Page 79 - Cyber Defense eMagazine September 2022
P. 79
It Isn't Your Daddy's Oldsmobile Anymore
By Dan Shoemaker, Professor and Distinguished Visitor IEEE
There is no situation where you are more vulnerable to a cyber-attack than when you are in your
automobile. Are you surprised? If so, you still view your car as a transportation device. But today's cars
aren’t like your old man's. They're built around a complex array of microcontrollers and integrated circuits
that enable all the wonders of the modern driving experience. And due to that thirst for digital technology,
the automobile business has become one of the world's primary consumers of microchips.
Your vehicle is a self-contained local area network. So, logically, every access point requires the same
network security authentication and authorization processes. Likewise, your car interacts within a diverse
electronic cyber-ecosystem. That makes it a prime target for exploitation. Over-the-air software updates
of vehicle systems, GPS satellite connectivity, hands-free cell phones, onboard diagnostics, and even
your remote keyless entry system are all legitimate points of entry. Yet, there are no guards posted at
those gates.
You are probably familiar with the general shape of access control on a network because you use
passwords to authenticate your systems. That is not the case with an automobile's external interfaces.
For instance, the interface between your cell phone and the functionality that enables hands-free calling
or your onboard entertainment package are not firewalled. And so, exploits like RFID relay attacks, cell
tower spoofing, hacks of OBD-II ports, or Software Defined Radio attacks pose a credible risk.
Cyber Defense eMagazine – September 2022 Edition 79
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
