Friday, February 7, 2014

Possibilities in Automobile Hacking

Image courtesy : Koscher, Checkoway et al

Last month, I sat among a crowd of about a hundred at the Dubai Silicon Oasis HQ listening intently to a technical presentation from Audi Middle East on the technologies that go into their cars. Though the presentation had much more of a marketing component to it than the engineering type technical, you immediately got a sense of how dramatically Audi is transforming the car as we know it into a near autonomous system that augments the driver's limited capabilities.

Then I managed to get up and ask the presenter a question : "Does Audi really believe that more systems automation is the way to go in this age of vulnerabilities?" I didn't get a clear answer, and I think he replied something to the effect of 'we have been testing this extensively, it is reliable, safe' yada yada.

Car manufacturers have enough technology in the books to be able to clutch the control from you if you slept over your wheel and shifted lanes by accident. or to monitor the full 360 degree spectrum around your car ultrasonically to regulate vehicular distances, or to auto-pilot a parking maneuver into a very tiny space without you ever having to be present inside. Some technologies are deemed too immature to release yet, but manufacturers have already done a chunk of the thinking work. Implementation could be a few years away.

 How Stuff Works : Car Electronics
Last year, while traveling on an interstate trip across the eastern United States, I wondered what the car I
was driving would be doing deep inside it without my knowledge. I imagined the millions of lines of software routines flickering as they ran, hundreds of packets of information being driven on information highways from one control unit to another, the systems watching with precision every sensor on the car and taking in information to decide what to do. Wheel speed, steering angle, in-cabin temperature, door locks, air bags, lights, tire pressure, radio volume, exhaust temperatures....nothing was not known.

The longest trip I ever made in those days was a 10 hour straight slog with one rest stop. I'm not boasting about it. It came out of necessity to get to a certain place quickly. It tested the very core of endurance of my mind and with some hesitation I must admit I closed my eyes momentarily on more than a few occasions only to wake up with a split second bang realizing that I'm still in control of a 3000 pound vehicle moving at 70 mph.

This is the American way for hundreds of people and making use of the vast road networks to drive from one state to the other is a matter of pride and heritage. Flying is objectionable to many, even if it sounds an odd idea to be hauling your disheveled self from one time zone to the other surviving on highway Burger King. I can't blame them as a foreigner. You actually tend to like having this libery to travel far and wide and if you will allow me, its probably the most enjoyable way to see America.

Some select few have a job to do a trip across the entire continent in 5-10 days. They are called truck drivers and they haul hundreds of millions of dollars worth of cargo to make the Walmarts and Office Depots work. When diesel fuel picks up its pump price, guess who gets hurt most? Yes, its that fleet of semi trucks who are helping fire up the economy indirectly.

Back to the episode when I shut my eyes while driving. Boy, did those instances frighten me that I had to stop and get coffee. Sitting in a 24 hour Dunkin Donuts at midnight sipping the damn drug and looking at my watch, I invited possibilities that this wheeled machine should be automatically controlled from time to time. Or maybe all the time while I could catch the Z.

Sounds like a far fetched idea but OEM's know what I've already been thinking, except they started the thinking decades back.

But every good story needs a villian and drumroll, then came along the hackers. We owe it to these guys for making a mockery out of systems and exposing their security flaws. There is hardly any sarcasm here because if hackers didn't do what they did, perhaps I wouldn't be sitting with the 11th step in evolution of the Windows operating system. I could have the most secure piece of software there ever was, or I could be wrong. I'll wait till I get hacked.

However, unlike computer operating systems which have matured over several decades, vehicles do not apparently have a parallel idea of access control rights in their CAN protocol. Or they don't implement the full spirit of the automotive standards. I was surprised to glean this information while going through paper on the security analysis of a modern automobile.

The authors of the said paper manage to experimentally verify that anybody could reflash, i.e load a piece of potentially malicious code into a car's telematics unit without the need for authenticating! They also showed how it was possible to drive a car on an airport runway at 40mph and do various things to it remotely while it was moving, like killing the engine or preventing the brakes from activating regardless of foot pressure on the pedals.  Fewer than 200 lines of code added to their software, which they creatively named CarShark, could activate a door lock sequence and kill the engine.

It may sound scary. To me, it sounds like a fantastic theme for a short sci-fi story.

This occurred to me while I was driving to work. I imagined the plight of a private detective in a bustling metropolis bulging with traffic on the primary arterial road connection who had to sit waiting in his car on most days for hours in slow moving traffic...until one day he asks himself why on earth are these accidents happening on very select times, i.e rush hour. He decides to investigate.

He had heard various things that the cities coffers were drying up, the metro line wasn't making money, tourism had gone down and a new wireless toll system was announced by the state department. Connected? Sure.

Through a maze of cover ups and paper trails, he discovers that an unknown branch of the city's huge police department had an interesting tie-up with a technology startup known for industrial automation who as it turns out operated under a strange name purportedly selling softdrinks. Together, they entered into a undercover program wherein ordinary looking cars on the roadway would be wirelessly made to crash timing it flawlessly with the peak rush hour. The accordion effect would extend many kilometers down causing a traffic jam and while everyone stood still in their spots until the roadway cleared, the city made thousands from the automated toll gate.

Wishful as it sounds, you don't need a lot of money to do this as we learn that Spanish hackers manage to do such things on a car with just $20 dollars worth of parts. Gulp hard.

It is a given that the development of any technology must harbor a strategic element about what to do when that piece of technology is made to act in off-design conditions. Could it damage property? Could it injure, maim or kill someone?

Given that computers are an all pervasive phenomenon whether it be a watch or a washing machines, whether they are at home, in your cars, in a chemical refinery or a nuclear power plant, unscrupulous elements will tirelessly work at taking advantage of loopholes to disrupt its function.  Let's appreciate the time and costs of developing and testing such systems to perform in the most safe way possible. 

No comments: