00:00:00:09 - 00:00:03:12
Welcome to cars, hackers and cybersecurity.
00:00:04:01 - 00:00:07:01
Here we break down the latest in automotive cybersecurity,
00:00:07:01 - 00:00:10:16
helping you stay ahead in building secure connected vehicles.
00:00:12:20 - 00:00:16:22
Hi. Today we'll describe a man in the middle or mid term
00:00:16:22 - 00:00:19:01
attack on automotive applications.
00:00:19:01 - 00:00:24:17
using some IP protocol over in-vehicle Ethernet networks, and how it can be mitigated.
00:00:24:17 - 00:00:37:08
Node a MIT attack involves the secret interception and manipulation of communications between two parties in order to facilitate effective and high bandwidth in-vehicle network connections.
00:00:37:10 - 00:01:10:08
In-Vehicle Ethernet links are becoming more common in vehicle E architecture. In order to use Ethernet in the automotive world, dedicated application layer protocols were developed, such as diagnostics over IP and some IP. In addition, a typical automotive Ethernet stack can also include common Ethernet protocols from the IT world, such as ICMP, ARP, and Dhcp. A general analysis of in-vehicle network security refers mainly to the following high level impacts of attack patterns.
00:01:10:10 - 00:01:11:01
One.
00:01:11:01 - 00:01:30:16
Denial of service two. Tampering with ICU behavior. Third. Malicious triggering of vehicle behavior. Four. Falsified driver information. Five. User information disclosure. Six. Compromise. Intellectual property.
00:01:30:16 - 00:01:43:06
Four of the above threats can be caused by this MIT attack. Denial of service. Malicious triggering of vehicle behavior. Falsify driver information and user information. Disclosure.
00:01:44:05 - 00:01:47:08
Background to some IP in service discovery.
00:01:48:01 - 00:01:51:16
Some IP or scalable service oriented middleware over IP.
00:01:51:16 - 00:01:52:15
is an automotive
00:01:52:15 - 00:01:53:01
middleware
00:01:53:01 - 00:02:20:05
protocol designed to support vehicle communication needs such as high data rate, low transportation overhead, and short initiation time. It is designed for client server communication, where generally the server provides services to its clients. Services can supply notifications about in-vehicle events and remote procedure call mechanisms, which allow a client to invoke functions on the server or request information.
00:02:20:07 - 00:02:46:20
Some IP has a service discovery feature, some IP SD enabling dynamic subscription to services. Typically, a server sends offer messages to everyone in the network telling them about the services it supplies. Clients then send subscribed messages subscribing to the services relevant for them. After the subscription is complete, the server will supply the service to the client, meaning it will send notifications and answer requests.
00:02:46:22 - 00:03:17:06
This subscription process is periodic, usually once every two seconds. Reference attacks set up. The attack set up represents a common use case in the automotive world. Two x, A and B are connected via a switch and communicate over some IP. EQU A is the server supplying a service S1 to ECU B, which is the client. In addition, there is another ECU connected to this switch EC.
00:03:17:08 - 00:03:24:08
The attack scenario assumes that ecu C was compromised and it is able to send spoofed messages to the network.
00:03:24:08 - 00:03:25:10
Attack flow.
00:03:25:10 - 00:03:26:08
In this
00:03:26:08 - 00:03:26:19
attack,
00:03:26:19 - 00:03:48:21
the attacker hijacks the service communication between ECU A and ECU B, forcing the communication to go through ECU c normally ECU a send service discovery offer messages offering S1 service. These messages are sent in multicast, therefore E, c, u, c will receive them to to execute the attack. For each offer as
00:03:48:21 - 00:03:50:14
one message it receives.
00:03:50:16 - 00:04:00:14
ECU C does two things. It subscribes to the service by sending a subscribe s one message to ECU a and then sends a spoofed offer s
00:04:00:14 - 00:04:13:00
one message to Ecobee ECU B receives both the original offer as one packet and the spoofed one, but it subscribes only to the second one as it arrives just after the first one.
00:04:13:02 - 00:04:39:09
In this way, two connections are initiated ECU a server to ECU C client and ECU server to ECU, B client, ECU c then relays messages between ECU A and B. For example, if ECU A sends a notification to its client ECU C, it will immediately forward its content to ECU. B the service, subscription process and message relaying are repeated throughout the
00:04:39:09 - 00:04:40:05
attack.
00:04:40:07 - 00:04:52:14
The adversary gains two things from executing such an attack. The first is the ability to eavesdrop on the communication between ECUs A and B. This communication is not visible to ECU c
00:04:52:14 - 00:05:04:19
thus the attacker without the attack, as the switch forwards only the relevant packets to each switch port. The second is the ability to control and spoof the communication between the ECU.
00:05:04:21 - 00:05:30:03
By performing this attack, the adversary is able to send false notifications to the client, invoke remote functions on the server, change messages data, or drop critical messages, all without causing any detectable communication errors on the server or client. We were able to perform this attack using two simulated ECUs connected through an automotive Ethernet switch, and an attack script.
00:05:30:08 - 00:05:43:06
Attack mitigation. There are several ways to mitigate this kind of attack. The preferred choice depends mainly on the network properties. In some cases, applying a basic firewall using the switch capabilities
00:05:43:06 - 00:05:45:05
For example, t cam rules.
00:05:45:05 - 00:06:04:22
might prevent the attack, but in other cases it will not be enough. It is highly recommended to use advanced security mechanisms as an intrusion detection prevention system, or IDPs or advanced firewall, like in the auto saw firewall standard that will filter the traffic not only based on regular network parameters.
00:06:04:24 - 00:06:41:11
Mac addresses IP addresses and UDP TCP ports, but also an automotive specific network parameters such as some IP service ID and some IP SD message type. Using authentication or encryption has a limited benefit in preventing this attack. Some IP traffic has a multicast nature, so it cannot be authenticated or encrypted using a standard protocol. The sum IP traffic can be authenticated or encrypted, but it will not prevent the attack as the attacking ECU is sending some IP messages on behalf of its own.
00:06:41:13 - 00:06:45:21
After legitimately subscribing to the service. Conclusion.
00:06:45:21 - 00:06:50:06
The role that the sum IP and the E architecture continues to grow.
00:06:50:06 - 00:07:11:24
and the susceptibility to cyber threats is exemplified by the described MIT VM attack exploiting the same IP protocol. The scenario involves an adversary hijacking a connection between two applications on two separate ECUs, enabling the attacking ECU to eavesdrop on communications between them and manipulate the data sent.
00:07:12:01 - 00:07:45:01
This concerning trend underscores the critical need for robust cybersecurity measures. The type of mitigation methods that can be used depends on the network properties, but the use of advanced automotive specific security mechanisms is highly recommended to prevent attacks like this one. Mitigating such vulnerabilities requires the implementation of advanced automotive specific security mechanisms to thwart potential attacks. Moreover, this looming risk associated with some IP has not gone unnoticed within regulatory frameworks.
00:07:45:03 - 00:08:08:13
For example, the Jasper Japanese regulation has duly identified and highlighted this vulnerability, emphasizing the imperative for stringent security protocols in automotive communication standards. Safeguarding against exploits and systems utilizing some IP remains a pivotal concern, warranting proactive measures to fortify these frameworks against evolving cyber threats.
00:08:09:16 - 00:08:15:14
That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp.
00:08:15:14 - 00:08:20:02
Stay connected by subscribing and visiting placidity. X-Com.
00:08:20:02 - 00:08:24:02
Until next time, stay safe on the road and in the cloud.