The number of hacking attacks has increased by 20 times in 5 years. Smart car security encounters unprecedented challenges

　　The number of hacking attacks has increased by 20 times in 5 years. Smart car security encounters unprecedented challenges

Our reporter Gong Mengze

　　"In the past 5 years, the number of smart cars being hacked has increased by 20 times, and 27.6% of these attacks involve vehicle control." At the just-concluded 11th China Automotive Forum, the Chief of Huawei Smart Car Solutions BU Technical Officer Cai Jianyong shared a set of highly impactful data, which intuitively reflects the grim situation of "smart cars being hacked frequently".

　　According to incomplete statistics from a reporter from the Securities Daily, in 2019, hackers stolen more than 100 vehicles including Mercedes-Benz CLA, GLA small SUV, and Smartfortwo mini-cars by hacking into shared car apps and rewriting programs and data.

Compared with hacker attacks for the purpose of stealing cars, smart cars are obviously more dangerous when they are attacked by hackers during network security and driving.

　　The 2020 "Automotive Network Security Report" released by the well-known automotive network security company Upstream Security shows that from 2016 to January 2020, automotive network security incidents have increased by 605%, and more than doubled in 2019 alone.

According to the current development trend, with the continuous improvement of the car networking rate, it is expected that such safety issues will become more prominent in the future.

　　As one of the representatives of intelligent and connected car companies, Tesla has been found a large number of security vulnerabilities.

According to Zhang Jianxin, director of the Industrial Internet Security Research Institute of 360 Group, as early as 2014, a loophole was discovered two years after the release of Model S, the second car product developed by Tesla.

Using this vulnerability, the controller can realize operations such as unlocking and whistling through remote control.

　　This year, Tesla once again fell into the "privacy door" because the camera recorded the facial features of the driver and most of the space in the car. The surveillance video was the information exposed after a hacker invaded the Tesla car.

In addition to the safety risks brought by the network and program technologies, the application of digital technologies such as autonomous driving and artificial intelligence also increases the safety risks of automobiles.

In attacks on digital applications, hackers are increasingly targeting big data, artificial intelligence, and autonomous driving systems.

　　Smart car network security issues

　　Facing a severe test

　　Under the development trend of the Internet of Vehicles and "software-defined cars", smart cars are becoming more and more like technological products, with more intelligent functions, and they also bring many ecological problems.

Among them, the security issues brought about by access to the Internet are a major focus that needs to be faced in the future development of automobiles.

　　"At present, the scale of key codes of automobiles has increased by 10 times or even 100 times, and code vulnerabilities have also increased exponentially. More often, the increase in software code has brought about an increase in security risks." Cai Jianyong told a reporter from Securities Daily. When the car system is not connected to the Internet, the only entrances for hackers to invade are Bluetooth systems, CD players and other devices.

However, with the rapid development of the Internet of Vehicles, not only has the entrance of hacker intrusions greatly expanded, but the attack location is no longer limited to the vicinity of the vehicle.

　　According to Gao Yongqiang, Director of Standards, Huawei Smart Car Solutions BU, from the perspective of risk types, the current cyber security threats faced by smart cars fall into seven categories, which can be roughly classified into the perception layer, network layer, and application layer of smart cars. Level.

　　The reporter also noticed that the protection levels of car companies at the network communication level are uneven.

Take Cheyun Communication as an example. At this stage, vehicle companies have different progress in controlling communication encryption and in-vehicle access.

For digital car keys with frequent vulnerabilities, many car companies pay limited attention to communication security, and security mechanisms are generally insufficient.

　　In September 2018, Tesla's keyless entry and startup system exposed a CVE (Common Vulnerability and Disclosure) vulnerability, numbered "CVE-2018-16806".

The system was developed by the software company Pektron, so the affected vehicles may also involve McLaren, Karma, Triumph and other brand models that also use the Pektron starting system.

　　In terms of C-V2X (cellular vehicle networking) direct communication, most car companies are still in the initial stage of test verification in terms of certificate management systems, terminal solutions, and enterprise initial configuration environment construction. The existing traffic, Security threats in areas such as communications will also gradually migrate to smart cars.

　　"All security threats in the Internet field will spread smoothly to the automotive field." In Cai Jianyong's view, intrusions into personal computers or mobile phones will most likely lose personal information or property.

Once the vehicle is hacked, especially when the vehicle is driving at high speed, it may cause the vehicle to crash or die.

"If the car is attacked by a large number of programs like Windows, this is absolutely unacceptable."

　　The automotive industry has now entered a critical period of intelligent transformation. Similar to the development path of early PCs and mobile phones, the expansion of applications and the substantial increase in network connection rates will also make it a "target" for the next cyber attack.

The more scattered attack points and more serious consequences of smart cars themselves have highlighted the severe security prevention and control situation facing smart cars.

　　Ensuring car network security

　　Multi-pronged approach

　　There are thousands of roads, and safety comes first.

In the process of the intelligent development of automobiles, once a network security breach occurs, in addition to causing safety threats to vehicles and car owners, it may also spread the danger to other vehicles and other people, triggering public safety incidents.

Therefore, it is time for the safety of smart cars to be put on the table.

　　At the policy level, domestic systems and standards related to the Internet of Vehicles are already under construction.

On June 21 this year, the Ministry of Industry and Information Technology publicly solicited opinions on the "Guidelines for the Construction of Internet of Vehicles (Intelligent Connected Vehicles) Network Security Standard System", and proposed the framework of the Internet of Vehicles security standard system, key standardization areas and directions.

It can be seen that solving the threat of "car hackers" has become the common expectation of car companies and consumers.

　　"Standardization and systemization solve the problem of whether there is safety or not, but with these, is the Internet of Vehicles really safe?" Zhang Jianxin said that there must be loopholes in the Internet of cars, and the Internet will lead to the expansion of hackers' attack surface and the introduction of new technologies. It will also bring new risks.

　　The reporter also found that many parts and components of intelligent networked cars are still dominated by foreign-funded suppliers. For some car companies, the systems provided by these suppliers are like "black boxes", and the OEMs want to build information security protection from a global perspective. System, but the operable space is greatly restricted.

　　In this regard, Zheng Guangwei, an expert in the field of smart cars and an expert on Internet of Vehicles information security, believes that it is particularly important to issue an authoritative evaluation procedure for the information security of intelligent connected automobiles.

“At present, there are still differences among the parties in the market in this regard. The evaluation ideas of OEMs focus on the difficulty of exploiting the attack path and the degree of impact on vehicle assets and personal safety; information security vendors are more focused on the impact of technology itself on the system.” Zheng Guangwei said that the industry's unified standards will promote agreement among OEMs, component suppliers and information security companies.

　　Talking about how to carry out effective security protection, Zhang Jianxin said that it is necessary to start with actual combat.

Security agencies can stand in the position of hackers and investigate the security vulnerabilities of the car system through real attacks; "white hat hackers" can complete the search, submission and repair of the vulnerabilities of the smart car system by continuously running programs.

　　In Gao Yongqiang's view, the safety issues of smart cars are currently in a state of coexistence, involving not only car manufacturers, but also related Internet service providers. To this end, all parties should follow the ISO 21434 standard, establish a hierarchical network security protection mechanism from the technical level, and establish a credible network security evaluation system to improve the network security level of the entire industry and ensure that intelligent networked vehicles get rid of safety Hidden dangers. (Securities Daily)