According to the 2016 Intelligent Networked Automotive Information Security Report, the information security threats to intelligent networked vehicles mainly include TSP security threats, APP security threats, T-Box security threats, IVI security threats, Can-bus bus security threats, and ECUs. Seven types of security threats and in-vehicle communication security threats. The Report provides cutting-edge technical analysis and risk warnings on the hacker path, attack method and security risks that each threat may cause.

First, TSP security threats

TSP refers to a car remote service provider. As one of the core links of the car networking industry chain, TSP provides content and traffic forwarding services for cars and mobile phones. TSP platform vulnerabilities may come from defects in software system design or errors in coding, or from design flaws or logical process irrationalities in the interactive processing. These may be used intentionally or unintentionally, adversely affecting the operation of the entire vehicle network. For example, the system is attacked or controlled, important data is stolen, user data is tampered with, and even legitimate users are allowed to control the vehicle.

Second, APP security threats

The APP security threat refers to the hacker using the remote user's mobile phone terminal or inducing the user to download and install the malicious program, and using these remote control APPs to steal the user's personal information and the vehicle's control right, thereby controlling the vehicle to unlock and lock. As early as 2015, security officer Samy Kamkar demonstrated to the public the method of invading the vehicle's remote control APP by placing a small hardware in the car to achieve vehicle owner stealing and vehicle control stolen.

In fact, GM Anjixing, Chrysler UConnect, Mercedes-Benz MBrace and BMW Remote have all suffered from APP security threats. As the owner of the mobile phone remote control function is more abundant, the risk of the security threat of the networked car APP has also increased.

Third, T-Box system security threats

The role of the T-Box system is primarily remote control, query and security services. In 2016, the researchers conducted a safety analysis and successfully cracked the T-Box, the core control system of the vehicle network, through a more comprehensive technology, realizing local control of the vehicle and remote control of other vehicles.

Fourth, IVI security threats

IVI is an in-vehicle integrated infotainment system based on a vehicle-mounted bus system and Internet services. Attacks on IVI can also be divided into software attacks and hardware attacks. In terms of software attack, you can gain access to the target system through software upgrade.

Five, Can-bus bus security threats

Automotive electronic components are connected via a CAN network, and electronic components communicate via CAN packets. The Can-bus bus security threat obtains its communication matrix through reverse engineering, fuzzing and other methods and breaks the application layer bus protocol of the car, and realizes the automatic control function of the car without increasing the vehicle actuator. In other words, as long as the CAN bus is seized, we are equivalent to grasping the nerves of the car and controlling the car.

Sixth, ECU security threats

The ECU electronic control unit is a car-specific microcomputer controller. Its function is to calculate, process, and judge the information input by the air flow meter and various sensors according to the program and data of its memory, and then output the command.

Attacks on ECUs can be divided into front-door attacks, back-door attacks, and exploits. Front-door attacks are hijacked by original equipment manufacturer (OEM) access mechanisms, reverse engineering attacks on factory programming methods; backdoor attacks use more traditional hardware hacking methods; exploits detect and detect unexpected access mechanisms, Perform unexpected driver functions based on bugs or problems.

Seven, workshop communication security threats

The car network is based on the car network, the car network and the car mobile Internet. According to the agreed communication protocol and data interaction standards, wireless between VX (V:vehicle, X: car, road, pedestrian and Internet) System network for communication and information exchange.

The communication security threats in the workshop are mainly inherent security problems such as signal stealing and signal interference in the field of wireless communications. The hacker steals vehicle information and tracks the target vehicle by setting up a receiver on the link layer. In addition, the malicious influence of malicious actors on the communication of the workshop is also one of the threats to the communication security of the workshop.

"In the past, cars were isolated and physically isolated, so it was difficult for hackers to remotely invade the car's internal controllers. With the evolution of the Internet, the remote network attacks on cars were no longer conjectures." Experts pointed out that in 2016, smart cars The number of "invasion" incidents has increased. Hackers can not only cause loss of property in the car or theft of vehicles, but also endanger the safety of drivers and passengers. Manufacturers should consider safety issues at the beginning of design and put safety first.

It is reported that the 360 ​​Intelligent Networked Automotive Information Security Lab is built by 360, the world's largest Internet security company, and cooperates with research institutes such as Zhejiang University, Tesla and Changan Automobile, automobile manufacturers and automotive information security related companies in smart cars. Safety research has a number of achievements, 360 intelligent networked automotive information security laboratory began in 2014 to conduct safety assessments for more than ten domestic vehicle networking manufacturers.

Wire Tube Condenser