Threat Perception and Attack Scenarios in Automotives



Automobile manufacturing has come a long way since the design of the first car in 1886 by Karl Benz. The speaker for this conference program, Dr. S. K. Sinha, Associate Professor, Indian Institute of Science (IISc.), told the audience an interesting fact that emphasises how much cars have evolved over the past few decades. “50 years ago, 100 percent of the money that you paid for a car went to mechanical engineers, today, 30-40 percent of the money that you pay for a car goes to electronics engineers and embedded designers, and you have large number of electronic control units (ECUs) doing things that mechanical and electrical linkages were doing earlier,” he said.


Electronic control units

In an embedded system, the hardware does not do anything by itself. The software makes the system work. “30 years ago, the software in the cars was zero – there was no software. And in just a short period of 30 years, the amount of software has gone to ten million lines of code, in low end cars. If you talk about Audi, Mercedes or BMW cars, they have hundred million lines of code today. Thousands of functions are being realised with software,” he said. The engine control units were the first components to be converted to electronic units.


The issue of software bugs

Dr. Sinha mentioned that software is bound to have bugs. The cleanest software is from NASA (National Aeronautics and Space Administration), in USA. However, even they do not claim to have bug-free software. They have tried to ensure that their software does not have more than one error for every ten thousand lines of code. Microsoft tries to ensure that their source code does not contain more than five errors for every ten thousand lines of code. He said that the prediction for car software is that there will be around 300 million lines of code present in a car, about ten years from now. Cars of the future will become like computers on wheels. However, it also implies that the car may have around 150,000 software bugs in its code. Some of the bugs may be harmless, but in some cases, the car may have to be rebooted, just like a computer, and this could be very problematic if the car is travelling up a slope, or if it is travelling at very high speeds.


Attack scenarios

There is a technology that will soon be made mandatory in all cars. It is known as Tyre Pressure Monitoring System (TPMS). The device is located on the wheel and it communicates wirelessly with an electronic control unit that is located within the car, using a 32 bit identification number that is unique for every car. The main problem with this technology is that TPMS messages can be received from outside the car as well. Using a simple antenna, the messages can be received at a distance of ten metres and using a low noise amplifier, the messages can be received at a distance of 40m. This is extremely dangerous because it means that the car can be used to trigger events like the detonation of a bomb, using the unique ID.

The image shows the parts of a car that are susceptible to hacker attacks.
The image shows the parts of a car that are susceptible to hacker attacks.


Please enter your comment!
Please enter your name here