Car owners may have encountered such a situation. When you are driving on a highway, your brakes suddenly stop working. You were shocked by the collision of two cars when you were playing in the autopilot mode, and the airbag popped up. Wrapped you. Then you heard the crash of money-boom! boom!
Unfortunately, your car may have been attacked.
So, how exactly is your car being attacked and how to defend it?
On March 24, 360 Spring Plowing Action held a special conference for intelligent connected cars online, and released the “2019 Intelligent Connected Car Information Security Annual Report” (hereinafter referred to as the “Report”). The “Report” pointed out that there were two new types of attacks in 2019, which would cause most car factories to fall. At the same time, the “Report” also pointed out that the digital car key vulnerability also opened the Pandora’s box of car security, the golden section of car network security The point lies in the safety management of suppliers.
In addition, the “Report” also pointed out that the communication module is the root cause of the mass control of cars. Auto manufacturers should follow the upcoming automotive network security standards, implement strict supply chain management mechanisms, conduct regular penetration tests, and continuously monitor network security. risk.
1. Two new attack methods
In 2019, two new types of Internet of Vehicles attack methods broke out. New attack methods often break this balance. The original protection scheme did not take into account such attack methods and required the focus of OEMs.
1. Remote control hijacking attack based on information leakage of vehicle communication module
This attack method can obtain APN network information and TSP log information through the debugging interface or storage module of the TCU, and communicate with the TSP server of the car factory by connecting the ESIM module. APN is a private network established by operators for manufacturers. Because private network APN is a private network with a high level of security, it is directly connected to the core switch of the car factory, bypassing the firewall and intrusion detection system on the network side. Once the hacker penetrates the internal network of the car factory through the private APN network, further penetration attacks can be carried out to achieve remote batch control of cars.
Most domestic auto brands use private APN to connect to the TSP back-end server related to vehicle control. The security of the back-end server can be protected to a certain extent through the ISP dedicated line, but at the same time, it also brings more security risks to the back-end server. Due to the existence of private APN, TSP will not be exposed to the public network, resulting in TSP The security personnel of the company ignore the security issues of the private network and the TSP itself. At the same time, there is no strict security access control in the private network, and the T-Box is over-trusted, so that the T-Box can access the internal assets of the private network at will, and there are many unnecessary foundations. Facilities and services are also exposed in the APN private network, which will cause more security risks.
Therefore, once the hacker obtains the T-Box communication module of the smart car, he can access the private network of the car factory through the communication module, and then attack the internal network of the car factory, leading to the fall of TSP.
For example, in November 2019, the 360 SKY-GO security research team and Mercedes-Benz jointly discovered and fixed 19 existing vulnerabilities. The CVE vulnerabilities involved are CVE-2019–19556, CVE-2019–19557, CVE -2019–19560, CVE-2019–19561, CVE-2019–19562, CVE-2019–19563, etc. These vulnerabilities can realize remote control operations such as opening doors and starting engines in batches, affecting more than 2 million Mercedes-Benz vehicles on the road. It is by far the most extensively influential and the most connected vehicle vulnerability mining incident.
After research, it is found that most of the TCUs of smart cars can find the debugging interface at this stage, and can obtain a lot of sensitive information through the log output by the debugging interface, including system startup log, TSP back-end address, APN configuration information, etc., attackers The obtained APN configuration information can be combined with the eSIM onboard the TCU to access the Internet, and even the core network of the car factory can be accessed. It is also possible to retrieve important information such as APN configuration and TSP back-end configuration by extracting the memory chip of the communication module on the TCU and analyzing the firmware in reverse.
For a two-way authentication server, by further extracting the TLS client certificate, through reverse analysis of the TSP client on the TCU, and obtaining the communication method with the back-end server, you can access the TSP server.
2. Autonomous driving algorithm attack based on generative confrontation network (GAN)
- Extract firmware reverse analysis of automatic wiper operation code
In May 2019, Cohen Lab broke the Tesla Model S automatic wiper, the lane recognition system has loopholes, the researcher static reverse and dynamic debugging analysis APE (Autopilot ECU) visual recognition system, and try to attack.
First, the researchers extracted and analyzed the operating code of the automatic wiper in the firmware (software version 2018.6.1).
Through reverse analysis, it is found that the fisheye camera will start the execution process of automatic wiper image recognition, and then a neural network file for judging the weather will be built, the name is “fisheye.prototxt”. The output result of the neural network represents the prediction of the current rain probability made by the system. When the result exceeds the threshold, the automatic wiper will start.
- Use Worley noise to generate adversarial sample images
The researchers used a noise generation function called Worley noise (in computer graphics, it is widely used to automatically generate textures with arbitrary precision. Worley noise can simulate the texture of stone, water or other noise) by adding patches The way to generate the required adversarial sample images. Finally, by showing the generated confrontation sample pictures on TV, Tesla’s automatic wiper was successfully activated.
- Deploy adversarial sample stickers to deceive Tesla’s autopilot system
Based on the same principle, the researchers found through experiments that they can successfully mislead the autopilot system by sticking anti-sample stickers on the road, causing the vehicle to drive to the opposite lane, causing a retrograde.
Eliminate the disturbance or break the disturbance structure by compressing the picture. Through the analysis of the lane recognition function, it is found that the camera first processes the image, and then sends the image to the neural network. The detect_and_track function is responsible for continuously updating the internal high-precision map and according to the surrounding real-time road conditions , And continuously send corresponding control instructions to the relevant controller. According to the analysis of the researchers, Tesla only uses the computational visual recognition system to recognize lanes. In a good external environment, this function has good robustness, but when driving on real roads, relying only on the visual recognition system will lead to The vehicle is affected by the interference of the adversarial sample on the ground, and thus leaves the normal lane.
2. How to defend
For the above two new attack methods, 360 also gave specific solutions in this “report”.
1. The communication module has become a key protection point for intelligent networked vehicles
The security protection of the communication module can effectively reduce the risk of intrusion caused by the exposure of the cloud platform, reduce the scope of influence caused by the vulnerability, and avoid the occurrence of batch remote control events. After discovering such new attack methods, the 360 Intelligent Networked Automotive Security Laboratory invested in the research and development of secure communication modules in 2018.
After upgrading and transforming traditional communication modules, a security chip is added to establish a secure storage mechanism on top of the original module’s infrastructure. It integrates TEE environmental protection key application services to run in a secure environment, and embeds intrusion detection and protection modules to provide security monitoring on the TCU side.
However, due to the limited computing resources and storage resources of the in-vehicle communication module, local detection alone is not sufficient to identify hacker attacks. Therefore, it is necessary to rely on the comprehensive detection of the back-end security operation center. The global abnormal behavior detection of the cloud security operation center can monitor the system resources, application behavior, network connection and CAN bus interface of the vehicle intelligent terminal equipment in real time, combined with the security of the cloud. The data is analyzed to find and locate abnormal behaviors in the vehicle terminal, and execute the block according to the preset strategy, and realize the dynamic protection system of the vehicle intelligent terminal based on the Endpoint Detection and Response technology (Endpoint Detection and Response).
Through this system and the built-in password algorithm of the in-vehicle communication module to provide the IoV system with functions such as secure communication, safe startup, security upgrade, safe control of the car, privacy protection, etc., to fully guard the safety of the IoV, protect the privacy of car owners and personal property safety.
2. Ideas and suggestions for automatic driving algorithm safety solutions
This type of attack originates from the lack of special training data such as adversarial samples in the deep learning model training process. Therefore, a common defense method is to enhance the robustness of the neural network itself, put the adversarial samples into the training data to retrain the network, and improve the coverage of extreme cases of the training data. At the same time, in the process of using, mark the unrecognizable samples that appear, and use such data to continuously train the network to continuously improve the recognition accuracy of the input data. But no matter how many adversarial samples are added in the training process, there are still new adversarial attack samples that can deceive the network again.
Another type of defense is to modify the network, such as adding sub-networks, or using external models to process unrecognized input data. Generally, input gradient regularization can be used to enhance robustness, or defensive distillation methods can be used to reduce the size of the network gradient to improve the ability to detect small disturbances against samples.
Another type of defense is to preprocess or transform the input data. For example, before the picture enters the visual recognition system, through image conversion, including image cropping and rescaling, bit depth reduction, JPEG compression, total variance minimization and image stitching operations, eliminate the anti-disturbance or break the anti-disturbance structure. Or through noise processing, the anti-disturbance is regarded as noise, and the high-order characterization guide denoising device (HGD) eliminates the imperceptible disturbance in the counter-sample. This type of defense method by purifying input data does not require modification or retraining of the neural network, and is easy to deploy and has a good defense effect.
3. Information Security Recommendations for Intelligent Connected Vehicles
2020 is the year when automotive network security standards are fully rolled out. ISO/SAE 21434 will provide methodology to guide the construction of a systematic network security system in the automotive industry chain. ITU-T (International Telecommunication Union Telecommunications Standards Branch), SAC/TC114/SC34 (The National Automotive Standardization Technical Committee’s Intelligent Networked Vehicle Subcommittee), SAC/TC260 (Information Technology Safety Standardization Technical Committee), CCSA (China Communications Standards Association) and a series of automotive network security technical standards for safety The technology landing provides a reference.
However, most of the current security standards provide baseline security requirements. In a dynamically changing network security environment, it is not enough to just follow the standards and use passive defense mechanisms such as password applications. Emerging attack methods emerge in endlessly, and it is necessary to build a multi-dimensional security protection system to enhance active defense capabilities such as security monitoring.
Looking back on 2019, the rapid growth of automotive information security incidents, and the endless emergence of attack methods, the “Report” puts forward five suggestions for automotive manufacturers, suppliers, and service providers:
- Supply chain car manufacturers should regard regular network security penetration testing as a crucial criterion to comprehensively evaluate suppliers in terms of quality system, technical capabilities, and management level.
- Follow the automotive network security standards, establish a corporate network security system, cultivate a network security culture, establish a regulatory mechanism, and carry out network security activities throughout the life cycle.
- Passive defense solutions cannot cope with emerging network security attacks. Therefore, new security protection products such as secure communication modules and secure car gateways need to be deployed to monitor abnormal traffic, IP addresses, system behaviors, etc. in real time, and actively detect attacks and conduct them in a timely manner Early warning and blockade, through multi-node linkage, build a hierarchical defense in depth system with points and areas.
- The network security environment is changing rapidly. The security operation platform can trace and analyze the source of security incidents by monitoring the Internet of Vehicles, management, and cloud data, combined with accurate security threat intelligence, and discover and repair known vulnerabilities in time. With the support of security big data, the security operation platform continuously iterates detection strategies, optimizes the security incident handling mechanism, and visualizes the massive data of the Internet of Vehicles to grasp the vehicle’s network security situation in real time.
- The construction of a good automobile safety ecology depends on sincere cooperation and specialization in the technical industry. Internet companies and security companies rely on technological precipitation and accumulation in the traditional IT field to keep up with the rapid development of automobile network security and provide relevant automotive electronic and electrical products and solutions. Have unique research and insights. In this “software-defined vehicle” revolution in the automotive industry, only upstream and downstream companies in the industry chain perform their duties, draw on their own strengths, and form a joint force to jointly upgrade automotive network security to a new level of “active defense in depth”. height.
Fourth, the future outlook of the Internet of Vehicles
After the meeting, 360 also looked forward to the future development of the Internet of Vehicles.
In 2020, there are only 30 billion devices connected to the Internet in the world, but with the application of technologies such as the Internet of Things, 5G, and AI, this number may grow to 500 billion in the next ten years. All things are inevitably digitalized and interconnected, and the field of travel will also be completely transformed by the Internet of Vehicles.
As China’s implementation of the Internet of Vehicles technology standard C-V2X is supported by most countries and regions such as the European Union, 2020 will officially enter the first commercial year of 4G/LTE-V2X Internet of Vehicles. That is, the Internet of Vehicles is fully transitioning from vehicle information services to intelligent networked services.
For the majority of automobile manufacturers, the deployment of the Internet of Vehicles is already an established strategy that does not need to be discussed. However, choosing a self-built system or cooperating with external parties has become a multiple-choice question for car companies.
The first way is to build a self-built car networking system, such as the DiLink system. The second way is to introduce a number of mainstream Internet, operators and chip technology vendors such as Huawei and Qualcomm to cooperate to create an open car networking ecosystem. The route is that car manufacturers choose to cooperate with a certain Internet manufacturer to create a deeply customized car networking system.
Of course, in addition to how to choose, there is another issue that cannot be ignored: In the era of Internet of Everything, suppose a scenario where a piece of information is false when a vehicle is communicating, this piece of information will tell a vehicle. The car, this car will feed back the wrong information to the other cars, and it will be transmitted to ten, ten to one hundred, causing mass casualties and injuries. Therefore, in the 5G Internet of Vehicles, there is no room for sand, no information can be wrong, no information can be attacked, so its security threats and risks are greater.
At the same time, car companies themselves should not be taken lightly, because some car companies also have a fluke mentality when dealing with car information security, which leads to greater losses for car companies.
Therefore, 360 recommends that car companies should pay more attention to safety issues in the future. Car companies should strengthen cooperation with leading manufacturers in the industry, enhance independent research and development capabilities, and deeply integrate software and hardware in the field of Internet of Vehicles. At the same time, they hope that car companies will face new When threatened, 360 can plant “vaccine” for more car manufacturers to resist new attacks.