Security Problems and Attacks on Smart

Cars

Ş. Okul, Muhammed Ali Aydin and Fatih Keleş

Abstract This study provides information about smart cars and some of the tech-
nologies and researches on smart cars. It then describes the modeling of security
attacks in smart cars in terms of aggressive profile, attackable objects, attack require-
ments and security requirements. It also discusses the attack pattern and risk analysis
related to vehicle speed ups and the stealing of personal information.

Keywords Smart car · Security attacks · Security attacks on smart cars · Attacker
tree model

1 Introduction

Smart Cars integrates Internet Of Things (IOT) components to bring value-added

services to drivers and travelers. These components communicate with each other
and with the outside of the vehicle. Over the last few years, there have been many
publications about the attacks on automotive systems. Some of these have been shown
to be cheaper and easier to show, especially as they are a teenager who opens up and
launches a car that remotely connects by using simple equipment, especially under
the eyes of the media, especially at $ 1,500 a few dollars, turns out [1].
In addition to prestigious damage, the safety cost of cyberspace is becoming a
problem for automobile manufacturers. Security vulnerabilities have been found in
recent years and an increasing number of recalls have been made [2]:

Ş. Okul
TUBITAK BILGEM, Kocaeli, Turkey
e-mail: [email protected]
M. A. Aydin (B) · F. Keleş
Computer Engineering Department, Istanbul University, Istanbul, Turkey
e-mail: [email protected]
F. Keleş
e-mail: [email protected]

© Springer Nature Singapore Pte Ltd. 2019 203

A. Boyaci et al. (eds.), International Telecommunications Conference,
Lecture Notes in Electrical Engineering 504,
https://doi.org/10.1007/978-981-13-0408-8_17
204 Ş. Okul et al.

• Charlie Miller and Chris Valasek were great prospects for remote attacks, taking
over a Jeepin control and driving 1.4 million cars out of the way [3];
• Security researchers moved away from cutting off the BMW Connected Drive and
managed to unlock vehicles from cutting Miller/Valaisek (2.2 million cars had
more industrial use than expected) [4];
• More recently, more vehicles (including most Volkswagen cars since 1995) have
been shown vulnerable to an attack against a remote keyless entry, thus increasing
the size of the affected fleet once more. This last number showed that the number
of potentially affected cars increased rapidly with a vehicle size of 100 million
vehicles [5].

2 Technologies and Researches

As technology continues to progress, the tools will be smart and have more connec-
tions. According to ABI Research, less than 40 percent of old vehicles around world
are anticipate to be linked by 2017 [6].
According to a study published by the Kelley Blue Book, 62% of US consumers
thought that connected cars would be attacked, while 42% of respondents said they
wanted cars to be more connected. This number has increased to 60% over the course
of the millennium. Finally, more than a third of all participants said that a car did not
have the desired technology and would then buy a different car [7].
Some automakers add the items of Apple’s operating system to automakers cars,
allowing their drivers to integrate an Apple appliance into the emulated system.
Tools that use the Drive and the Android operating system can access and use traffic,
maps, web services, etc.; They are all integrated with all the car’s devices for full.
At Google’s goal, the car is becoming a “connected Android appliance” [8].
Moreover, the automobile infotainment system claims to be developed faster than
it can analyze the effects of independent researchers [9].

3 Models of Security Attacks in Smart Cars

3.1 Offensive Profile

Different groups of attackers are attracted to attack vehicles. These groups range
from the owner of the vehicle to a specialized hacker with advanced tools. Each of
these groups typically has their own motivations:
• Falsification: An attacker may wish to misrepresent actual vehicle information,
such as a tachograph exchange, to sell the vehicle by reading the tachograph or
miscalculation.
Security Problems and Attacks on Smart Cars 205

• Illegal profit: An attacker can profit by selling the ability to steal or attack an entity
to a different entity. Some attacks can be directed by a commercial opponent of
target vehicle sellers to sabotage their products and gain share in the market.
• Insane fun and vandalism: Revenge and vandalism can motivate some attacks,
such as an employee casualty attempt to punish an old company by deriving from
the company the cars are sold [10].
• Research and test purposes: Attack and penetration testing can be done by security
experts or test teams. The assailants, in this case, have benign motivations. Before
they are used by third parties, they are trying to discover security flaws within the
different components of the vehicle systems.
• Accidental: In some cases, there may be an attack without any intention. Such
an attack can be carried out while upgrading an existing system or while reading
unwanted malicious data, such as in the case of GPS, climate control and fault in
the front console radio system in Toyota Lexus vehicles [11].
• Overlap: Sometimes there are multiple causes behind a single attack.
However, motivation alone is not enough. An attacker needs sufficient technical
skills and different sets of hardware to reach its goals. The diversity of skills, abilities,
technical equipment and financial resources can be used as indicators to separate
attackers into different groups [12]:
1. Unscrupulous attackers (script kiddie): This group includes attackers with limited
financial resources and insignificant knowledge of vehicle architecture. Such
attackers lack the ability to use complex tools. Regular thieves are owners of
those who want to install or change a component in their vehicle, and good
offender of this group of offenders who give highway signals to gain credibility
in their community.
2. Hacker: This group includes highly skilled specialists with enough equipment and
equipment to perform the attack. Using the experience of this group of members,
they can profit like land hat hackers. Mechanics and security researchers are
involved in this group.
3. Organization: There are several members of the above group that these orga-
nizations work with. Generally, gigantic financial support enables them to take
advanced tools and attract experts. Security research groups can be an example
of this class.

3.2 Attackable Objects

Attackers can focus on different parts of the vehicle components:

• Data: Attackers can target data stored on some ECUs; This may be cryptographic
private keys, digital certificates or special vehicle and driver activities (e.g. vehicle
location, navigation destination, etc.). Or, the transmitted wired/wireless data may
threaten the vehicle. This data includes the following:
206 Ş. Okul et al.

– Inter-vehicle data exchange between different components and sensors with one
component. Fraud between the transmitted data, the system on the vehicle, and
the pressure sensors on the tires is an example of the safety margin of such data
[13].
– Data transferred between the vehicle and the outside world; V2 V communica-
tion data, V2I communication data, etc.

• In-car hardware: In general, attacking the hardware infrastructure (in other words,
ECUs, sensors and Car-top Units) requires direct access to the target devices.
Attacking an in-vehicle navy can occur by replacing a device with a malicious
device or by installing new hardware that is performed in error. Sometimes the
attacked hardware may not be part of the vehicle. Your drive may be a 3rd party
device, such as a mobile phone, that is plugged in. [14] An attacker may aim to
reduce the performance of the vehicle’s component or even deliberately produce
misleading results (e.g. Volkswagen’s Emission Scandal [15]).
• Media infrastructure: Some attacks may target the environment of the vehicle. A
typical example of such an attack is a change in electronic road signs such as
“Zombies Ahead”, where an attacker finds how to change the text on electronic
road signs to warn of a Zombies attack. Even such a ridiculous attack can create
public safety problems for drivers on the road [16].
• Software and framework: The enormous amount of integrated software on each
vehicle and the different levels of security control between different vendors make
them more vulnerable to attack. The frame that controls the ECU can be the target
of various attacks; Some attackers may interfere with this aspect of the ECU to
achieve superior performance [17]. Malicious updates to the inner parts of an
applet or framework can open doors that can be exploited by an attacker.

3.3 Attack Requirements

To be able to attack, it must be a smart car, direct, remote or mixed access to be

attacked:
• Direct Access: Some attacks are based on direct access from the target vehicle. A
vehicle can be accessed directly when parked. Subsequently, attackers may have
the option of linking a GPS device to track the vehicle later, or determining the
destination of the vehicle [18]. In some cases, taking a car to the service station
to check it may be a way for direct access by attackers. In such cases, an attacker
has full access to the vehicle. On-board Diagnostic port (OBD-II) is a physical
interface already used for many attacks [19].
• Remote access: Other attacks do not require direct access to the target. Attackers
can target from a distance. Such attacks exploit the integrated wireless capabilities
of modern automobiles. These include Bluetooth, a cellular connection, wireless
tire pressure monitoring, etc.. Entertainment system is another point that is inter-
Security Problems and Attacks on Smart Cars 207

rupted at a distance. For example, playing a song linked with Malware could give
malicious messages to the Control Area Network [19].
• Mixed access: Direct access to the car, remote intrusion logging. Indeed, some
attackers can install some devices into the vehicle (for example, USB, malicious
DVDs, malicious components connected via OBD-II port, etc.), even though some
attackers can access the car quickly. Then, these interference devices can be used
to target the vehicle remotely. Attackers can use others to wear these tools, such
as a surrogate who parks the victim’s car, or a mechanic at a service station [19].

4 Attack Tree Modelling and Calculating Risk

In this section, there is a model of attack and risk analysis related to increasing vehicle
speed and stealing personal information.

4.1 Attack Tree Model

Attacker modeling was done after dangers and safety vulnerabilities were expressed
and separated by categories. It was used with scenario of the attack used in increase
of the vehicle speed studies for modeling [19–22]. Increased vehicle speed includes
threats arising from vulnerabilities, software updates, use and use of the Bluetooth
Control Area Network. Three attack scenarios consist of OR nodes for increased
vehicle speed.
Figure 1 shows an attack on the speed of the vehicle using a security update
to update the firmware. When using the update of firmware, the attack first adds
code to the Engine Control Unit, and then adds malicious software to send the
car’s acceleration message to the firmware. Thus, if updates the OBD (in-vehicle
diagnostic) terminal and the firmware on a wireless or wired connection by the
driver, the Engine Control Unit generates an error. Thus increases of the speed of the
car. The OBD controls the electrical operating the vehicle status. Although initially
used to protect electronic components such as motors, the way of reporting various
vehicle conditions through the driver plays the role of computer user interface [23].
Figure 2 shows the increase in vehicle speed using Bluetooth security challenge.
To use Bluetooth, you first need to have an infotainment system privilege. This can
be done by connecting to Bluetooth via a Bluetooth communication interface or by
means of a mobile appliance through which a software can be downloaded. Bluetooth
is scanned to obtain the Bluetooth communication privilege and the PIN number is
acquired with brute force attack [22].
Figure 3 shows the attack rate at a vehicle speed using the Control Area Network
security policy. When a attacker uses a Control Area Network, the attacker analyzes
the Control Area Network message first, thus generates an automobile self-diagnosis
software that can send a malicious Control Area Network message using the analyzed
208 Ş. Okul et al.

Fig. 1 Firmware updates threaten to increase vehicle speed using a security obligation [14]

Fig. 2 Vehicle speed increase using Bluetooth weakness [23]

message. When a driver downloads a malicious software file and then hitches to a
mobile appliance over a wired or wireless network, the attacker uses a message for
increasing car speed through a pre-built car hacking program [23].
The modeling of the particular knowledge leak threat was formed with attack
scenarios from previous works. The infotainment system uses for this scenario (like
USB, Bluetooth). The infotainment system can be hitched to various external net-
Security Problems and Attacks on Smart Cars 209

Fig. 3 Vehicle speed increase using the security implication of the CAN network [23]

works so that particular knowledge such as location data and special call records can
be leaked into the system for it. Figure 4 shows the final of the modeling of the attack
tree of the particular knowledge leak danger and shows that the attacks are possible
with double weakness. For this reason Bluetooth is used for a Trojan horse and loads
the mobile application onto an application or network that can be downloaded and
sent to the driver. After driver connect via Bluetooth, the attacker uses the software
to communicate with the car’s infotainment system and access particular knowledge
such as location information, vehicle identification and destination. When there is a
Bluetooth weakness with automatic USB playback, a malicious software designed
to activate the Bluetooth function can be added to an MP3, and USB with MP3 can
cause the information of a driver to be stolen using a social engineering method. The
drive activates USB to listen to MP3 s that enable Bluetooth information without the
knowledge of the driver. The attacker controls the Bluetooth on the car with Blue-
tooth scan and receives the brute force attack and the PIN number. This PIN number
can be used to obtain information about the driver.

4.2 Risk Level Calculation

R is defined for Risk Level. R is found by assessing the significance of assets and
the dangers and weaknesses identified by the analysis procedure. That led to a R
of increase of car speed, a major threat to intelligent automobiles. The risk levels
calculated in this way are presented in Table 1.
210 Ş. Okul et al.

Fig. 4 Particular knowledge infiltration using Bluetooth open [23]

Table 1 For intelligent vehicle security risk [20]

Type Value
Asset (A) Threat Vulnerability A T V R Rule
(T) (V)
Powertrain Increase Update for S3 0.94 0.75 2.11 H
of car Fimware
P1
velocity
O2
Bluetooth S3 0.91 0.515 1.44 M
P1
O0
CAN S3 0.93 0.687 1.94 M
P1
O0
Infotainment Personal Bluetooth S1 0.83 1 2.49 H
infor- (mobile P3
mation connection)
leakage O1
Bluetooth (USB S  1 86 0.687 1.77 M
execution)
P3
O1

The rating of security risk of a intelligent vehicle is presented in the framework

of assessment of security risk as shown in Table 1. R was scored between 0.0 and
3.0. In the range of 1.0 < R ≤ 2.0, this means the medium risk level M values and if
0.0 < R ≤ 1.0, the low risk is categorized as L evaluation. Finally, if 2.0 < R ≤ 3.0, high
Security Problems and Attacks on Smart Cars 211

risk H was considered. Estimates of assets, threats and weak points are multiplied,
and then the increase in vehicle speed is rated as threat, and particular knowledge is
graded on an H, L or M basis as the last calculation of the threat of leaking. It reflects
the significance of being. In one case, the level of risk calculated to give the most high
score. This reason for only reflecting the most high score is that the security dangers
in the case of an automobile are handled from various angles; Security measures
should focus on efficiency, with some of the highest score taking into account the
much significant of each asset when calculating of security are established. For
instance, the safety (S) direction received the most high score in the case of a power
transmission system; this indicates that focusing on security should be on security
(S) instead of privacy (P) or availability (O) [20].
The transponder system is related to the presence of a motor vehicle acceleration
is due to the presence of three security vulnerabilities. In evaluating the importance of
the entity, security (S) earned three points, privacy (P) one points and operational (O)
two points. To assess the entity, only the highest rated security (S) is reflected. This
means that safety measures must focus on safety, as it is an important vehicle presence
that greatly influences the safety of the vehicle, rather than the power transmission
organ’s privacy [20].
In the infotainment system, the existence of particular knowledge leakage threat
is due to two security reasons. In evaluating the importance of the entity, security (S)
earned one point, privacy (P) three points and operational (O) one points. To assess
an entity, only the highest score receiving privacy (P) is reflected; this means that
the information system requires that the security measures for the IT containing the
particular knowledge of the chauffeur focus on the confidentiality aspect [20].

5 Result

By using the information in this study, modeling of security attacks that take place
in intelligent vehicles, modeling of two examples of attack types and modeling of
attack trees and risk analysis have been expressed. It is aimed to perform related
studies by modeling in other types of attack in future works that can be written by
moving from here, or by adding new parameters to the attacking species in the attack
types exemplified here.

Acknowledgements This work is also a part of the M.Sc. thesis titled Security Attacks Analysis
For Smart Cars at Istanbul University, Institute of Physical Sciences.
212 Ş. Okul et al.

References

1. http://www.forbes.com/sites/leoking/2015/02/23/14-year-old-hacks-connected-cars-with-
pocket-money/. Accessed 19 July 2017
2. Anthony Foxx, Secretary, U S Department of Transportation and Mary Barra, the chairwomen
and CEO of General Motors Company, stress the importance of these issues in a keynote talk
at the Billington Cyber summit 2016
3. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, 19.07.2017
4. http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-
ConnectedDrive-2540957.html. Accessed 19 July 2017
5. http://arstechnica.com/cars/2016/08/hackers-use-arduino-to-unlock-100-million-
volkswagens/. Accessed 19 July 2017
6. Woodyard C, O’Donnell J (2013) Your car may be invading your privacy. USA Today. www.
usatoday.com. Accessed 25 March 2013
7. http://www.businessinsider.com/smart-car-hacking-major-problem-for-iot-internet-of-things-
2016-3. Accessed 19 July 2017
8. FAQs, Open Automotive Alliance. www.openautoalliance.net. Accessed 19 July 2017
9. Hands-Free Infotainment Isn’t The Solution To Distracted Driving, Researchers Warn Webcast
News Room (Feb 5, 2014) www.webcastnewsroom.com
10. Poulsen K (2010) Hacker disables more than 100 cars remotely. https://www.wired.com/2010/
03/hacker-bricks-cars/
11. Bogage J (2016) Scary glitch affects luxury cars. https://www.bostonglobe.com/lifestyle/2016/
06/09/scary-glitch-affects-luxury-cars/kj4wg2lhphlJDC3gATGuPM/story.html
12. Camek AG, Buckl C, Knoll A (2013) Future cars: Necessity for an adaptive and distributed mul-
tiple independent levels of security architecture. In: Proceedings of the 2Nd ACM international
conference on high confidence networked systems, ser. HiCoNS ’13
13. Rouf I, Miller R, Mustafa H, Taylor T, Oh S, Xu W, Gruteser M, Trappe W, Seskar I (2010)
Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring
system case study. In Proceedings of the 19th USENIX conference on security, ser. USENIX
Security’10. USENIX Association, Berkeley, CA, USA
14. Izosimov V, Asvestopoulos A, Blomkvist O, Torngren M (2016) Security-aware development
of cyber-physical systems illustrated with automotive case study. In: 2016 Design, automation
& Test in Europe conference & exhibition, DATE 2016, Dresden, Germany
15. Guilbert G, Jack E, Karl R, Deerek W (2016) Explaining volkswagens emissions scandal. http:
//www.nytimes.com/interactive/2015/business/international/vw-diesel-emissions-scandal-
explained.html
16. Olofsson J (2014) zombies ahead!a study of how hacked digital road signs destabilize the
physical space of roadways. Vis Commun 13(1):75–93
17. Wasicek A, Andre W (2015) Recognizing manipulated electronic control units. In: SAE 2015
World congress & exhibition, April 2015
18. Verdult R, Garcia FD, Ege B (2015) Dismantling megamos crypto: Wirelessly lockpicking
a vehicle immobilizer. In: Supplement to the 22nd USENIX security symposium (USENIX
Security 13), 2015
19. Koscher K, Czeskis A, Roesner F, Patel S, Kohno T (2010) Experimental security analysis
of a modern automobile. 2010 IEEE Symposium on Security and Privacy; 16–19 May. IEEE,
Oakland, pp 447–462
20. EVITA (2009) Security Requirements for Automotive on-board Networks based on Dark-side
Scenarios EVITA Deliverable D2. 3. EVIPA Project
Security Problems and Attacks on Smart Cars 213

21. Cho AR, Cho HJ, Son YD, Lee DH (2012) A message authentication and key distribution
mechanism secure against CAN bus attack. J Korea Inst Info Sec Cryptol 22(5):1057–1068 (in
Korean)
22. Miller C, Valasek C (2013) Adventures in automotive networks and control units.. http://
illmatics.com/car_hacking.pdf. Accessed 13 Dec 2016
23. Kong H, Hong M, Kim T (2017) Security risk assessment framework for smart car using the
attack tree analysis