In this short article we have a look at the data from the paper “Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats” by Strandberg et al. published in 2021. The paper systematically reviews disclosed attacks targeting the vehicle which have been published between 2010 and 2020 in order to identify security and resilience mechanisms to mitigate these critical and highly critical attacks. Out of a total of 52 unique attacks the authors found 37 high and critical risk attacks. Let’s have a look at the data about high and critical risk attacks and see which assets, i.e., hardware, communication, software, and data storage, were most commonly (successfully) attacked and if there are any trends. Please note that some attacks may target several assets, thus the sum of linked attacks to assets is higher than the number of attacks.
Focusing first on the type of asset in general, we can see that the communication has been attacked most often (29) followed by software (17), sensors (10) and the data storage (2). Looking further into attacks towards the communication shows that most of the attacks were targeting external interfaces (23) when considering physical interfaces inside the vehicle (e.g., OBD-II, debug ports, and USB) as external. Limiting “external” to only wireless communication, e.g., Bluetooth, key fob, Wi-Fi and cellular, reduces the number of distinct attacks to 12. The software asset was most often attacked when it was running (10) followed by the rest (7) which exploited the software update functionality, weak crypto being used or the software state. Attacks towards sensors respectively the hardware center around showing insecurities in GNSS, however, interesting attacks (5) that target other vehicle sensors, such as the camera, lidar and ultrasonic, have been also published. Most of the attacks towards sensors require cyber resilience to withstand attacks such as camera blinding and sensor spoofing. Attacking the data storage seemed to be so far less attractive for attackers, however, two attacks have extracted certificates or stole personal information from replaced spare parts.
As we continue to look at the year shows that in 2016 the most attacks (15) have been published and 7 to 9 attacks per year in the years following. The assets which have been targeted do not show any trends, yet novel attacks on the CAN bus are ceasing. Software and other communication assets are successfully hacked as always.
If you are interested in getting more information about the attacks and how they can be mitigated using security and resilience techniques, have a look at https://research.chalmers.se/publication/525570
Written by Thomas Rosenstatter