/expensive physical access ○ Need failure management ● Unreliable power ○ What if power disappears in the middle of patching? ● Unreliable (wireless) network connectivity ○ Handle partial downloads ○ Ideally resume downloads in expensive networks like 3G ● Public and insecure (wireless) networks ○ Can someone inject arbitrary code during the update process? ○ Verify authenticity of update
Detect update (secure channel) Download (secure channel) Integrity (e.g. checksum) Authenticate (e.g. signature) DecryptExtract Install Failure recovery (e.g. roll back) Compatibility check Sanity checks Post-install actions Pre-install actions Must-have Environment-specific Choose a strategy (Re)Start* *E.g. reboot, restart service, start container Generic embedded updater workflow
● Integrity checking ○ This must be done ○ Easy to implement ● Rollback support ○ This should be a requirement: power loss, installation error, etc. ○ Could be hard depending on update type (tarball, package) ● Phased rollout ○ I.e. don’t deploy update to all devices in one go ○ Most do this to some extent: test & production environments ○ Can be more granular on device population (1%, 10%, 25%, 50%, …) What can go wrong? Strategies to reduce the risk of bricking
Why automated rollback is important ● Affected Chrysler, Jeep and Dodge vehicles ● Bug in UConnect SiriusXM Travel Link ● Workaround took almost a week to release Sources: CNET, Autoweek, @UconnectCares
Prepare for securing the software defined car ● Open source software where no differentiation ● Well-maintained software ● Over-the-air updates ● Apply well-known security design principles
The best way to respond to hacking? Fiat Chrysler said exploiting the flaw "required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code" and added manipulating its software "constitutes criminal action". Sources: BBC News, Wired Straubel [Tesla CTO] credits KeenLabs’ researchers [...] says Tesla will pay KeenLabs’ team a monetary reward for its work [...] “They did good work,” Straubel says. “They helped us find something that’s a problem we needed to fix. And that’s what we did.”
Thank You! Q&A @KrakMirza mirza.krak@northern.tech https://www.linkedin.com/in/mirzakrak/ @mender_io https://mender.io https://docs.mender.io/2.0/getting-started https://hub.mender.io

Empfohlen

Mender: The open-source software update solution
Mender: The open-source software update solutionMender: The open-source software update solution
Mender: The open-source software update solutionMender.io
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesMender.io
 
The ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesThe ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesMender.io
 
A million ways to provision embedded linux devices
A million ways to provision embedded linux devicesA million ways to provision embedded linux devices
A million ways to provision embedded linux devicesMender.io
 
Embedded linux build systems
Embedded linux build systems Embedded linux build systems
Embedded linux build systems Mender.io
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Mender.io
 
Configuring wifi in open embedded builds
Configuring wifi in open embedded buildsConfiguring wifi in open embedded builds
Configuring wifi in open embedded buildsMender.io
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solutionMender.io
 

Empfohlen

Mender: The open-source software update solution
Mender: The open-source software update solutionMender: The open-source software update solution
Mender: The open-source software update solutionMender.io
 
IoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesIoT: Contrasting Yocto/Buildroot to binary OSes
IoT: Contrasting Yocto/Buildroot to binary OSesMender.io
 
The ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesThe ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesMender.io
 
A million ways to provision embedded linux devices
A million ways to provision embedded linux devicesA million ways to provision embedded linux devices
A million ways to provision embedded linux devicesMender.io
 
Embedded linux build systems
Embedded linux build systems Embedded linux build systems
Embedded linux build systems Mender.io
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Mender.io
 
Configuring wifi in open embedded builds
Configuring wifi in open embedded buildsConfiguring wifi in open embedded builds
Configuring wifi in open embedded buildsMender.io
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solutionMender.io
 
IoT Prototyping using BBB and Debian
IoT Prototyping using BBB and DebianIoT Prototyping using BBB and Debian
IoT Prototyping using BBB and DebianMender.io
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Mender.io
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Mender.io
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Mender.io
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Mender.io
 
Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018Mender.io
 
Mender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
 
Mender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and GolangMender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and GolangMender.io
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Weitere ähnliche Inhalte

Mehr von Mender.io

IoT Prototyping using BBB and Debian
IoT Prototyping using BBB and DebianIoT Prototyping using BBB and Debian
IoT Prototyping using BBB and DebianMender.io
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Mender.io
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Mender.io
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Mender.io
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Mender.io
 
Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018Mender.io
 
Mender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
 
Mender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and GolangMender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and GolangMender.io
 

Mehr von Mender.io (13)

IoT Prototyping using BBB and Debian
IoT Prototyping using BBB and DebianIoT Prototyping using BBB and Debian
IoT Prototyping using BBB and Debian
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018Software Updates for Connected Devices - OSCON 2018
Software Updates for Connected Devices - OSCON 2018
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018Embedded Linux Build Systems - Texas Linux Fest 2018
Embedded Linux Build Systems - Texas Linux Fest 2018
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018
 
Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018Securing the Connected Car - SCaLE 2018
Securing the Connected Car - SCaLE 2018
 
Mender.io | Securing the Connected Car
Mender.io | Securing the Connected CarMender.io | Securing the Connected Car
Mender.io | Securing the Connected Car
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
 
Mender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and GolangMender.io | Develop embedded applications faster | Comparing C and Golang
Mender.io | Develop embedded applications faster | Comparing C and Golang
 

Kürzlich hochgeladen

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Kürzlich hochgeladen (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Securing the connected car - NDC Techtown 2019

  • 1. Mirza Krak Embedded Linux Solutions Architect Mender.io NDC Techtown 2019 Securing the Connected Car
  • 2. The software defined car 1990 2000 2010 2020 Hardware enabled Software enabled Software defined Telematics Infotainment Connected Assisted driving AutonomousElectronics
  • 3. About me ● Mender.io ○ Over-the-air updater for Linux ○ Open source (Apache License, v2) ○ Remote deployment management (server) ○ Under active development ● Mirza Krak ○ 8 years in embedded Linux ○ Background in automotive ○ Board Support Package development ○ Open-source
  • 4. Session overview ● Opportunities with the software defined car ● Anatomy of an attack: security risks of the connected car ● The patching problem & solution designs
  • 5. Software defined car: New revenue streams ● “Automakers could add up to $27.1B annually from services such as car sharing and more” - Navigant Research ● Tesla ○ An OTA update system allows for easy additional software purchases after buyers drive their cars off the lot ○ Semi-autonomous Autopilot feature allows current Model S owners to add the feature for $2,500 USD when they order the vehicle or they can pay $3,000 USD to upgrade later
  • 6. Cost savings by using open source platforms IVI stack Hardware Board support pkg. Operating system Middleware Apps HMI Cost 10% 30% 60% Differentiation Focus on open source here ● Lower layers are expensive and provides no differentiation ● Use open source here to ○ Shorten time-to-market ○ Lower cost ○ Reallocate development to differentiating features OTA updater
  • 7. The software defined car requires OTA updates ● Increased software complexity requires more frequent improvements ● “33% of current recalls are for problems that could be fixed OTA” - ABI Research ● “OTA updates will save carmakers $35B in 2022” - IHS Automotive ● Fiat Chrysler hack (next up) required a recall of 1.4 million vehicles that could have been avoided with an OTA update
  • 8. Jeep Cherokee hacked in July 2015 ● Presented at Black Hat USA 2015 ○ Charlie Miller ○ Chris Valasek ● Remote exploit giving full control of the car ● Clearly demonstrates physical safety risk ● No way to fix remotely ● 1.4 million cars recalled
  • 9. Jeep Cherokee architecture CAN-C CAN IHS ECU’s ● Radio ● A/C ● …. ECU’s ● Engine ● Stearing ● Breaks ● …. “Head unit”, “IVI” ECUs handle things like adaptive cruise control, electronic brakes, parking assist and control of the steering column
  • 10. Attack surface ● Bluetooth ○ The Bluetooth stack is quite large and represents a significant attack surface that has had vulnerabilities in the past ● WiFi ○ Wi-Fi security assessment methodologies have been around for years and access point hacking has been frequently documented in recent times ● Cellular ○ This is the holy grail of automotive attacks since the range is quite broad
  • 11. Jeep Cherokee Head Unit with WiFi WiFi hotspot offered as a service ● Cherokee customers can buy wifi subscription as an add-on (~$40/month) ● Connect devices in the car to the car’s wifi to get online (phones, tablets, …) ● Wifi is password protected “Head unit”, “IVI”
  • 12. Wifi-based breach: Short-range ● Inspected ISO image ○ Firmware files ● Wifi password based on system time since epoch ● January 01 2013 00:00 GMT +- 1 minute ● Scope: Control music player/radio/volume and track GPS coordinates when within wifi range Guessable password
  • 13. Wifi-based breach: Short-range ● 9 open ports ● Focused on 6667 (IRC) ○ Was actually D-Bus (IPC and RPC daemon) ○ Allowed anonymous authentication ○ Used DFeet to inspect the D-Bus ● 4 lines of python code utilizing D-Bus API to execute commands as root ● Scope: Control music player/radio/volume and track GPS coordinates when within wifi range Software vulnerability
  • 14. Cellular-based breach: Country-wide ● Scope: Control music player/radio/volume and track GPS coordinates countrywide ● Can also select a specific Jeep based on its GPS-coordinates Breach Sprint Cellular network Software vulnerability To find vulnerable vehicles you just need to scan on port 6667 from a Sprint device on the IP addresses 21.0.0.0/8 and 25.0.0.0/8.
  • 15. The Controller Area Network (CAN) bus ● The CAN bus connects ~70 electronic control units (ECUs) ● V850 chip is designed to only read from the CAN bus, to isolate components V850 chip Read-only Diagnostics
  • 16. CAN bus ● The head unit can update the firmware of the V850 ● Firmware update authenticity not checked properly V850 chip Full control Malicious firmware update
  • 17. Putting it together Lessons ● Wifi hotspot password was predictable ● Remotely accessible service (in head unit) was vulnerable (and not updated) ● Firmware update (for V850) did not have proper authenticity checks ● The only way to fix the vulnerabilities is through a manual update (by customer or dealership) FW update Cellular breach Vulnerability
  • 18. More complexity leads to larger attack surface ● 1-25 bugs per 1000 lines of code* ○ Assume that all software components have vulnerabilities ● Rely on well-maintained software and keep it updated ○ Open source vs. proprietary is a red herring ○ Do not build all the software in-house ● Principle of least privilege ● Separation of privilege ● Kerckhoff’s principle *Source: Steve McConnell, Code Complete
  • 19. Security patching is done too late 60 days: >90% probability it is exploited 110 days: remediation time avg. 5-10 days: <10% probability it is exploited Source: How the Rise in Non-Targeted Attacks Has Widened the Remediation Gap, Kenna Security
  • 20. Why security patching happens too late ● The value is invisible until too late ● Too costly or risky ○ Manual? Too expensive to integrate updater? ○ Requires downtime of production? Risk of breaking production? ● How often do you patch? ○ Do you have a way to do it? A process? ○ Often not a core competence and not a priority to develop updater
  • 21. Patching connected devices is harder ● No/expensive physical access ○ Need failure management ● Unreliable power ○ What if power disappears in the middle of patching? ● Unreliable (wireless) network connectivity ○ Handle partial downloads ○ Ideally resume downloads in expensive networks like 3G ● Public and insecure (wireless) networks ○ Can someone inject arbitrary code during the update process? ○ Verify authenticity of update
  • 22. Detect update (secure channel) Download (secure channel) Integrity (e.g. checksum) Authenticate (e.g. signature) DecryptExtract Install Failure recovery (e.g. roll back) Compatibility check Sanity checks Post-install actions Pre-install actions Must-have Environment-specific Choose a strategy (Re)Start* *E.g. reboot, restart service, start container Generic embedded updater workflow
  • 23. ● Integrity checking ○ This must be done ○ Easy to implement ● Rollback support ○ This should be a requirement: power loss, installation error, etc. ○ Could be hard depending on update type (tarball, package) ● Phased rollout ○ I.e. don’t deploy update to all devices in one go ○ Most do this to some extent: test & production environments ○ Can be more granular on device population (1%, 10%, 25%, 50%, …) What can go wrong? Strategies to reduce the risk of bricking
  • 24. Why automated rollback is important ● Affected Chrysler, Jeep and Dodge vehicles ● Bug in UConnect SiriusXM Travel Link ● Workaround took almost a week to release Sources: CNET, Autoweek, @UconnectCares
  • 25. Prepare for securing the software defined car ● Open source software where no differentiation ● Well-maintained software ● Over-the-air updates ● Apply well-known security design principles
  • 26. The best way to respond to hacking? Fiat Chrysler said exploiting the flaw "required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code" and added manipulating its software "constitutes criminal action". Sources: BBC News, Wired Straubel [Tesla CTO] credits KeenLabs’ researchers [...] says Tesla will pay KeenLabs’ team a monetary reward for its work [...] “They did good work,” Straubel says. “They helped us find something that’s a problem we needed to fix. And that’s what we did.”