Upload
ibm-security
View
6.170
Download
1
Embed Size (px)
Citation preview
CONNECTED CAR
HACKUNDER THE HOOD OF A
new security vulnerabilites all drivers should be aware of.
Today’s modern vehicles can contain over 100 processors, many of which control critical systems within the vehicle.
Essentially a computer on wheels, the connected car presents
MULTIPLE POINTS OF VULNERABILTY
PRIMARY ATTACK POINTS
CAR GETS HACKED
devices which monitor speed, braking, and location.
Located underneath the dashboard, the OBD2 portis a physical connection that is highly vulnerable.This diagnostic port is used to connect third-party
OBD2 Port
that expose vehicle data or functionality.
Interfacing with vehicle systems are applicationsrunning on the driver’s personal mobile device.These applications may contain binary libraries
MOBILE APPLICATIONS
Infotainment
Engine
Locks
Brakes
System
Airbags
OBD2 Port
EXTRACT BINARY CODEFROM DEVICE
REVERSE-ENGINEERSOFTWARE
TAMPER WITHBINARY CODE
REDEPLOYMALICIOUS SOFTWARE
High ThreatModerate ThreatLow Threat
MobileApplications
1
2
3
4
easily hacked if not protected.
Typically the primary communication interface of a connected car, the infotainment system hostshigh-value and sensitive applications that are
INFOTAINMENT SYSTEM
1
&
2
3
4
KEEP SOFTWAREUPDATED:
DON’T JAILBREAKYOUR CAR OR DEVICE:
CHECK OUTLETSPERIODICALLY:
ASK MANUFACTURERIF APPS ARE HARDENED:
TO PREVENT ITWHAT YOU CAN DOHOW A CONNECTED
HACKABILITY
Check with your manufacturerand service provider to make
sure you always have the
In addition to making your carless secure, it may also void
warranties.
what you choose to plug in.
Make sure you know what isplugged into any USB or OBD2 portson your vehicle. Carefully consider
latest version installed.
to download.
Verify that all mobile and pre-installedapps are hardened, in addition toany third-party apps you choose
VEHICLE TO VEHICLE VEHICLE TOVEHICLE TO DEVICE
NFC
802.11p802.11p
INFRASTRUCTURE
What’s 802.11p?A new wireless standard thatenables ITS or IntelligentTransportation Systems.
Did you know?By 2020, it’s expected that75% of cars shipped globallywill have internet connectivity.
Reverse-engineeringtools (i.e. IDA pro) are fast, low in cost and easy-to-use.