[YesAuto Security Technology] Hackers, a special group active on the Internet, have always given people a mysterious, high IQ, and remote impression. They usually attack the network system of a large enterprise or organization. Today, any car with a connected car function or a cloud service system like OnStar may be the target of their attack.

At the SyScan360 International Forward-looking Information Security Conference held recently, hackers and 360 cracking teams from the United States demonstrated how to crack Jeep Free Light, Tesla MODEL S and BYD Qin models. This challenge to automotive network security has triggered The global car companies have renewed their awareness of the Internet of Vehicles. How did the hackers hack the car? Which parts of the car are easily invaded? We will announce next.

Let Jeep fall into the ditch and let BYD make an emergency brake

Earlier, media reports stated that two hackers from the United States, Charlie Miller and Chris Valasek, successfully hacked Jeep Cherokee, the free light in China, which forced Chrysler to recall 1.4 million vehicles. They can invade and control the multimedia system, power system and brake system of the car without touching the car. For example, they can hack the keyless entry system of the car, control the audio-visual playback system and the wiper at will, make the accelerator and brake of the car fail while driving, and so on. Below we can learn about it through the video.

The two American hackers did not use their talents to harm society, but instead informed Chrysler of the vulnerabilities they discovered, helping car companies to maintain the security of their car networking systems. Qihoo 360, which prides itself on cyber security in China, has actually done the same thing. For example, last year it held a competition to crack Tesla on the spot. Recently, Qihoo 360 showed their latest video of cracking BYD Qin.

How was the car cracked?

Physical contact attacks must pass through OBD, so what is OBD?

OBD is the abbreviation of On-Board Diagnostic in English, that is, on-board diagnostic system. This system plays the role of a “prosecutor” in the car. It can monitor the operating status of the engine and the working status of the exhaust gas aftertreatment system at any time. Once abnormal conditions are found, the “prosecutor” will immediately issue a warning. The warning light on the dashboard will light up, and at the same time it will record the abnormal record in its own “small ledger”, which is the fault code memory. The maintenance personnel of the 4S shop can view the fault information on the “small ledger” through the special fault code reading device, so as to quickly understand the cause of the car's fault.

How to hack into a car without touching it?

More and more cars have Wi-Fi and Bluetooth functions. Most manufacturers set up these functions to be able to connect mobile devices to control the audio-visual entertainment system in the car, and this has also become a way for hackers to attack cars. path.

— Intrusion through Wi-Fi system

However, if you want to start the car, and then control the car's accelerator, brake and other power systems, you need a deeper crack. Since the car's audio-visual entertainment system can also exchange data with the CANBus bus, we will explain the CANBus bus in detail later. All you need to know here is that it can be connected to, for example, engine controllers, electronic brake controllers, etc.

— Intrusion through Bluetooth system

BYD’s Su Rui, Qin, and Tang are equipped with Bluetooth remote control keys. From a practical point of view, this is indeed a very good design, which makes it convenient for us to park in narrow parking spaces, but what BYD ignores is its Bluetooth security. In order to realize the function of remote control of the car, BYD connects the Bluetooth system to the CANBus bus and includes the CANBus line that connects the power control part of the car. It is only a very dangerous thing, because it means that the Bluetooth system can be started and remote controlled The vehicle is out.

Therefore, for BYD Qin, the countermeasure adopted by the 360 cracking team is to crack through the Bluetooth system. First, crack the Bluetooth PIN code of BYD Qin through Ubertooth software. After success, connect Bluetooth with a mobile device such as a mobile phone, and then rely on the loopholes between the keyless entry system and the mobile phone App control program to unlock the door and start the vehicle. In addition, based on the ability to maintain communication with the car's Bluetooth system, the 360 team can make a Bluetooth device with the same function as the original remote control key through reverse engineering.

This practice of replacing car keys with mobile phones or other mobile devices will undoubtedly make it easier for hackers to crack, so this practice of compromising security in order to increase utility requires a question mark.

— Remote control: through the cloud and mobile phone communication network

Earlier, there were reports that the OnStar system was discovered by hackers and could be controlled remotely. The 360 cracking team also found a loophole in BYD's cloud control system. Through this loophole, they were able to learn the owner's information (such as name, license plate number, frame number, ID number, second contact name, mobile phone number, etc.). After the owner’s account name, the password of this account can be further cracked. Once the password is cracked, you can log in to BYD's Internet of Vehicles platform.

In addition, using the combination of short-range and long-range methods, the 360 team successfully cracked Tesla's MODEL S model and won a special medal from Tesla. This cracking is based on a vulnerability in the Tesla mobile app that they discovered. According to this vulnerability, Tesla's car door can be unlocked remotely.

Of course, as a Tesla owner, you don’t have to worry too much, because the team of these hackers is not very strong, and the cracking process often takes as long as several weeks or even months. As long as the Tesla manufacturer keeps updating its own security It is difficult for hackers to break through the protection system and make up for loopholes in time.

What is the key to cracking the car?

From the above, you may also know that the CANBus bus, which is the last line of defense for the car, has become the key to breaking the car network. So what exactly is CANBus?

CANBus is called Controller Area Network-BUS (Controller Area Network-BUS). CANBus technology was first used in the communication of electronic weapon systems such as aircraft and tanks. The application of this technology to civilian cars originated in Europe. In the car, this bus network is used for data transfer between various sensors, control modules and execution units on the car.

CANBus is divided into high-speed and low-speed. The high-speed CANBus bus is mainly connected to the engine control unit, ABS control unit, airbag control unit, combination instrument and other systems directly related to car driving. The low-speed CANBus is mainly connected to body comfort systems such as central control locks, electric doors and windows, rearview mirrors, and interior lights that do not require high data transmission rates.

CANBus bus technology has exposed its shortcomings today when network security is very sensitive. Because it was designed without considering the factors of communication security, even the key high-speed CANBus parts can be accessed at will. This is because we visit CANBus. The information on the bus does not require an identity verification process, so this gives hackers an opportunity to attack the car .

How to prevent?

First of all, it is emphasized that the current manufacturers have made up for the above loopholes, so as the owners of Jeep, Tesla or BYD, you can feel at ease for the time being. It can be said that these hackers really teach manufacturers a lesson, while improving the car networking system to give users a better experience, we must not forget the improvement of car networking security. Strengthening the firewall system of cloud services and increasing the frequency of updating the vulnerabilities of the Internet of Vehicles system are the main ways to solve the current security. In addition, switching to automotive Ethernet bus technology with higher security and faster transmission speed is also a longer-term choice. In the future, for users who have connected vehicles, it is enough to maintain the security of their mobile phones and prevent hackers from stealing their connected vehicles information through their phones.

Summary

I can't imagine the consequences of a sudden hacker attack on the steering system or brake system of a car when driving on a highway. When Charlie Miller and Chris Valasek first announced that they had cracked the Jeep car, it attracted global attention to the safety of the Internet of Vehicles. We must re-examine the Internet of Vehicles. It brings us convenience and quietly buried safety. Hidden dangers. In addition, as the last hurdle of automobile safety, CANBus bus technology is facing a serious test. Will it be replaced by the latest Ethernet bus technology? Today, Qihoo 360 is preparing to establish the China Internet of Vehicles Security Alliance with many domestic car companies and institutions. Does 360 also want to use this “Dongfeng” to cut into the automotive field? Please keep your attention.