Protecting the modern infotainment system
Whether you are glancing at GPS prompts, connecting to your favorite streaming satellite music station or using Bluetooth in conjunction with a dizzying number of apps available on your smartphone, the infotainment system in your car is largely innocuous and inconspicuous — at least in the grand scheme of the car driving experience.
Most passengers simply don’t think of the infotainment system as a critical part of the car. After all, it provides you with information, such as weather, and it entertains you to the best of its ability with multimedia. However, the infotainment system doesn’t make the vehicle go. It doesn’t steer the vehicle. It doesn’t stop or accelerate the vehicle. It doesn’t make the car crash.
Or does it?
As a potential gateway to a car’s advanced driver assistance systems, the infotainment system can be linked to data that can affect a car’s sensors, electronic stability control, anti-lock brakes, lane departure warning, adaptive cruise control, traction control and more. It therefore creates an attractive target for cybersecurity hackers. That should worry passengers and auto manufacturers.
What else worries the auto manufacturer is that the infotainment system is a key component of monetizing tomorrow’s automated and connected vehicle experience. However, the challenges in securing infotainment systems are complex and considerable. Externally connected web applications employing Wi-Fi, Bluetooth and USB technologies can be exploited by any computer hacker on the internet, sometimes quite easily.
A massive amount of code — over 1 GB, including over 50,000 executable files — is typical of a modern infotainment system. The sheer amount of code involved alone presents opportunities for cybersecurity exploits, using coding errors such as buffer overflow, heap overflow and other memory corruption vulnerabilities. Exposure of code and design vulnerabilities to a cybersecurity attacker can threaten the safety of the passenger.
The security of such systems — and understanding how cyberhackers attack exploit them — is critical. Unfortunately, system vulnerabilities are not always given the attention they deserve until it is too late. Thankfully, we can be proactive by learning from hackers.
A necessary part of learning how to prevent a cyberattack is sometimes counterintuitive. We need to encourage hackers to hack cars to expose code and design vulnerabilities — we just don’t want them to hack a real car that is moving. In recent years, several high-profile cases have served to help us learn from vulnerabilities exposed in the infotainment system and they are worth our attention.
One prominent example includes a now a legendary 2015 Jeep Cherokee hack demonstration. In it, researchers Charlie Miller and Chris Valasek famously used a reporter as “a digital crash-test dummy” to underscore vulnerabilities in connected entertainment and navigation systems. In this case, the two hackers were able to disable the brakes and drive the vehicle into a ditch. Moreover, they demonstrated how easy it was to overcome password protections with brute force attacks and sometimes simple guesswork based on the systems boot time.
In another well-known incident, Chinese security researchers were able to hack a Tesla Model X, turning on the brakes remotely and getting the doors and trunk to open and close while blinking the lights in time. Using memory corruption vulnerabilities, they performed this demonstration to music streamed from the car’s radio — which they dubbed “the unauthorized Xmas show.” The complex hack involved sending malicious software through the infotainment system in a series of circuitous computer exploits. The researchers were able to remotely control the car via both Wi-Fi and a cellular connection.
If that isn’t scary enough, this should be: Computest, a Dutch firm, revealed that the infotainment systems inside some Audi and Volkswagen cars were vulnerable to remote hacking. The researchers, Daan Keuper and Thijs Alkemade, confirmed these exploits using a Volkswagen Golf GTE and an Audi A3 Sportback e-tron model. The researchers used a car’s Wi-Fi connection to the infotainment system to exploit an exposed port and gain access to the car’s in-vehicle infotainment. They also gained access to the system’s root account, which they say allowed them access to other car data.
Despite the challenges that cybersecurity hackers pose, there is hope. The modern vehicle can be made secure via software integrity validations now available also for embedded systems. Control Flow Integrity (CFI) is one of the only proven techniques to block exploits of this dangerous vulnerability family.
Control-flow integrity describes computer security techniques which prevent a wide variety of malware attacks from redirecting a program’s flow of execution. Associated techniques include code-pointer separation, code-pointer integrity, stack canaries, shadow stacks and vtable pointer verification.
The CFI lock against remote code execution has traditionally been difficult to apply on resource-constrained embedded systems, but that is changing. Google, for example, introduced CFI at the end of last year into its Android kernel and while its implementation is partial in scope — both code-wise (kernel only) and security wise (only validating forwarding addresses) — it’s solid proof that using CFI to combat buffer exploits is not only possible, but practical.
It is imperative, then, that infotainment system developers that use the Linux kernel or Linux-like Android kernels insist on state-of-the-art cyberdefense technology.
Securing a car’s infotainment system against a cybersecurity attack is about preventing them at the gate. Understanding the limitations of existing techniques and applying a built-in active defense mechanism, such as CFI, is critical in today’s advanced infotainment systems.
It’s time to start viewing the cybersecurity defense of that little innocuous infotainment system as the key to passenger safety, branded user experience and the automotive revenue growth engine.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.