Smart vehicles have introduced many services which can be categorized by their functionality (infotainment, comfort, ADAS, OEM services). Introducing new services increases the risk of compromising security. A mobile app used by drivers to connect the vehicle could be infected with malware and spread to the vehicle. Forging remote starting signals enables an attacker to start the vehicle without a key. Security implications of these services should be investigated and addressed thoroughly. This chapter investigates such problems and provides an overview of vulnerabilities, attacks, and mitigations related to these services along with findings including software bugs and insecure protocols. The mitigations for these attacks include strengthening the security protocol of the vehicle CAN bus and incorporating security protocols such as TLS and IPsec. It is hard to say that all connected vehicles are secured. In conclusion, security cannot be neglected, and best practices like sufficient logging (e.g., IDS), reviewing, security testing, and updating of software and hardware should be used.
TopIntroduction
Nowadays, vehicles are deeply rooted in our daily lives integrating with social and economic factors. Vehicles were invented as a purely mechanical machine, but it is now becoming more and more complex as computers and electronics are embedded into every component of newly designed vehicles. Today, connected vehicles not just provide basic transportation service but also can provide services like information, entertainment, communication, etc. Basically, a vehicle is a set of networks and electrical control units (ECUs) that are connected to the Internet, with the purpose of providing different functions and services that fits the users' needs (Stoltzfus, 2020). Some of these functions are relatively simple such as controlling lights or seats, others are more advanced e.g. collision detection and automatic parking. Figure 1 illustrates the use of radar and collision detection systems in action. A smart vehicle is usually connected to an external network in order to provide information services, get updates or diagnostics to the vehicle which exposes the internal systems to external threats. There is also an increase in security problems with the increasing complexity of smart vehicles and their software needs. In 2019, the number of reported cyber-attacks on connected vehicles was seven times higher compared to 2016 (Upstream, 2020). According to Ponemon Institute's (2018) survey in the automotive industry, 84% of the respondents believed that security practices taken Today are not keeping up with the evolution of technology. This indicates that the security implications of smart vehicles are highly concerned by the consumers and should be addressed accordingly.
Figure 1. Illustration of smart vehicles traveling on a highway with radar and collision detection mechanism enabled.
This chapter aims to investigate the security of connected smart vehicles with respect to services provided. A comprehensive overview of previous attacks, weaknesses that were exploited to achieve a successful attack, and possible countermeasures against identified attack vectors are provided. Although a broad perspective of the overview of smart connected vehicles is provided, this chapter does not deep dive into technical details.
In vehicular systems, Decision Support System (DSS) can help to make decisions based on internal (vehicle's sensor data) and external conditions such as road infrastructure, traffic intensity, weather (rain, snow, ice, wind, and visibility) to control embedded devices like rain intensity sensing wipers, adaptive cruise control, stability control, and driver-assist systems more efficiently. Based on the condition, DSS can provide crucial warnings and recommendations to the driver to avoid potentially dangerous situations. If the vehicle is in autonomous mode, the decisions should be executed promptly by the DSS in an error-free manner to avoid crashes and possibly fatalities. Security of a DSS system is critical since any wrong input to a DSS may result in fatal and unrecoverable situations. In this sense, the cybersecurity consideration of smart vehicles is an important issue.
The chapter starts with the Introduction section by providing essential background on the information security that is related to vehicular networks. This is followed by the Related-work section which introduces the relevant literature. The Methodology section introduces the methodology followed for this study. The chapter continues by discussing different categories of services such as what types of services they include as well as known attacks, exploited weaknesses, and countermeasures in the Services section. In the Discussion section, the current state of security practices in today's vehicles is discussed. Finally, the Conclusion section provides insight into the areas on which vehicle manufacturers and researchers should focus on.