I am in no way trying to negatively portray the Cherokee. What I am trying to communicate is that the Cherokee security issue is a MUCH bigger issue.
Step Away from the (Hackable) Vehicle! Part 1 of 2
By Bruce Kleinman, SVP, Sales & Marketing and Co-Founder at Nodal Security
July 30, 2015
Despite having a full week to digest the news of the Jeep Cherokee hack, I found it challenging to decide on a plan of attack for the article now underway. This may prove to be a watershed moment in the history of kinetic cyber-attacks, and there are simple too many angles and too much subject matter. Fasten your seatbelts (pun intended) this is gonna’ be a rough ride.
“It’s not fun to have your two-ton SUV’s brakes hacked.”
The Wired article that broke the news is a must-read—complete with video—will very likely scare the sh*t out of you. If it doesn’t, well, you either [a] don’t understand the ramifications or [b] live on an island with no cars. Here’s the executive summary:
An attacker on the Internet—physical proximity does NOT come into the equation—takes advantage of the vehicle’s LTE modem.
The initial breach is the Uconnect infotainment system. Yup, you read that correctly: the navigation / entertainment / comfort control system. How dangerous could that be?
Fairly dangerous. Heavy metal cranked to full volume paired with an air conditioner maxed to full heat and fan makes for a fairly distracting ride. (No offence intended to Jeep owners that enjoy a good sweating while jamming to distorted Black Sabbath).
Quite unfortunately, the breach does not stop there. The attacker is able to move laterally, thanks to the fact that most everything in a modern vehicle is [a] controlled over an in-vehicle network and [b] connected to everything else in said vehicle. (We’ll get to the details of “how the f**k did that happen?!?!” in Part 2 of this article.)
In this manner, the attacker is able to control what we all can agree are safety critical functions. Cutting the accelerator, for example, and the brakes.
Boiled down to an example: while you barrel down the highway in a 4000 pound vehicle, a sophisticated hacker somewhere on the internet kills your brakes.
Networking 101, meet Highway 101.
Bad news: this exploit exists in a many Chrysler vehicles … 2013-2014 Ram 1500 Pickup, 2013-2014 Ram 3500 Cab Chassis, 2013-2014 Ram 2500 Pickup, 2013-2014 Ram 4500/5500 Cab Chassis, 2013-2014 Ram 3500 Pickup, 2014 Grand Cherokee, 2014 Durango, 2013-2014 Viper, 2014 Cherokee, and some 2015 Chrysler 200s.
Good news: you can try to memorize that list, in order to give all of these vehicles a wide berth.
Bad news: it is unclear how you’ll accurately identify the model year. You can’t exactly yell “what year is your Dodge?” at 70 MPH.
Good news: Chrysler issued a recall of all of the above vehicles in order to update their firmware.
Bad news (for Fiat Chrysler): the recall will cost roughly $100M, despite being purely a software update.
To understand how this breach happened—and understand that why we WILL see more automotive breaches—a tutorial is in order. Back in the ‘old’ days, cars were simple contraptions from an electronics standpoint. First and foremost, vehicles simply didn’t have a lot of electronics. In roughly chronological order, for illustrative purposes only, manufacturers added: radio, electronic fuel injection, anti-theft, anti-lock brakes, airbags, and navigation. Every one of these electronic systems was self-contained, only tied to their own sensors and their own actuators.
That phrase “only tied” in the previous sentence, over time, became a weighty matter. Literally. The wiring harnesses running around a vehicle became heavier, costlier, more time consuming to install, and more prone to failure. These were the motivations that led to the introduction of controller area network (CAN) in the late 1980s. While CAN may be implemented in a star topology, linear topology dominates the industry. The latter enables a single CAN bus (very few wires) to run around a vehicle connecting many different electrical systems.
Getting into a bit more detailed, vehicles quickly evolved to have multiple CAN buses: one for engine control, one for safety-critical system, one for entertainment /comfort features. As the bandwidth requirements increased, CAN was joined by new automotive networks including MOST and FlexRay.
What exactly are all these automotive networks connecting? In the context of a contemporary vehicle: almost everything. Take apart a current mid-range automobile and you’ll find some six dozen electronic control units (ECUs), each one a specialized computer implementing a different function. Some ECUs are simply sensors, others are simply actuators, and many are very complex systems. Quoting the source of all automotive knowledge, Wikipedia observes:
“ECUs include Engine Control Module (ECM), Powertrain Control Module (PCM), Transmission Control Module (TCM), Brake Control Module (BCM), Central Control Module (CCM), Central Timing Module (CTM), General Electronic Module (GEM), Body Control Module (BCM), and Suspension Control Module (SCM).”
I’ll make a VERY important observation of my own at this juncture: as all of these ECUs became networked, fewer sensors / systems / actuators were directly connected. I didn’t communicate that clearly, so let me clarify using lyrics from “Dem Bones” by James Weldon Johnson:
Toe bone connected to the foot bone
Foot bone connected to the heel bone
Heel bone connected to the ankle bone
Ankle bone connected to the shin bone
Things that you may THINK are directly connected in your car—say, [a] the brake pedal and [b] the brake calipers—are anything but directly connected. The brake pedal is connected to ECU-X and the brake calipers are connected to ECU-Y; ECU-X sends a message to the BCM, which performs braking computations, and in turn sends a message to ECU-Y. Ditto the accelerator pedal and fuel injectors / valves / air intake; separate ECUs for the former and the latter, with the ECM in between.
If you’re thinking “all of the this sounds rather complex,” you are SPOT ON. Virtually everything in a modern vehicle is controlled electronically and connected to one of multiple in-vehicle networks. And the entire tutorial—which will wrap up in just a moment—so far has been limited to “making the car move” systems. We haven’t TOUCHED on the rapidly expanding (in both number and complexity) infotainment ECUs: terrestrial and satellite radio, video, navigation … and most recently Internet access.
I hate to leave you hanging, but this is the perfect juncture—in Part 2 you’ll understand just HOW perfect—to wrap up Part 1 of this article. Before I hit the metaphorical ‘send’ button, however, let’s revisit your thought from the previous paragraph: “all of the this sounds rather complex.” What might one of the world’s most respected cyber-security experts say at this point? (No, no, don’t be silly, I am NOT going to cite Wikipedia again.)
“Complexity the worst enemy of security.”
Until Part 2, drive safely. From Silicon Valley.