Threat Perception and Attack Scenarios in Automotives


Hacking of cars

The locking system in cars these days involves a technology known as rolling code. It means that the code that is sent from the remote to the car is never repeated. This was designed to improve security. Earlier remotes produced the same code each time, and the code was easily captured by thieves and used to steal cars.

The rolling code technology uses a complicated algorithm to produce a new code to unlock the car each time. However, it is not completely foolproof. In August 2015, Mr. Samy Kamkar, a computer hacker, designed a device known as Rolljam, which he presented at DEF CON, one of the world’s largest annual hacker conventions. Dr. Sinha explained to the audience how Rolljam works. “When you press the button first, that code is captured by his device, and it prevents it from going to the car. Thus, the car has not received that code. So, what will you do if you press the button and the car does not open? You will press it again. The next time when you press it, it will capture the second code also, and release the first code that it had captured. The car will open. The second code, the car has not received. So that code is now with him, which he can use to open your car later.”

Rolljam - a device that can be used to hack into cars.
Rolljam – a device that can be used to hack into cars.


Mr. Kamkar demonstrated this device to make manufacturers aware of the security loopholes. Manufacturers have now taken measures to make cars more secure and to prevent car thefts. However, there are many cars that are already out in the market, with this security loophole. They can be unlocked using devices like Rolljam.


Smart Cars

Car manufacturers will soon put entire operating systems into their vehicles. The electronic control units inside the cars will have the capability to judge when it is time for the car to go for service. The driver will be alerted that it is time to take the car for service. From the safety point of view, there is a concept known as eCall, which is going to be made mandatory in the European Union in 2018. If the vehicle has been in an accident, the electronic control unit inside the car will immediately make a call to an emergency number and it will convey the car’s location using GPS coordinates of the vehicle. If the person in the car is able to talk, it will set up an audio call.

Another advantage of smart cars is related to car theft. If a vehicle is stolen, the car owner will be able to remotely cut off the fuel flow and hence the car thief will not be able to drive the car anymore. Dr. Sinha mentioned three sets of communication systems that are needed for a car to be completely connected. The first one is that there should be internet access to the internal devices. Secondly, there should be vehicle to vehicle (V2V) communication. Lastly, the vehicles should be connected to the internet of things.


Controller Area Network loopholes

The main protocol that is used for communication inside a car in the controller area network (CAN) protocol. It has many loopholes, and can easily be hacked, which makes modern-day cars defenceless against hacker attacks. The computer hacker, Mr. Kamkar designed a device which can be plugged into the on-board diagnostics port in a car. It can be designed with an Arduino board, and allows an external server to send commands to the vehicle.


Conclusion – modern cars can be remotely hacked

Dr. Sinha ended his talk with a story about two hackers, Charlie Miller and Chris Valasek, who, as part of an experiment, hacked the car that their friend Andy Greenberg was driving. They changed the air conditioning settings, turned on the radio and windshield wipers, and even cut the transmission – from 10 miles away!

Although this means that car security is at risk all the time, automobile manufacturers have also taken some steps to safeguard vehicles. One such initiative is known as EVITA (E-Safety Vehicle Intrusion Protection Applications), which was developed by car manufacturers in the European Union. “This is a hardware solution. They have made hardware that has encryption facilities and all that, and which can be included into any microcontroller intended for automotive applications,” he said. There is also a software solution called Oversee. It involves the separation of the software applications from the hardware components.

A combination of EVITA and Oversee can ensure secure vehicles in the future.

Watch Dr. S.K. Sinha’s talk at the India Electronics Week 2016 here:

03_Threat perception and attack scenarios in Automotive from EFY on Vimeo.

‘Threat perception and attack scenarios in automotives’