Solution Overviews

Datasheet: Mitigating Automotive Cyberattacks

Issue link: https://resources.irdeto.com/i/1005605

Contents of this Issue

Navigation

Page 0 of 3

Datasheet Last modification: 30-05-2019 / 06:03 pm GMT+01:00 www.irdeto.com 1 © 2019 Irdeto. All Rights Reserved. The frequency of cyberattacks on the connected transport industry shows rapid growth. The number of reported cases increases daily, ranging from security assessments by ethical researchers to real-world attacks by financially-motivated hackers or those with malicious intentions. Irdeto has solutions. Irdeto's Secure Environment assumes perimeter security is compromised and focuses on uniquely protecting everything else. With multilayer security, it safeguards critical files and app data, and prevents hackers from adding malicious code, modifying executables and scripts, and reverse engineering. Irdeto's Keystone is a secure system that integrates directly with the vehicle's settings. This allows vehicle owners to create and control policies around multi-user vehicle access, settings and usage, which enables new business models. Below, we look at some of the recent, notable attacks. We also detail the key methods that were employed and how Irdeto's security solutions would have mitigated the risks. Method Mitigation CAN message injection via mobile app. In March 2018, a vulnerability in a couple of Volkswagen mobile applications enabled hackers to inject CAN messages. A malicious attacker could use this to take control of car systems. Secure Environment has teamed up with SafeRide whose vSentry is the industry-leading, multilayer cybersecurity solution for connected and autonomous vehicles that combines a state-of-the-art deterministic security solution with a groundbreaking AI profiling and anomaly detection technology to provide future-proof security. Secure Environment also allows OEMs and Tier 1s to define who can access resources and provides telemetry reports for all security events. Car2Go app hacked leading to stolen vehicles. In April 2019, less than a year after the Chicago-based car-sharing app was launched with 400 Daimler cars, it was discovered that the Car2Go app had been hacked and 100 cars were missing. The specifics of the hack are unclear; it appears the hackers tampered the app to unlock the doors. While there was a 29-square mile drop-off zone defined, the cars were never limited from leaving that area. Keystone is a secured system that allows vehicle owners to create and control policies around multi- user vehicle access, settings and usage. It provides components on the vehicle-side, cloud-side, and a Secure Mobile Engine on the smartphone-side that is designed to resist direct and indirect attacks. It also provides policy-setting geo-fence capabilities that restrict the cars to the intended geographic location. Two Peugeots stolen using relay attack. In April 2019, two Peugeots with keyless entry and push button start were stolen using a relay attack. The criminals used a box that relays the signal of a car key to gain entry and start the vehicle. Keystone's three component (mobile, cloud, vehicle) solution includes protection against relay attacks by taking the proximity of the user device into account. MITIGATING AUTOMOTIVE CYBERATTACKS How automotive cyberattacks would have looked if Irdeto's connected transport security solutions had been applied.

Articles in this issue

Links on this page

view archives of Solution Overviews - Datasheet: Mitigating Automotive Cyberattacks