We live in a world of continuous technological change and transformation. We only have to look at the evolution of mobile devices. A few years ago, it was unthinkable to have the Internet in the palm of your hand. Today, we can pay our bills with a simple watch.
These technological advances have occurred in all aspects of society and in all areas. From raw material producers, through the industrial sector, with the emergence of a multitude of IoT (internet of things) devices, which have enabled the improvement of production chains, reducing costs and obtaining a higher quality product, to the production of vehicles.
Cars in the Internet age
Vehicles have evolved from those with a simple coal engine driven by the power of steam, to those we can find today, full of sensors to promote driving and safety, countless electronic connections, even more than the mechanical ones. All this added to, what could not be otherwise in an interconnected world, vehicles with their own output to the Internet, that is, vehicles exposed to the network, with all the advantages and disadvantages that this entails.
This constant evolution and technological growth requires continuous security controls, since all the advantages offered by an interconnected world are contrasted by the disadvantages and exposure to which a digital world subjects us.
When we talk about hacking a car, movies like “Die Hard” come to mind, as it is something that still sounds like Hollywood, that we think it is a joke and far from reality. Unfortunately, however, this new concept of attacking vehicles has jumped from the big screen into our world.
Just as an outdated server is vulnerable to being exploited by attackers to steal your information, or an out-of-date software obsolete is targeted by a multitude of attackers, a vehicle with internet access can be targeted by criminalsIt allows you to perform a multitude of feats without even touching it.
Today, it is possible to open a car door by cloning the RFID frequency emitted by the contactLess keys, wait for the owner to walk away and steal the vehicle. It is also feasible to connect through the on-board computer to the vehicle’s CanBus and inject datagrams with action codes that cause the vehicle to fold its mirrors, accelerate or brake.
At this point, are we beginning to see the need for regulation of cybersecurity controls in vehicles? The most obvious answer is yes. That is why by 2025 every vehicle will need to be cybersecurity certified issued by specialized certification centers, to ensure that the new vehicles produced are safe, not only in a physical driving environment, but also on a digital highway such as the Internet.
The experts’ response
Under these premises, experts from the cybersecurity sector sat down to discuss the different needs that we detected in relation to vehicles. From a possible monitoring of the actions and connections, a record of logs, not only with vehicle faults, such as the failure of a vehicle, but also with BlackBox The main reason for this is the different degrees of encryption and complexity of the algorithms used in the data transmission; let’s remember that if the vehicle is to be used as an aircraft, the actions and commands received from outside the vehicle, the different degrees of encryption and the complexity of the algorithms used in the data transmission. trackea a vehicle, locating us is trivial.
This is why the need arose to develop a methodology for auditing vehicles to determine whether or not a model is safe at the time it is put on the market. Thus, we started to develop an audit methodology and controls for vehicles, which resulted in our service line “Car Hacking Oesia, Driving Together”.
From this new line of service we are looking for the perfect fusion between driving safety and digital security, so necessary and unfortunately little present nowadays.
Currently, our team of experts is developing multitude of tests and controls for the different points that the European regulations will require in 2025 (WP.29/2020/79 of the European Union.) to get these vehicles on the road and to support the major automotive manufacturers in this arduous task of securing vehicles.
In conclusion, we would like to invite all our readers to engage in an exercise of reflection. We are currently experiencing a technological and digital evolution that could be described as vertiginous. As technologies have changed the world, criminals have adapted and evolved to steal millions of dollars at the click of a button, from their homes, without any exposure. Thus, we consider the field of cybersecurity to be of paramount importance, with all its complexity, since the evolution and changes experienced tend to occur faster than the best practices, controls and methodologies that are developed.
Therefore, we ask ourselves the following question: “Is it really profitable to maintain this pace of technological growth with minimum security measures that guarantee our safety and that of our loved ones? Can we be at ease riding in a vehicle knowing that it can be attacked and its controls disabled?
Carlos Gómez Pintado, Offensive hacking line leader in Grupo Oesía