IEEE Technology and Society Magazine - March 2018 - 16

did extensive and formal testing of
their software for high-assurance
applications. The current market
doesn't support that kind of examination, and few vendors know how
to do it, but that doesn't mean it
can't be done. Vendors might test
better if we had a legal or economic
means of holding them liable for
defects. Right now, if they do a poor
job verifying security, they simply
release a patch and do it again!"

Why have we been forced to live
with black-box testing without
understanding the details of the
black box?
A second serious security problem is with vehicle electronics and
en gine control units (ECUs). ECUs
include the electronic/engine control
module (ECM), powertrain control
module (PCM), transmission control
module (TCM), brake control module (BCM or EBCM), central control
module (CCM), central timing module (CTM), general electronic module
(GEM), body control module (BCM),
suspension control module (SCM),
and others. Some modern vehicles
have up to 80 ECUs where new features are added. More new features
are then patched into the existing
systems, making the systems more
vulnerable to attack.
An in-vehicle/external network
makes it more vulnerable. An in-vehicle infotainment (IVI) system often
uses Bluetooth technology and/or
smart phones to help drivers control
the system with voice commands,
touch screen input, or physical controls [4]. In addition to IVI systems,
smart phone links, vehicle telematics,

diagnostics, and autonomous vehicles make the system more vulnerable through external applications.
We must understand and define
vehicle security buzzwords including "maps," "ECU-remapping," and
"re-f l a s h i n g ." E ng i ne ECUs contain "maps" which are basically
multi-dimensional lookup tables of
minimum, maximum, and average
values for various engine sensors [5].
The software on an engine ECU interprets the information from
those tables and sends an
appropriate signal to the
relevant engine sensors so
that the appropriate performance is delivered during
the drive [5]. The practice
of downloading a different
map into the vehicle's ECU is
often called "re-flashing" [5].
A process to refine the vehicle's engine map is called
"ECU-remapping." According
to Dave Blundell's "ECU hacking" [6],
ECU attacks are classified into front
door attacks, back door attacks, and
exploits, respectively:
Front door attacks: Commandeering the access mechanism of
the original equipment manufacturer (OEM).
Back door attacks: Applying
more traditional hardware hacking
approaches.
Exploits: Discovering unintentional access mechanisms.
Hackers or crackers can use in expensive commercial tools for
ECU attacks.
In this article, potential hackings are classified into "vehicle sensors attacking" and "vehicle access
attacking." We must protect our
au tonomous vehicles against potential hackings, detailed in the following sections.
We are not prepared for potential
vehicle sensor attacks. Vehicle sensor
attacks can include global positioning system (GPS) jamming/spoofing
IEEE Technology and Society Magazine

attacks, millimeter wave radar jamming/spoofing attacks, light detection and ranging (LiDAR) sensor relay/
spoofing attacks, ultrasonic sensor
jamming/spoofing attacks, and camera sensor blinding attacks.
Vehicle access attacking affects
not only autonomous vehicles but
also conventional vehicles. Vehicle
access attacking includes key fob
clone and telematics service attacking.

Vehicle Sensor Attacking
Autonomous vehicles use the following sensors: GPS, millimeter
wave (MMW) radar, LiDAR sensor,
ultrasonic sensor, and camera sensor. We must protect current and
future autonomous vehicles against
these t y pes of sensor at t ack s.
Vulnerabilities and attack methods are briefly described below.
Potential countermeasures are
also noted where possible.

GPS Jamming and Spoofing
GPS spoofing became very popular
after Pokémon GO hacks. GPS signal
spoofing must be mentioned first.
Protecting GPS from spoofers is
critical to autonomous vehicle navigation. Conventional GPS systems
are vulnerable to spoofing attacks.
Using inexpensive software defined
radio (SDR), GPS signal spoofing can
be easily achieved [7], [8]. Advanced
spoofing technology might pose
defense challenges even to very
sophisticated victim receivers. There
is a need for more research and
development in the area of spoofing
defenses, especially concerning the
question of how to recover accurate
navigation after the detection of an
attack. More importantly, however,
there is a need for receiver manufacturers to start implementing and
embedding spoofing defenses [9]. In
other words, the current GPS is vulnerable to GPS signal spoofing.
Psiaki's team has found that
combining strategies can provide a
∕

march 2018

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - March 2018