Wednesday, 22 July 2015

Private mobile data networks

I read the story about Jeeps being hacked. Scary!

What is interesting is the total lack of security on the mobile side - it seems the manufacturer had SIMs on Sprint mobile network which simply operated on private IP addresses but still on Sprint's network. This allowed anyone with a Sprint SIM to access the cars systems.

One of my customers just commented on irc basically "Should've gone to A&A", in that we do private network data SIM cards for UK use where the SIM connects back to us, and can connect on to a private LNS on a corporate network allowing the IP traffic to be private to that network. It would, with a very simple set up, allow someone to run a completely private corporate mobile network from one SIM card upward for very low cost.

But this is "simple", in that it allows open, unencrypted, IP traffic to and from the mobile device and the corporate network relying entirely on the mobile and ISP networks to provide that security. It works well. It is great for things like iPads and the like that can "just work" out of the box and find themselves on the corporate LAN behind the corporate firewall without a complicated VPN set up.

Of course, doing this for cars would have the issue that you just get one of the SIMs from a car and have access to the car network. This, fortunately, is one line of firewall config on the LNS to stop car to car traffic (he he "traffic", and "cars", sorry, LOL).

Even so, and even though this is a solution we sell, this is far from the solution that should be used for access to a car! The link should use a secure and validated encrypted communications channel - essentially a VPN. This would allow the car to be sure that it is talking to the manufacturer, and would also allow the car to communicate safely via any IP connection to get there (WiFi or mobile) and so not tie the manufacturer to one SIM/mobile set up.

Hopefully they will learn! It sounds like there will be laws to make them learn!

12 comments:

  1. Also, there is precious little reason to allow car <> car communications, so even with a validated VPN, you should not be able to use your car as a jump off point to contact other cars. - Of course the perennial problem with VPNS is key management, especially for assets which may remain unchanged for decades.

    (This might change with respect to a peer <> peer situation awareness network for autonomous cars, but I would see this as a separate channel/network to that provided for management)

    Seems there are fails all round here.

    ReplyDelete
  2. I wonder if this is a broader issue than "just" communications security / authentication: is there actually a good reason why a car's core functions can be controlled remotely at all, or why are the entertainment and control networks not separate?

    ReplyDelete
    Replies
    1. Indeed. Reading the articles, there was a common component on the entertainment system and the main CAN bus that could be hacked.

      Delete
    2. The reason to allow remote control of the core functions is convenience; I can use my smartphone to (e.g.) start the engine and set the climate control to 19 °C from my office desk, so that the vehicle is cold when I arrive having walked through a Texas summer to get there.

      There's a secondary use; once you have that level of access, you can read out diagnostic status remotely, and (e.g.) call someone in for an early service if there are signs of premature failure.

      Delete
    3. I think the ship has long-since sailed on any idea of keeping these things separate in modern cars - the touch-screen in my car links with everything, from entertainment to gear-selection options, and clearly receives data from everything too - steering, speed, etc

      And much of it is complete crap - just plain badly written (slow, missed key-strokes, random bugs, etc). I often point to people who haven't managed to get out of earshot that if the leather on the steering wheel was as badly stitched as the U/I software is written, then the mfg would have rejected it at goods-in, and I wouldn't be tormented by it constantly.

      I cling to the hope that the software is the last bit of cars which is as completely shite as almost everything else about them was in the 1970s, and the market dealt with that, forcing the manufacturers to sort things out.

      Like everyone else, I'm amazed that cars will take remote commands without at least some kind of MAC, though as someone says above, key-management wouldn't be trivial, particularly if you dish-out remote control apps for people to use directly themselves, rather than forcing everything to go via a company's own servers.

      Delete
    4. Apparently in the US this came about because the authorities wanted to be able to stop cars remotely to cut short car chases. It doesn't appear to be common in the UK (if it was I'd probably disconnect the antenna, given the lack of security).

      Delete
  3. Tesla Model S 3G SIMs get public addresses (though via M2M providers; not on their home networks) and can also tether to wifi access points.

    Traffic to/from google, rdio etc to provide the in-car infotainment runs in the clear but all traffic from the car to/from Tesla is inside an OpenVPN tunnel.

    The smartphone apps connect to Tesla's servers which then contact the car through the VPN.

    ReplyDelete
  4. Yup, they didn't really think it through. Security should be thought of from the outset. "How will people try to exploit this?" is an important question.

    ReplyDelete
  5. For a normal consumer car (not a Tesla), there's no reason for anything on any wireless network to be able to control the brakes. If a firmware update is needed, the dealer can do it next time I take the car in for a service.

    (Tesla are different - their car software is known to be incomplete, and they sell the car as "these features are coming in a future software update". And they're probably competent to do reasonably secure software update. I wouldn't trust any of the major car companies to be able to do a secure over-the-air software update).

    ReplyDelete
    Replies
    1. I don't think Tesla's view is that OTA updates are needed because the car is unfinished; their view is that OTA updates are important because they give a better ownership experience.

      Apple certainly wouldn't claim that iOS8 is "incomplete" but they don't ask you bring your phone into a shop to get iOS9.

      Delete
  6. "It would, with a very simple set up, allow someone to run a completely private corporate mobile network from one SIM card upward for very low cost."

    ...indeed, and as soon as you negotiate a better cost for data usage I'll be ordering a bunch of them for our business - but at the moment, if it's a choice of £20+ a Gig vs 20GB or more for the same money, we'll live with configuring VPN clients on our mobile devices...

    ReplyDelete
  7. My Nissan Leaf has a sim based service but instead if you access the app on a computer or app device Nissan send an SMS to the car.
    This sms is the same for all functions A/C on/off etc.
    It simply tells the Car to connect to Nissan.
    The Car then builds a data connection and gets told what to do.
    I understand it uses XML to talk with simple user/pass authentication

    http://www.electricvehiclewiki.com/Carwings_protocol

    ReplyDelete