i3 - May/June 2016 - 16

S E PA R AT I O N A N X I E T Y
"The main issue is not so much data
privacy-information about where the
driver is going and what he is doing-but
it's primarily a critical safety issue," says
Michela Menting, research director for
digital security at ABI Research in Geneva,
Switzerland. That's because in the vast
majority of vehicles sold, braking, steering
and other systems related to propelling
a vehicle were engineered before anyone
thought critically about protecting them
from intruders, she says. Yet with vehicles
connected by 3G or 4G cellular modems in
two-way communications with automakers' cloud services, there's definite vulnerability, and in many cases the threat is
"just a matter of tracking [a car] down and
launching an attack," she declares.
More, standard vehicle development
times of three to five years means critical
electronic systems and computing chips
were engineered as far back as calendar
year 2013 and will roll out in model years
2016 through 2018, and "some of those
are immutable," says Richard Doherty,
research director of The Envisioneering
Group in Seaford, NY. Counting just 2016
to 2018 models containing chips and systems essentially finished years ago, "that's
probably dozens of millions of the world's
cars, with the U.S. being the highest base
because of our penchant for convenience,"
he says.
"These are honeypots" to hackers
looking for challenges, he asserts, noting
they'll have access to them sometime in
2016 and 2017 model years. "And these
days it can be hours and days, not weeks
or months, before they find a weakness," he says. Car "exploits" are likely to
be on the agenda at a popular biennial
gathering of hackers from around the
world named HOPE (short for Hackers on Planet Earth), which is scheduled
for July in New York. "There's nothing
secure and now we're putting chips into
things that go 100 miles per hour and in
Germany faster."
On the other hand, Doherty says, an
argument can be made that Tesla automobiles are an exception, inherently less susceptible to hacking, for two reasons. First,
he says, the automaker includes a "closed
16

MAY/JUNE 2016

" T H E R E 'S
N OT H I N G
SECURE AND
NOW WE'RE
PUTTING
C H I P S I N TO
T H I N G S T H AT
GO 100 MILES
PER HOUR AND
IN GERMANY
FA ST E R ."
- R o b e r t D o h e r t y,
The Envisioneering Group

system," using a proprietary gateway device to separate a
vehicle's infotainment network from its driving controls
network. The second reason, he says, is that the company
hasn't published industry papers disclosing its intellectual property.
Nevertheless, Craig Smith, author of The Car Hacker's Handbook (2014, No Starch Press) says, "Really
any vehicle on the market right now is susceptible."
The most critical weaknesses is any type of wireless
connectivity, such as telematics and infotainment,
which offers "a very large attack surface" that encompasses Bluetooth, cellular, near field communications
(NFC) and digital radio plus a link to the vehicle's
internal "CAN (Controller Area Network) Bus" that
"is usually unprotected," Smith says. A telematics
system could, for example, gather speed information
from the vehicle via the CAN Bus, thus providing a
hacker access to the system that controls the vehicle's
speed. And when a vehicle's internal networks are
kept separate, this is more often a result of bandwidth
constraints on the Bus that separates them instead of
a predetermined anti-hacking or safety consideration,
he says.
In fact, legacy safety standards don't address hacking at all, but rather deal with parts failing, "and safety
testing doesn't do hacking." Smith says though, some
hacking-related safety standards do exist in draft
form, at SAE International and other standard-setting
organizations.
Further, it would be unwise for an automaker to
protect a critical safety system with data encryption.
Smith says, "When you just want to brake, you don't
want to have to decrypt packets."
Last year, a Jeep Cherokee hack first reported by
Wired magazine led to a recall of 1.4 million vehicles
by brand parent FCA US LLC. Researchers gained
control of their own vehicle's transmission and other
driving functions from miles away via the entertainment system head-unit and its built-in Uconnect
telematics/infotainment feature, which was wirelessly
I T I S I N N O VAT I O N



Table of Contents for the Digital Edition of i3 - May/June 2016

Contents
i3 - May/June 2016 - Cover1
i3 - May/June 2016 - Cover2
i3 - May/June 2016 - Contents
i3 - May/June 2016 - 2
i3 - May/June 2016 - 3
i3 - May/June 2016 - 4
i3 - May/June 2016 - 5
i3 - May/June 2016 - 6
i3 - May/June 2016 - 7
i3 - May/June 2016 - 8
i3 - May/June 2016 - 9
i3 - May/June 2016 - 10
i3 - May/June 2016 - 11
i3 - May/June 2016 - 12
i3 - May/June 2016 - 13
i3 - May/June 2016 - 14
i3 - May/June 2016 - 15
i3 - May/June 2016 - 16
i3 - May/June 2016 - 17
i3 - May/June 2016 - 18
i3 - May/June 2016 - 19
i3 - May/June 2016 - 20
i3 - May/June 2016 - 21
i3 - May/June 2016 - 22
i3 - May/June 2016 - 23
i3 - May/June 2016 - 24
i3 - May/June 2016 - 25
i3 - May/June 2016 - 26
i3 - May/June 2016 - 27
i3 - May/June 2016 - 28
i3 - May/June 2016 - 29
i3 - May/June 2016 - 30
i3 - May/June 2016 - 31
i3 - May/June 2016 - 32
i3 - May/June 2016 - 33
i3 - May/June 2016 - 34
i3 - May/June 2016 - 35
i3 - May/June 2016 - 36
i3 - May/June 2016 - 37
i3 - May/June 2016 - 38
i3 - May/June 2016 - 39
i3 - May/June 2016 - 40
i3 - May/June 2016 - 41
i3 - May/June 2016 - 42
i3 - May/June 2016 - 43
i3 - May/June 2016 - 44
i3 - May/June 2016 - 45
i3 - May/June 2016 - 46
i3 - May/June 2016 - 47
i3 - May/June 2016 - 48
i3 - May/June 2016 - Cover3
i3 - May/June 2016 - Cover4
http://www.nxtbook.com/nxtbooks/manifest/i3_20200304
http://www.nxtbook.com/nxtbooks/manifest/i3_20200102
http://www.nxtbook.com/nxtbooks/manifest/i3_20191112
http://www.nxtbook.com/nxtbooks/manifest/i3_20190910
http://www.nxtbook.com/nxtbooks/manifest/i3_20190708
http://www.nxtbook.com/nxtbooks/manifest/i3_20190506
http://www.nxtbook.com/nxtbooks/manifest/i3_20190304
http://www.nxtbook.com/nxtbooks/manifest/i3_20190102
http://www.nxtbook.com/nxtbooks/manifest/i3_20181112
http://www.nxtbook.com/nxtbooks/manifest/i3_20180910
http://www.nxtbook.com/nxtbooks/manifest/i3_20180708
http://www.nxtbook.com/nxtbooks/manifest/i3_20180506
http://www.nxtbook.com/nxtbooks/manifest/i3_20180304
http://www.nxtbook.com/nxtbooks/manifest/i3_20180102
http://www.nxtbook.com/nxtbooks/manifest/i3_20171112
http://www.nxtbook.com/nxtbooks/manifest/i3_20170910
http://www.nxtbook.com/nxtbooks/manifest/i3_20170708
http://www.nxtbook.com/nxtbooks/manifest/i3_20160102
http://www.nxtbook.com/nxtbooks/manifest/i3_20160304
http://www.nxtbook.com/nxtbooks/manifest/i3_20160506
http://www.nxtbook.com/nxtbooks/manifest/i3_20160708
http://www.nxtbook.com/nxtbooks/manifest/i3_20170506
http://www.nxtbook.com/nxtbooks/manifest/i3_20170304
http://www.nxtbook.com/nxtbooks/manifest/i3_20170102
http://www.nxtbook.com/nxtbooks/manifest/i3_20161112
http://www.nxtbook.com/nxtbooks/manifest/i3_20160910
http://www.nxtbookMEDIA.com