Cordline Switches,Electrical Switch, Rocker Switch, Foot Switch, Hand Switch, On-Off Rocker Switches Jiangmen Krealux Electrical Appliances Co.,Ltd. , https://www.krealux-online.com
Is there a security risk for connected cars? How far is the car network from safety?
Two days ago, a shocking incident involving the loss of control of a Mercedes-Benz cruise control system went viral on social media. The event occurred on March 14th when a driver found themselves unable to control their vehicle at high speed—nearly 120 km/h—over a distance of about 100 kilometers. The Shaanxi traffic police were involved in the rescue operation, and eventually, the car was remotely slowed down through a remote control system, allowing the driver to escape unharmed.
After this alarming incident, many people became deeply concerned about the safety of connected vehicles and the future of automated driving. As the Internet of Vehicles (IoV) becomes the next major battleground for the telecommunications industry, it's crucial to examine the security risks that come with such advanced technologies. In response, our team conducted research over the weekend and is now sharing our findings.
First, let’s address the question: Are connected cars vulnerable to security threats? The answer is yes. This issue isn’t new—back in 2015, two security researchers demonstrated how they could hack into a Jeep Cherokee’s systems, gaining remote control over not just the entertainment system but also the brakes and steering. This led to a massive recall of 1.4 million vehicles by Fiat Chrysler and raised serious concerns across the automotive industry.
So, how did these hackers manage to do it? Let’s break down the architecture of modern vehicle networks. Most cars today rely on electronic control units (ECUs), which are interconnected via an in-vehicle local area network (LAN) and can connect to external networks like 4G or 5G. This setup enables features such as car networking and autonomous driving.
The system typically has four layers:
1. **External Communication Equipment**: This layer handles communication with the outside world, including cellular networks, Wi-Fi, and V2X (Vehicle-to-Everything) systems.
2. **Car Gateway**: Acts as the central hub, managing data exchange between the ECU and external devices, as well as internal communication.
3. **In-Vehicle LAN**: Transfers data between ECUs and is divided into domains like body, telematics, and control.
4. **ECU and Functional Components**: These are the actual components that control the car’s functions, such as braking, engine, and doors.
To ensure safety, the IoV should have a four-layer security framework:
1. **External Communication Security**: Ensures encrypted and authenticated communication with the outside world.
2. **Car Gateway Security**: Includes filtering, key management, and anomaly detection.
3. **In-Vehicle LAN Security**: Prevents tampering and eavesdropping on internal data.
4. **ECU and Component Security**: Verifies the integrity of firmware and software on each ECU.
Despite these measures, vulnerabilities still exist. For example, car theft through key code cloning and attacks on the OBD (On-Board Diagnostics) interface have been reported. Hackers can inject false data into the vehicle’s network, potentially leading to dangerous situations.
One notable vulnerability lies in the LIN bus protocol, which is used for less critical systems like door locks and lights. While most security focus is on the CAN bus, which controls critical functions, the LIN bus can also be exploited. Attackers can inject malicious data during communication, causing errors that allow them to take control of non-critical but still important vehicle functions.
As the Internet of Vehicles continues to evolve, the need for comprehensive security measures becomes even more urgent. With more connected devices and autonomous features, the attack surface for hackers expands. This calls for collaboration across industries—from telecom providers to automakers—to establish robust standards and cooperative frameworks.
Safety in the IoT era is no longer just about data—it directly impacts personal safety and property. As we move toward a future of fully autonomous vehicles, ensuring secure, reliable, and resilient networks will be more important than ever.