Breaking News
Infineon: Breaking Down Automotive Attacks
7/15/2013

Image 1 of 2      Next >

Infineon anticipates different types of automotive security attacks
Infineon anticipates different types of automotive security attacks

Image 1 of 2      Next >

Return to Article

View Comments: Threaded | Newest First | Oldest First
ip2design
User Rank
Rookie
Trusted Execution Environment
ip2design   7/16/2013 8:53:16 AM
NO RATINGS
Interesting to see that Infineon has defined its own vision of Trusted Execution Environment. It seems to be much different from what is under standardization at Global Platform. Result may be confusion in people's mind.

junko.yoshida
User Rank
Blogger
Re: Trusted Execution Environment
junko.yoshida   7/16/2013 10:47:42 AM
NO RATINGS
Thanks for your comment, ip2design. Could you please educate me how exactly GlobalPlatform's standard for trusted execution environment is different from what's described above in this story I wrote based on the interview with Infineon? I would appreciate your explanation. 

ip2design
User Rank
Rookie
Re: Trusted Execution Environment
ip2design   7/16/2013 10:55:40 AM
NO RATINGS
TEE is a joint effort between ARM, Gemalto and Giesecke to secure any mobile device. Architecture is based on the principle of running 2 OS : 1 rich OS like Android and 1 secure OS (provided by Trusted Labs in this case). The system relies on secure OS and dedicated HW (ARM TrustZone) implemented in any Cortex-Ax processor.  More can be found on Trustonic web site but I am sure that some ARM experts can bring much detail on the forum.

Regarding GlobalPlatform standardization process, I guess the status can be found on the website.

junko.yoshida
User Rank
Blogger
Re: Trusted Execution Environment
junko.yoshida   7/16/2013 11:06:17 AM
NO RATINGS
Thanks for your quick response. Much appreciate it. I am going to check this out...but here, what you are saying is that this TEE effort is directly applicable to how one designs a secure hardware module in an automotive microcontroller?

MartinKli
User Rank
Rookie
Re: Trusted Execution Environment
MartinKli   7/16/2013 11:40:17 AM
NO RATINGS
Thanks for commenting the term trust execution enviroment.

Yes, you are right this term is used in the context of GlobalPlatform Standardization. But the term as such is generic and not only tight to GlobalPlatform.

junko.yoshida
User Rank
Blogger
Re: Trusted Execution Environment
junko.yoshida   7/16/2013 12:23:06 PM
NO RATINGS
I talked to the gentleman at Infineon on this topic. Here's the skinny:

Yes, Trusted Execution Environment (TEE) is being developed at Global Platform; TEE in that context (approach based on the use of a separate OS) is designed for smart cards such as SIM cards and payment cards. Martin Klimke, principal of technical marketing, Chip Card & Security division at Infineon, describes it as "a big sophisticataed standard."

That said, TEE is a generic term. It is not just tied to Global Platform's standardization work. For example, Intel calls its own Trusted Platform Module (TPM) as TEE. 

So while the Global Platform's TEE work for smart cards is well defined and offers a pretty sophisticated standard, it doesn't mean that it will change everything for other industries. When asked if Global Platform's work will directly impact the architecture of secure hardware module used in automotive microcontrollers, Mr. Klimke said, "Up to now, no."

But maybe some years in the future, the automotive industry may see it as a way to go, he added.

Bert22306
User Rank
CEO
Structured approach to security
Bert22306   7/16/2013 12:04:13 PM
NO RATINGS
I much prefer this type of security discussion to the type that throws out any and all vulnerabilties with no apparent regard to type or severity. Which ends up sounding like an attempt at high drama.

Not sure I understand the jargon used by Infineon. I would separate the types of attack into categories such as infotainment system intrusion, monitoring vehicle functions (e.g. someone remotely accessing the car's location and movements), theft, remotely manipulating controls (brakes, throttle, steering), and local hacking into control algorithms.

The local hacking worries me less than it worries the auto manufacturers, no doubt. It worries me less because there's so much sabotage possible locally, and always has been, that this added vulnerability seems like nothing fundamentally new. An obvious example from the past was to "reprogram" the pollution controls, to get better fuel economy and performance. (Been there, done that.) I'm sure one aspect today, that the auto manufacturers worry over, is to disable the speed-limiting function. Speed limiting is used by manufacturers in order select the tires and brake systems they will install in a car. So an owner messing with speed limiting could result in legal action against the company.

Theft is another aspect that has existed forever. Modern cars help, in that regard, even if there are new attack vectors created.

Clearly the most worrisome would be remotely hacking into the critical controls. And this article shows how such attack vectors can be protected against, even in a fully integrated control environment. In my work, often the isolation between less critical and more critical subsystems is made even more positive, by physically permitting data to travel between systems only in one direction (e.g. to allow monitoring of functions by the less critical system only, and no control signals can possibly flow back to the more critical control system). Obviously, however, with the advent of self-driving cars, this absolute isolation will not always be possible. But surely, everyone is well aware of this. As the saying goes, there's no such thing as a free lunch.

Olaf Barheine
User Rank
Rookie
Apropos, odometer fraud
Olaf Barheine   7/16/2013 12:26:20 PM
NO RATINGS
There must be worldwide a huge ecomical damage because of odometer fraud. There are estimations that only in Germany each year two million used cars are sold with manipulated odometers. The total damage ist estimated at six billion euros or 3000 euros per used car. I fear, the situation is not better in other countries.

Bert22306
User Rank
CEO
Re: Apropos, odometer fraud
Bert22306   7/16/2013 12:44:01 PM
NO RATINGS
No doubt, odometer fraud exists and results in extra monetary costs to consumers. However honestly, that's another example of something that has existed forever, and it's not a safety issue at all. Turning back mechanical odometers was practically expected, in used car sales, and a good auto inspector can usually tell whether the odometer reading matches the other cues of use.

junko.yoshida
User Rank
Blogger
Re: Apropos, odometer fraud
junko.yoshida   7/16/2013 12:59:43 PM
NO RATINGS
Odometer, no. But unathorized access to, say, changing horsepower of a car, could lead to safety issues, I was told. 

Bert22306
User Rank
CEO
Re: Apropos, odometer fraud
Bert22306   7/16/2013 1:22:28 PM
NO RATINGS
Right, Junko, that was the local hacking aspect that I mentioned in my previous post. The example of speed limiting I gave, for instance, could be an issue. If a user disables the speed limiter, and the car gains say 20 mph over its intended maximum speed (which is hardly unusual), then the tires installed by the manufacturer could be woefully inadequate. Tires are speed rated.

But why make a big issue of this, as if somehow electronics has created something previously impossible to do? Messing with the odometer, just like increasing an engine's horsepower, is something that people have been doing from day 1. No reason to become overly alarmed now. Is it easier or more difficult to bolt on a new carburator, intake manifold, or exhaust manifold, in an old car, than it is to reprogram an ECU? Doing those modifications in an old car was most likely far more effective at making a dramatic difference, and it was very easy to do aftermarket.

That's why I would focus a lot more on remote hacking of critical controls, if the intention here is to expose NEW vulnerabilties that people should be aware of.

Olaf Barheine
User Rank
Rookie
Re: Apropos, odometer fraud
Olaf Barheine   7/16/2013 1:34:10 PM
NO RATINGS
Maybe, odometer fraud is today easier. Do you know "Ferris Bueller's Day Off" and what happend to this beautiful old Ferrari? ;-)

junko.yoshida
User Rank
Blogger
Re: Apropos, odometer fraud
junko.yoshida   7/16/2013 1:39:58 PM
NO RATINGS
That's a good one! I do remember that!

Bert22306
User Rank
CEO
Re: Apropos, odometer fraud
Bert22306   7/16/2013 1:50:44 PM
NO RATINGS
The beautiful 250 GT. I think an even more gorgeous Ferrari was the 275 GTS, perhaps. The immediate successor of the 250.

Interesting point about this is that Ferrari and Alfa Romeo engines of those days were already factory tuned to about their limit. Not much one could do aftermarket, to improve on them.

Contrast those with the very common American V-8s of those days, usually married to an anemic 2-barrel carburator and single exhaust. It was not hard to double their horsepower, or even more than double, something that repogramming an ECU these days is hardly likely to achieve. And then, the chassis of that car would be totally outclassed.

junko.yoshida
User Rank
Blogger
Re: Apropos, odometer fraud
junko.yoshida   7/16/2013 12:57:27 PM
NO RATINGS
Wow, those are pretty big numbers. I wonder if some sort of network of "service" companies exists, specialized in manipulation of odometer. 

Olaf Barheine
User Rank
Rookie
Re: Apropos, odometer fraud
Olaf Barheine   7/16/2013 1:25:32 PM
NO RATINGS
Yes there are those "service" companies. On the other hand, you can get such programming devices for only 250 euros over the internet. There was shortly an article about odometer fraud in Germany on the homepage of the Association of German Engineers (VDI). Sorry, it is in German. But there is a picture of a programming device:

http://www.ingenieur.de/Branchen/Fahrzeugbau/Kfz-Elektronik-Tacho-Betrug-kinderleicht

 

junko.yoshida
User Rank
Blogger
Will auto companies wait until a catastrophe happens?
junko.yoshida   7/16/2013 2:18:32 PM
NO RATINGS
When I wrote in the last paragraph of this story:

In the end, carmakers' purchasing managers are likely to need more persuasion, or maybe a catastrophe, before they believe that the "threats are real."


I meant it, and it was my own conclusion. No industry will take an action (especially the auto industry) on security, unless they actually run into a real-world crisis. 

It's a shame. What's your view on this?

mcgrathdylan
User Rank
Blogger
Re: Will auto companies wait until a catastrophe happens?
mcgrathdylan   7/16/2013 2:25:20 PM
NO RATINGS
I would tend to agree. They don't want to increase effort or add the expense, especially if the perceived threat is in doubt among some. I can imagine some high-end cars adding this type of security, though. But as far as wide adoption, I am afraid it's going to take a crisis. But they really should get out in front of it, because if something like that does happen, they are going to need years to get the security in place.

David.Proffer
User Rank
Rookie
Re: Will auto companies wait until a catastrophe happens?
David.Proffer   7/23/2013 3:55:14 AM
NO RATINGS
 

 

Junko,

Every article, interview (and many of the engineer user comments on them) you have done in the last month has me more and more concerned about the direction auto control systems (and for that matter every single control system that is quickly moving to a networked, software primary controlled with some old school electronics stuff to keep those hardware folks quiet) architectures are going.

To your quandary at the end of your article and comment, yes it is shameful and to throw down a gauntlet perhaps criminal that more is not being done to create architectures that will minimize the possibilities of problems all the way up to catastrophes.

What concerns me in this article are two things, first this not unique to this gentleman's opinion of 'if I have not seen it, it is never happened':

"At this moment, no tragic automotive accident caused by external attacks has happened yet, he explained." quote from your article by I believe Martin Klimke.

And second, the believe by hardware security people that installing code execution systems that will only run vetted software will 'solve' the hackability of the macro-system.

I am not an expert in any way on TPM, but what I do know is I have owned computers and notebooks that have contained these TPM modules for as I remember at least 15 years and have patched the BIOS, firmware and Windows OS on what seems like a daily basis to address active exploits that none of which to my memory overrode the TPM security but disabled the functions of the computer or extracted data from the computer. So explain to me what TPM did to solve this? And how these similar modules will better protect vehicle systems with them?

 

Tom Murphy
User Rank
Blogger
What chip cards?
Tom Murphy   7/16/2013 5:31:05 PM
NO RATINGS
Sorry Junko, but the banking industry in the US has NOT yet learned about smart chip cards. So my US-based cards were pretty useless when I went to Europe last summer.

As for automakers, don't worry. They'll have a higher authority to answer to before they can launch any remote-control cars - the Crash-Test dummy-happy NHTSA.

junko.yoshida
User Rank
Blogger
Re: What chip cards?
junko.yoshida   7/16/2013 5:55:00 PM
NO RATINGS
Tom, yeah, I know, US is far far behind on smart cards. But people in the U.S. --not everyone, though -- do use SIM card inside their mobile handsets. Now, that's the same smart card technology I am talking about here in the article.

A great deal of knowledge about security -- how you partition your chip; how to harden the security, etc. -- has been learned by those who designed secure microcontrollers for chip cards. And some of the underlying technologies are now being applied to the automotive industry.

And your comment about automakers have a higher authority to answer to? Well, here, I am not talking about "remote-control cars; i am talking about the potential of a modern car getting remotely manupilated by external hackers. There are no regulators watching that type of automotive security.

DrQuine
User Rank
CEO
Don't knock university reports
DrQuine   7/16/2013 7:36:41 PM
NO RATINGS
Don't knock university reports, if they anticipate issues that can be addressed then lives and money can be saved. The challenge is to articulate the problem in a persuasive enough manner that the car companies become engaged in solving the problem rather than denial. With luck, perhaps the manufacturers could both solve the problem and intercept other failure modes before they occur.

elctrnx_lyf
User Rank
Manager
Re: Don't knock university reports
elctrnx_lyf   7/17/2013 8:47:17 AM
NO RATINGS
The automotive companies are looking for making the car more electronic till now. Wth electronics came software and lot of connectivity. Now the security has become a concern.

junko.yoshida
User Rank
Blogger
Re: Don't knock university reports
junko.yoshida   7/17/2013 11:56:27 AM
NO RATINGS
Exactly. And this is only the beginning. Wait until our cars start talking to other cars (vehicle to vehicle) and and our cars communicate with infrastructure (vehicle to Infrastrubure). 

bgosheton
User Rank
Rookie
Re: Don't knock university reports
bgosheton   7/23/2013 9:43:18 AM
NO RATINGS
Should be call that network Skynet?

Max The Magnificent
User Rank
Blogger
Re: Don't knock university reports
Max The Magnificent   7/23/2013 1:52:11 PM
NO RATINGS
Would this be a good time to mention my book review of Robopocalypse by Daniel H. Wilson?

Tom Murphy
User Rank
Blogger
Re: Don't knock university reports
Tom Murphy   7/18/2013 9:17:26 PM
NO RATINGS
DrQuine:  The notion that auto companies would become involved in solving problems seems awfully far-fetched to me on a day when the city of Detroit was forced to declare bankruptcy. Who's to blame for that?  Well, if the auto industry had acted far sooner to build better cars, it would have held onto its historic market share. But no. SUVs and trucks had higher profit margins, so that's the way it went.  And a once-proud city was brought to its knees.

junko.yoshida
User Rank
Blogger
Re: Don't knock university reports
junko.yoshida   7/19/2013 9:10:56 AM
NO RATINGS
DrQuine, I am hearing that some US auto makers are becoming increasingly aware of the issue Maybe someone must be doing a better job at articulating the issues.

Read the follow-up article -- this time on Freescale here:

http://www.eetimes.com/document.asp?doc_id=1318967&

Oceanblue
User Rank
Rookie
Low Cost MX6Q Ubuntu Industry board from Yuanying Tech.
Oceanblue   7/16/2013 11:19:41 PM

CPU

Ø         MCIMX6Q5EYM

Ø         ARM Cortex-A9 core,quad application processor, 800M-1GHz

Ø         32KB Instruction and 32KB Data L-1 Cache, 1MByte L-2 Cache

Ø         One VPU and two IPUv3H

Ø         GPU VG,GPU2Dv2-2D and GPU3Dv4-3D/2D graphic units

Ø         Wayland and/Weston 1.03 supporting

Memory

Ø         RAM:1GB DDR3 256MB*4

Ø         Nor Flash:1MB SPI(For Boot)(space reserved)

Ø         One NAND Flash-4GB on board (SD card alternatively)

Interface

Ø         USB ports: HS USB OTG(MX6Q integrate Phy),HS USB Host

Ø         SD: dual SD card socket,system reside in SD card or One NAND Flash (eMMC4.3/4.4 supported)

Ø         FEC:10/100/1000M Ethernet interface with IEEEE 1588 QUICC engine

Ø           UART&CAN:5 x UART ports Max.and dual CAN interface

Ø           SATA interface:SATA-II,3.0Gbps

Ø           PCIe V2.0 interface :Gen2.0 dual mode

A-V interface

Ø         LCD: 7" TFT LCD via LVDS interface

Ø         HDMI port: support 1080P output

Ø         LVDS:  dual LVDS interface support up to 1920 x 1200 @ 60 fps (In default, LCD (1024x600)+7 R-TP equipped)

Ø         Audio In: MIC

Ø         Audio Out: Headphones

Clock and power supply

Ø         RTC: Outside RTC

Ø         Power Supply: 5V/2A DC input

Wireless Interface

Ø         WiFi: WiFi 802.11g/b/n(optional)

Ø         3G module supported (optional)

Board Size

Ø         System bottom board:   16.5cm x 10cm  

Ø         Core module:           8cm x 6cm

visiting www.yuan-ying.com for details.

 

 

DrQuine
User Rank
CEO
Can a $25 gadget let hackers seize control of a car?
DrQuine   7/21/2013 9:45:23 AM
NO RATINGS
A July 17th New Scientist article "$25 gadget lets hackers seize control of a car" (http://www.newscientist.com/article/mg21929266.500-25-gadget-lets-hackers-seize-control-of-a-car.html#.UevjztI3t8E) claims that an inexpensive device can be used to remotely seize control of some critical car controls. The device is scheduled to be shown at the Black Hat Security conference in Las Vegas on July 27th. It will be interesting to see what unfolds.

DrQuine
User Rank
CEO
Hackers and Car Controls at Black Hat / Defcon conference in Las Vegas
DrQuine   8/4/2013 10:31:14 PM
NO RATINGS
I caught a passing news clip as I passed through the Atlanta airport this evening suggesting that hackers at the Black Hat / Defcon conference in Las Vegas did demonstrate ways to take over critical car controls. Are details forthcoming from EETimes? 

junko.yoshida
User Rank
Blogger
Re: Hackers and Car Controls at Black Hat / Defcon conference in Las Vegas
junko.yoshida   8/6/2013 2:13:14 PM
NO RATINGS
Thanks. Yes, I am aware of it, and I am on it. From what I understand, these two "hackers" managed to take over the control of Prius with a laptop and a gamepad. The inspiration of their hacking also comes from the original tech paper -- Univ. of Washington, etc. -- mentioned in this story.

Stay tuned.

Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Top Comments of the Week