We all have a reasonably good understanding of how the dozens of control modules on a modern vehicle establish and maintain communications with each other over serial communications networks. However, what we sometimes don’t realise is that modern vehicles are also connected to vast communications networks outside of the vehicle: networks that can be synced not only to a vehicle owners’ home WIFI network, but also to a vehicle owner’s personal information such as financial records, email, and other sensitive personal information. While this ability literally places the word at a vehicle owner’s fingertips, this article will take a closer look at how we as technicians can inadvertently give hackers access to the same information if our own internal networks are not secured against cyber criminals. Let us start with this question-
While cars cannot yet communicate with each other directly, the rapid development of telematics and ADAS (Advanced Driver Assist Systems) is the primary driver behind the ability of an increasing number of vehicles to communicate with road infrastructure and cloud-based services that make it possible for many modern automotive safety systems and infotainment features to work as designed. Thus, the word “connected” refers to the fact that a given vehicle is connected to a variety of communication networks that could monitor everything from the contents of a vehicles owner’s refrigerator, the status of his garage door(s), the security lighting in his driveway, his email client, and even to his banking details- and a lot more, besides.
We as technicians might think that connecting a car to the outside world does not necessarily make cars better or more reliable, but it does not matter what we think. The fact is that connected cars are becoming more common, and unless we as independent technicians and workshop owners/managers understand and recognise the vulnerabilities in modern communications systems, the more likely it becomes that a simple diagnostic scan could give hackers (that may be parked across the road from your workshop), access to a vehicle owner’s personal information.
If you are thinking that this scenario is far-fetched or a bit science fiction-y, you would be wrong, and you would do well to-
If you have never come across this code before, it is defined by some manufacturers, and most notably by General Motors, as “Hacking AWH Data”. The acronym “AWH” stands for “Advanced Web Hacking” and the presence of this code with this definition means that either an attempt to hack into the vehicle’s communication systems is in progress, or that such an attempt had been made, regardless of whether the attempt had been successful or not.
Typical cyber attacks focus on lifting information from payment systems, disabling keyless entry and anti-theft systems with pirated software, taking control of some or all vehicle control functions, and accessing other networks via a vehicles’ connected status. The most common attacks however, focus on remote cloning of key fob encryption, and generally exploiting known vulnerabilities in automotive security systems to gain unauthorised access to vehicles and/or their contents.
So what does this mean for technicians and independent workshops? Quite simply, it means that hackers can gain access to a customer’s personal information while his vehicle is on our premises- without us even being aware that a hacking operation is in progress. It also means that in some circumstances, we could be liable for any and/or all losses suffered by a customer when his vehicle is hacked on our premises, so how does one prevent such attacks?
Unfortunately, there is as yet no proverbial silver bullet that will prevent all hacking attempts under all circumstances on all vehicles. Nonetheless, once one is aware of the potential gateways that hackers use, it becomes possible to institute at least some preventative measures, such as doing the following-
The President and CEO of Honeywell Transportation Systems, Olivier Rabiller, once explained the urgent need workshops have to become aware of cyber security issues in the following way- “...there are more than a dozen clearly defined attack surfaces that can provide points of entry for hacking into a passenger vehicle, and the number is growing fast. We are supporting our OEM customers with our differentiated software platform to address the cyber security challenge inherent to connected and autonomous vehicle development.”
It is a somewhat open secret that most, if not all manufacturers of aftermarket diagnostic tools reverse engineer OEM automotive programming to produce the software they install on their diagnostic equipment. Therefore, while Mr Rabiller did not elaborate on exactly how Honeywell Systems are supporting OEM manufacturers, it is safe to assume that at least some manufacturers of diagnostic equipment are talking active measures to harden their equipment against hacking.
While reverse engineering generally works very well, the problem with this approach by aftermarket manufacturers is that even though some aftermarket diagnostic computers often outperform OEM equipment in some areas, programming and/or security vulnerabilities are often copied into aftermarket diagnostic software, which makes it relatively easy for a hacker to access a vehicle’s computers remotely via built-in security vulnerabilities in some diagnostic equipment. This is particularly true of diagnostic equipment that connects to a vehicle via Bluetooth or other wireless system(s).
Even though manufacturers of OEM-grade diagnostic equipment generally work very closely with OEM manufacturers to produce high quality diagnostic software, car manufacturers are not obliged to share proprietary information such as advanced algorithms, complex look-up tables, and particularly security pass codes with diagnostic equipment manufacturers. In the case of General Motors, some programming vulnerabilities are located in proprietary programming features, which means that in Australia, the effects of some hacking attempts cannot be repaired by the independent repair industry because independent workshops do not have access to the required OEM software.
It is virtually impossible for any workshop to conduct business today without being connected to the Internet. We all need access to the web and while having a WIFI hotspot is a great convenience to both our customers and ourselves, an unsecured WIFI connection is an open invitation to hackers to steal information.
Consider this- how many smart phones are on your premises every day, and how many of those phones have open WIFI ports? If your own WIFI connection is unsecured, a hacker can gain easy access to a smart cell phone belonging to a customer in your waiting area, a technician in your employ, or worse, through a WIFI or Bluetooth connection between a customer’s vehicle and one of your diagnostic computers.
As a practical matter though, securing a WIFI connection or hotspot is not as easy or cheap as one might have thought, and WIFI passwords are relatively useless against a concerted attack by a skilled hacker. The problem is that few of us are computer or IT specialists, which means that we have to engage third-party contractors/specialists to secure our own networks. It also means that we have to keep our specialists engaged to counter new threats as they are invented, all of which could place the profitability of many independent workshops under severe strain.
One way to avoid these issues is not to perform diagnostics, but this is clearly not an option. In today’s environment, we are forced to adapt to new technologies to remain profitable, and this is true for both dealer and independent workshops, which brings us to-
The proliferation of both ADAS systems and the increased complexity of telematics systems mean that the programming of a modern high-end vehicle can run to 100 million or more lines of code, which is considerably more than is commonly used on large commercial aircraft.
While it is true that OEM manufacturers go to great lengths not to code security vulnerabilities into the operating systems of their products, there is simply no way any manufacturer can guarantee that a), the programming on a given vehicle does not contain security vulnerabilities, and b), that all known security vulnerabilities have been removed/addressed/patched. One good case in point is some General Motors products that have in recent years become somewhat known for the ease with which skilled hackers with the right tools can access the security systems of these models.
From a cyber security perspective though, the many components and control modules that are implicated in ADAS and telematics systems offer hackers an almost unlimited number of possible gateways into a vehicles’ security system(s). For instance, a simple windscreen replacement that took less than an hour and no computer involvement ten years ago, can now take several hours because of the high number of sensors, cameras, and systems that must be recalibrated before one or more ADAS systems will accept the new windscreen.
The same is true for wheel alignment procedures on many new models, but knowing how to perform these procedures correctly is no longer enough. What is now also required is the knowledge or awareness that any communication between a vehicle and one or more remote computers represents cyber security risks not only to ourselves, but to our customers as well.
Unfortunately, these risks cannot be avoided since they form an inherent part of modern automotive diagnostics and repair, and while you may not have encountered such threats before, the proliferation of connected vehicles in all markets means that you will have to deal with these kinds of issues sooner than you might have wanted. For the moment though, the independent repair industry in Australia is largely on its own when it comes to dealing with cyber security issues, which begs this question-
Plenty, as it turns out. Moreover, OEM manufacturers are now working closely with both the ISO (International Organisation for Standardisation) and the SAE (Society of Automotive Engineers) to develop standards that if implemented, will go a long way towards hardening the communications systems of vehicles against cyber attacks.
Globalisation of the car manufacturing industry now means that a vehicle that is sold in Australia may have parts and components in it that were made in five or six different countries, and assembled in a seventh country before being shipped to Australia. In practice, it is precisely this aspect of car manufacturing that has now made it possible to develop uniform security standards and interfaces that will work on all vehicles in all countries that subscribe to the standards now under development. While there is not much technical information available, the downside of the proposed standards is that they envision that diagnostics will become much more difficult, if not impossible to perform with the current diagnostic equipment most independent repair facilities have available.
For instance, one possible approach involves vehicle security interfaces that will require a technician to enter a series of progressively more intricate permissions to gain access to a vehicle’s communication systems. One other possible approach to cyber security involves a concept known as the “Extended Vehicle”, which will grant access to a technician only through a series of precisely defined data protection protocols that will be based on a tightly controlled series of rules that control data interfaces. Moreover, access to the Extended Vehicle system will be via remote and secured servers, which will almost certainly be controlled by OEM vehicle manufacturers.
In fact, the ISO is far advanced in the development of standard 20077-1, which will ultimately govern the Extended Vehicle protocol(s), while the SAE has already published standard J3061, which will likely serve as the basis for all future standards and protocols that control cyber security in the automotive sphere, which leaves us with this-
The implementation of cyber security standards in the American and European markets will no doubt limit the liability of car repair workshops there. However, the implementation of these standards and protocols in the Australian market could mean that many independent workshops may not be able to perform even basic diagnostics, simply because as matters stand now, OEM manufacturers are not obliged to provide independent operators with diagnostic information, including access to the communications systems of new vehicles.
Therefore, while consumers may no longer void their vehicle warranties when they allow an independent operator to work on their new vehicles, in a few years’ time, an independent operator might not be able to diagnose a fault on a customers’ new vehicle even if he wanted to. Unless of course, OEM manufacturers are obliged by law to grant an Australian independent operator access to a new vehicle’s communication systems in order to diagnose faults.
Of course, the actual implementation of the new proposed cyber security protocols is still a few years away. However, until these standards and protocols become the norm on all new vehicles, there is precious little that we as technicians and workshop owners/managers can do to protect ourselves and our customers against cyber attacks that run on purpose-built operating systems, which leaves us with this-
Realistically, there is little the average independent workshop owner or manager can do to protect his customers’ personal information while their vehicles are on his premises. A quick internet search will turn up dozens of tutorials on how to hack almost any vehicle, and yet, despite a diligent search, this writer could not find a single resource that describes effective counter measures against vehicle hacking except for the advice offered by a prominent publisher of anti-virus software.
This advice includes the following-
One other possible defence against hacking might be to institute a policy of no cell phones on the workshop floor. This writer is not suggesting that employees might be involved in shady practices, but the truth is that workshops cannot be seen as the weakest link in a security chain that is weak at best.
