The Multitude of Threat Vectors Vehicle Area Networks Create
The next big thing in technology appears to be autonomous or smart vehicles, and with them will come vehicle area networks (VANs). While vehicle area networks are still in the early phases of research and development, many companies will hesitate to deploy them until they fully understand the threats facing these networks. Research on this topic from both a technology and security standpoint has uncovered quite a few interesting points and areas that require further consideration.
Some Basics of Vehicle Area Networks
VANs can be designed in any number of ways, but the three primary designs in use are:
- Collecting telemetry data from a corporate vehicle;
- Collecting telemetry data from a corporate vehicle and creating a moving version of a corporate network; and
- Creating motor vehicles that an individual driver can put into semi-autonomous or fully autonomous mode.
While this short description of predominate designs makes them sound simplistic, rest assured they are not.
Companies that deploy VANs as a means of providing a type of roaming network will need to make significant investments in additional network and data hardware. They’ll also need specialized hardware such as a gateway to act as a remote access point into the corporate network.
Organizations that want to deploy a VAN in the future will need to consider the following:
- How and where the VAN will be used;
- How many employees will have access to it and the type of access they should have;
- The mobile gateway design needed;
- Connectivity requirements needed for the employee to work effectively (i.e., the distance the employee can travel before they are out of signal range); and
- The security requirements of the VAN.
Furthering Safety and Business Goals
Companies that deploy the telemetry portion of the VAN design are usually attempting to collect information about the behavior of the vehicle, the road conditions, the driver or some combination of all three. For example, a telemetry system in a utility vehicle can collect the following information:
- When the truck went over the speed limit;
- When the driver hit the brakes hard;
- When the truck made a U-turn;
- The location of the truck at a specific time; and
- The length of time the truck was parked at a specific location.
The more sophisticated systems can detect and record the number of times the radio volume was turned up or down, whether the driver tended to swerve into the next lane or slowly drift into it and, if the telemetry system is tied into a work scheduling system, the number of times the driver was late to an appointment.
Autonomous and self-driving vehicles are capable of doing all the same things, but they will take telemetry to the next level because the burden of paying attention to every tiny detail will be taken off of the driver. For example, a telemetry system in an autonomous vehicle will also collect and act on the following information:
- Proximity to other vehicles;
- Stopping distance required;
- Road conditions;
- Traffic flow of the roadway;
- Road hazards; and
- Traffic flow mechanisms.
A Deeper Look Into the Predominant VAN Designs and Their Configurations
As a Roaming Network and Telemetry Collector
VANs deployed to act as a type of roaming network typically utilize the following basic hardware and configuration:
- A black box device that acts as the gateway and can be accessed via Ethernet cable, Wi-Fi, Bluetooth, cellular and radio;
- A telemetry system that mounts under the dashboard of the vehicle, is attached directly to the vehicle’s CPU or both;
- A connection back to the on-premises or cloud-based telemetry data collector;
- A connection to a public or private cellular network;
- A VPN connection that leads to a VPN concentrator, which allows users to access the corporate network through the vehicle’s mobile gateway; and
- GPS receivers and transponders.
In this basic configuration alone, there are six ingress points that a sophisticated cybercriminal could exploit to gain access corporate systems. An advanced attacker could gain further access to the cloud provider, cellular network and telemetry servers.
As Telemetry Collectors With Varying Degrees of Autonomy
Autonomous vehicles will require some type of vehicle communication system. This system is fully capable of controlling every aspect of the vehicle when the driver does not or cannot control it.
- The system will have to be intelligent enough to operate the vehicle safely in accordance with the vehicle conditions, road conditions, climate conditions and traffic laws — simultaneously.
- If the system is required to communicate with other vehicles around it, then it will need some type of wireless or radio transmission capability.
- The system must have a visual capability to see hazards or other visual cues.
- The system will need to access and use a GPS to provide directions, the fastest route available and alternative side streets.
- If the system is used in densely packed urban areas, a perimeter detection system can help detect the position and movement of pedestrians, light poles, street vendors, police, bicyclists and off-duty emergency vehicles.
As a result of requiring this type of advanced telemetry information, self-driving vehicles will have to move beyond data analytics into the fields of behavioral analysis, predictive modeling and probabilistic determination. Unfortunately, none of these are easily achieved outside of quantum computing and extraordinarily complex mathematical models.
Some Threat Vectors and Security Considerations for All VANs
It goes without saying that more sophisticated VAN designs will also have more sophisticated threats. The short list below is far from comprehensive, but it highlights their varied nature and degree of severity.
If there is an in-vehicle network used as a hotspot by the passenger for the purposes of accessing corporate resources, there is usually a requirement for a long-life password or PIN tied to each device. The network hardware should be configured to cache credentials temporarily, or a scaled-down version of PKI could be used.
Companies also will need to define new policies, procedures and standards around data privacy with respect to the types of telemetry data collected and how it will be used. They’ll then need clear, concise documents regarding privacy versus corporate liability. This is especially important when the company uses telemetry data as evidence that an employee routinely drives irresponsibly and endangers others.
Protecting the Network
Since VANs utilize multiple receivers for Bluetooth, Wi-Fi, radio and cellular communications, security measures must be defined to prevent unscrupulous individuals from using them as entry points into the corporate network, vehicle communication systems or mobile devices.
For example, if the vehicle incorporates keyless entry, the radio frequency spectrum used by the electronic key fob should be changed from the factory default immediately after purchase. Auto manufacturers should start designing keyless entry systems that do not broadcast the radio frequency signal because these can now be identified and duplicated.
Due to the transitive and temporal nature of telemetry data in autonomous systems, vehicles should be designed to broadcast only the data needed for decision-making in the next 30 seconds outside of the vehicle. Otherwise, the vehicle should have inner insulation that prevents data from leaking out.
Network scalability can become a problem due to the exponential increase in nodes and connection points. Capacity plans, redundancy plans and budgets will need to be examined very carefully and with consideration of immediate, short-term and long-term support costs.
Locking Down Other Information
GPS transponders in the vehicles should not broadcast positional information to anything other than the vehicle receiver and GPS satellites. This will limit the ability of a nefarious individual attempting to locate a particular vehicle or employee.
This is especially important for personnel in sensitive job roles who may not have access to highly secure, military-grade GPS satellites. There is also a strong evidence that indicates extremely sophisticated cybercriminals can trace GPS satellite signals in reverse to identify locations.
Critical personnel should always have frequency hopping and spread spectrum technology built into vehicles to secure communication. Strong encryption can also be implemented for data communication both inside and outside of cars.
An Entirely New Threat Model
Autonomous vehicles are susceptible to hacking, cracking, eavesdropping, denial-of-service attacks, bad software updates, brute-force attacks, code flaws, developer backdoors and malware of all degrees. Because of this — and the fact that they will carry any number of passengers in any location — they present a completely new level of risk.
Much like drone technology, security standards and governance are severely lacking at all levels for vehicle area networks. The industry will have to develop new security standards, coding standards, technology standards, risk models, threat models and penetration testing techniques to keep up.