As automotive systems such as infotainment, telematics, diagnostics, and security have increased in complexity, the threat of exposure and vulnerability to hostile outside actors has experienced a proportional increase. No longer are cyber threats restricted to data breach, theft and corruption. Unwanted intrusions, which can threaten the electronic control units of any vehicle equipped with embedded or aftermarket connectivity, regardless of make and model, have the potential for physical consequences.
Developers must do more than just plug security holes; they must anticipate vulnerabilities and reinforce security systems long before they’re exposed to threats.
A hands-free car kit utilized the Headset, Phonebook Access and Advanced Audio Distribution profiles usually required to realize features such as call handling and music streaming. The same car kit reported occasions of phone book data theft.
Using protocol analysis to examine the Bluetooth implementation, it was found that the wrong security mode had been employed, allowing unauthorized Object Push Profile (OPP) Pull requests to the car kit, resulting in unauthorized download of private data. The correct Security Mode requiring mandatory authentication for the OPP service was enabled.
Further examination of the implementation revealed that the car kit was vulnerable to unauthorized discovery of the device address, a necessary component for the OPP exploit. In this case, the car kit failed to come ouf of discovery mode after successful pairing and remained available to connection to other devices. It was also found that the discovery mode timeout period after unsuccessful pairing was set too long, creating extended windows of opportunity for hostile actors to connect.
These vulnerabilities were successfully corrected, and the car kit’s exposure to data theft was minimized.
The connected car’s attack surfaces are the vectors and targets by which malware or other attacks exploit weaknesses in order to affect a vehicle’s critical safety and non-safety functions. Those attack surfaces include the automobile’s ECUs (airbag, engine, transmission, brakes, lights and body); onboard diagnostic systems; telematics and connectivity transports; keyless entry and anti-theft systems; vehicle-to-vehicle communication and Dedicated Short Range Communications; and infotainment systems.
Teledyne LeCroy’s tools and services examine each of these vectors to ensure that communications security protocols have beenimplemented correctly to limit exposure, and that targeted components are functioning at peak performance and are able to ward offhostile attacks.
The Teledyne LeCroy Automotive Technology Center is the premier Bluetooth device testing and services partner, with an enormous device library comprising 3000+ devices including coverage for every major car model.
Teledyne LeCroy Automotive Technology Center
27007 Hills Tech Court
Farmington Hills, Michigan 48331