The cyber terror scenario in cars

Photo: Image processing

• vehicle
• Car News

As our cars become linked and connected information centers, they also become particularly vulnerable to a malicious cyber attack. The scenarios range from car theft to mega attack. This is how government agencies and civilian companies like ARGUS can deal with the threat

Kenan Cohen

It is 2:00 AM, the night of Israel horrors a series of explosions in the main cities. The reports that are starting to flow produce a harsh picture of huge fires raging on the streets, seven residential buildings that collapsed on their occupants and several dozen more. Rescue and extinguishing forces are unable to reach the focal points of the disaster, as are police vehicles - all disabled. This scenario of terror is perhaps a very extreme point of extremism, which is hard to imagine, but it exists and is feasible. This could be the devastating result of a cyber takeover of 50 tankers galloping into residential neighborhoods. But if that scenario seems too stressful to you, we have a few more, it could be a single truck that is "driven" in the distance to a shopping center, or placed on a railroad track meeting. Also, braking or sudden acceleration of dozens of cars in Ayalon lanes is also considered.

The threat does not have to be security, what about tens of thousands of rental cars locked up at one time, and does not allow the company's customers to drive them, while at the same time a ransom letter reaches the company's management demanding tens of millions of euros to be paid to the shadow organization in order for the cars to be returned to operation. It can also be a hijacking where the driver is not aware of it at all, but his navigation system leads him to a different address than he wanted to reach, or directs him to an isolated traffic axis where hostile forces can complete the move with physical assault.

For me, all of that could have been a distant concern, as relevant as a genetically engineered raccoon attack - until one driver in the parking lot of the cyber security firm ARGUS made it clear to me how close it was.

Airbag at 120 mph

No matter how many years I am behind the wheel, no matter how many hours of driving training and emergency practice there is behind me, that moment in the underground car park left me feeling helpless to describe. We roam at zero speed, I know something is going to happen and still, when the air conditioner starts to work on its own, I still tell myself it's inconvenient, even as the dashboard starts to flicker to produce different and strange alarms, I reassure myself that control is still in my hand and then a loud rattling noise sparks the air And the instinct to brake sends my foot into the pedal and ... nothing, I trample it with all the power and the car continues to drive.

That was the point when I realized that I was in another man-controlled car, unable to operate it and not even able to get out because the doors themselves were locked - it was confusing and clicking at the same time. And we are in an underground car park, at zero speed, what a driver will experience that is a complete surprise, driving on the highway, with the family in the vehicle.

The feeling that you may be behind the wheel, but really do not control the car is completely undermining

Cyber ​​threat in transport (Photo: ShutterStock, ShutterStock)

This moment is the result of a few years of process going through our cars. Largely, up to ten or even five years ago, our cars were about to break into security only with direct access or physical proximity to the car. But nowadays, with the advent of more and more multimedia connectivity, navigation and more systems that use cellular, internet or glandular communications, whether these are systems from which the cars come from the manufacturer, or those that are added later, there are a plethora of "penetration openings" for our cars. But not only that, but the fact that the car itself is networked and the communications that control and operate units in our car with each other, makes an intrusion into one of them, such an accessibility to many other systems. Even connecting our mobile phone with a car cable allows access to the multimedia system, which is connected to the dashboard, which is connected to the speed sensors, which control the engine and brakes and you can imagine the sequel and options it opens for an intruder or malware. A command that simulates an accident situation for the GPS sensor, for example, will open the airbags, or in the extreme case even more - instruct the audio system to play the Titanic soundtrack at maximum volume.

The networked and linked cars make penetration more accessible than ever

Cyber ​​threat in transport (Photo: ShutterStock, ShutterStock)

As mentioned, we are in the parking lot of ARGUS, an Israeli cyber security company that provides solutions for the automotive and aviation world (last year El Al began testing this security system for its aircraft). Solutions whose security method consists of several layers of protection. They are embedded in the vehicles themselves, identify and neutralize assault threats, able to "isolate" infected areas from attacks and prevent them from spreading to other interconnected complexes. Another layer of protection is also in the "cloud" to which the cars are attached and provide monitoring and cyber security for those vehicles. Its offices, at first glance, look like all other high-tech company offices, sitting areas, shared work spaces, fully equipped kitchens and conference rooms. But the plethora of developers and programmers here are at the forefront of global cyber protection. I sit with Reuven Eliyahu, a project manager at ARGUS, the vast majority of company executives and many engineers and developers come by how unsurprisingly from the Intelligence Corps's 8200 unit, with a female majority in the research department, Reuben not - he was in Golani. In this case, it is precisely the Niranik who is leading the computer people in this fighting challenge. "Like the work with the automakers, the people in front of us are the ones who are at the forefront of innovation," Reuben explains.

Millions of lines of code, dozens of processors and computers, our cars are an advanced computer that runs at 120 mph

Cyber ​​threat in transport (Photo: ShutterStock, ShutterStock)

ARGUS's capabilities in protecting vehicles and dealing with attacks, also very sophisticated, brought the Continental automotive giant to acquire the company in 2017, but unlike similar acquisitions, ARGUS has very extensive freedom of action and independence of work and development. When it comes to cyber company, it has tremendous significance, its 200 employees, who are still operating at the "Mod" startup, operate in a space that allows them the flexibility and agility of a small company rather than another arm of a large corporation. When facing a constantly changing challenge world - it's not a privilege - it's a necessity. On the other hand, working within a company like Continental allows ARGUS systems to gain a foothold in the global automotive industry. "By 2020, our systems will be embedded in serial cars," Reuben says, but for reasons of confidentiality, does not list the list of clients.

An innocent connection of the cellphone to a car by cable or in the Bluetooth communication also allows penetration and takeover

Product Review: Car Charger Wireless (Photo: Keenan Cohen, Nir Ben Tovim)

The non-pink autonomous future

As early as 2015, WIRED technology magazine demonstrated how software developed by the hacker pair allows the takeover of a Jeep Cherokee vehicle. This breach resulted in a huge FCA crackdown involving 14 million vehicles to address the same security breach. Since the number of cyber attacks has been rising steadily, in 2018 these have been the joint travel company Uber, the electric car maker Tesla, a cooperative car company in Australia and even the Canadian rail company to which hackers from North Korea broke out as part of a cyber attack. And we haven't even mentioned the open options for burglars to penetrate the electric car through the socket in the common charging stand.

To date, cyber-attack and cyber-attack are aimed primarily at large entities, such as penetration of their database allows extortion or damage of large scale, or for the purpose of injuring high-ranking persons. Less sophisticated hacks can also appear as a means of extortion towards smaller customers. Although the concern is as far off as the marketing manager at ARGUS explains to us, "The complexity of such a breach and the investment required makes the hostile factors focus on reaching large companies' DATA rather than the end customer." And this investment is about the complexity that computer systems have in our cars, the average car contains more than a hundred processors, dozens of electronic control units, and over 100 million lines of code - this is the amount of technology that makes UAV computing look as sophisticated as a desktop sharpener.

Hacker groups sometimes even in the service of states become a real threat

Cyber ​​threat in transport (Photo: ShutterStock, ShutterStock)

The future of networked autonomous transport exposes their users to a very high sensitivity to cyber attacks. The constant monitoring of tens, hundreds, thousands, tens of thousands and hundreds of thousands of cars that must move in perfect coordination - will become a huge security challenge. One aspect of this challenge is even the need for a variety of solutions from different companies to "talk" to each other. For this purpose, too, ARGUS has a capability that, while not unique, is advanced, which requires their software to "sit" on all the different systems and interface with them to continue to produce overall security. One of the reasons, for example, is that the company's security solution consists of a number of layers, which also provide preventive, detectable and effective protection, not only at the level of the vehicles on their components, but also in the links between them and the cloud services of the other fleets.

Connecting the car to a "tainted" electric charging stand is all it takes

Nissan Leaf: First Driving (Photo: Keenan Cohen, Nir Ben Tovim)

Road accident investigator with laptop

So yes, even if the autonomous car vision is still decades away from being fully deployed as a substitute for existing transportation, in the next decade we may see real changes in the security concept that is connected to the road safety concept. The U.S. Senate, and a number of European parliaments, are already passing and promoting regulations and laws to regulate cyber security, just as they did decades ago for seat belts. For example, chain accidents, or even a single car accident in which no mechanical or human failure was found, would already require the entry of cyber experts to identify whether there was malicious software or remote intervention that resulted in the accident.

The central body in Israel that trusts this deal is the national cyber system. The cyber array has been in the process of setting up experimental and testing field for transportation protection systems near Be'er Sheva for the past year. In addition to a live experimental lab for such activity, the site aims to attract international companies to come to Israel, which is considered a cyber power and to collaborate in the field. "The cyber array has been working with the Ministry of Transport for the past year and advises on building a concept for implementing cyber protection systems for smart transport," says Walla Car " Yigal Ona, the head of the national cyber system ," Israel as a global leader in cyber, is also working to integrate every state of technological development into a protection aspect. The cyber. " Also, according to Einan Lichterman, cyber expert and emerging cyber technology headquarters, staff work is already underway to map out the new level of risks and threats that may accompany the transportation world in the coming years in order to work to find cyber defenses.

Will cyber investigators be part of road accident investigations? Probably so in the not too distant future

Cyber ​​threat in transport (Photo: PR, PR)

The Ministry of Transport, which is also confident of road safety in this aspect, said that the Cyber ​​Division of the Ministry of Transport is currently working to define the cyber threat in relation to transport. Part of the work of this headquarters is also examining the impact on transport infrastructure and their compliance with cyber-attack cases, since a linked traffic light set can also become a target for such activity. The next stage of the ministry is guidance, guidance, regulation and the construction of a control system to ensure that the economy is protected from cyber events.

Another interesting point concerns the aspects of a car accident, if this occurs following such an external attack. Here, we have less bad news and more bad news.

"The Road Accident Victims Compensation Law eliminates the need to find out who is to blame for the accident, the insurer's responsibility - absolute, that is, the injured person will receive compensation and the issue of how the accident was formed and the division of liability between the parties - is irrelevant to the procedure. On the face of it, even if the accident was caused by the vehicle Due to remote control of a foreign factor. Even today, vehicle system programming failures can cause an accident, even without a third party sabotaging it, and the injured party is still entitled to compensation. " Attorney Surgeon Asaf Warsaw , Co-Chair of the Tort Committee at the Israel Bar, an insurance law expert. So far the less bad news. "However, once the automation of the vehicle reaches a level of complete autonomy, without any driver involvement, the insurers will be forced to make a fundamental change. Currently, the premiums are determined based on the likelihood of an accident occurring, so if the equation is removed from the human error that causes it, it is a fundamental change The risk component will no longer be the driver but the car, so the responsibility will pass from it to the car manufacturer, the company that granted it the software license and other factors in the chain. As a result, the number of insurance sold to drivers will be significantly reduced and the focus will be on companies, telecommunications suppliers and manufacturers. , That they will have to deal with Claims. In one form or another, the burden of responsibility and obligation of insurance could be rolled out to consumers who will pay for the product price embodies the risk involved. There is no free lunch, someone will pay for it, and probably will again this consumer. "

Leave yourself some good analogue of yesteryear for any trouble that won't come huh?

Rally HOLY LAND 2018 (Photo: Kenan Cohen, Nir Ben Tovim)

Back at the car park, I never seemed to get out of a car like that time. When this sense of helplessness I have experienced in a sterile environment can turn into a real anxiety in a true driving outline surrounded by cars and pedestrians. So is our transportation future safe? In general it can be said that it is. There are threats, but these are not significantly different from the level of risk that exists today in human-driven cars and will continue to shrink in the future as cars and infrastructure improve, with these adding a layer of cyber protection. But if you ask me, it's time to put some old Trente in the driveway too, with the gas cable that can always be replaced with iron wire, FM / AM radio, a blue fan on the dashboard, and windows that only a circular motion of the hand determines who will enter me in the car.