Wed 12 April 2017 By Ioannis
(Image by Nam-ho Park)
Nowadays it's very common for car manufacturers to develop mobile applications that allow you to control several aspects of your vehicle. The level of control that these apps give you is diverse. From the simple function of unlocking the car to the much more complicated action of summoning it to your location.
As soon as you have apps that can interact with a car, questions arise related to how secure they are. If these apps can be hacked, it means that in extreme cases someone might be able to steal your vehicle. How can we enhance their protection?
Let's examine a few high profile cases that happened during this year where automotive apps were hacked and how we can protect them using Approov.
Recently it was demonstrated that it is possible to hack the Tesla App. This is done by downloading malware that modifies the original app and allows the hijacker to control the victim’s car. This vulnerability comes down to the fact the server does not verify that the app that sent the request is genuine. Part of Approov’s attestation procedure is to check the application signature. If the application’s signature from the device differs from the registered application signature stored in the server then the request fails. Thus, any attempt to modify a genuine app will result in that app being unable to attest with the server and unable to issue commands to the vehicle. Tesla's response tried to shift the blame onto the insecurity which is generated on a hacked phone. With Approov, even if the authentication token is stolen (in many cases this might not even be encrypted at rest by the app), it can’t be used if the endpoints are protected with Approov as well.
Another example is a hack in the Nissan Leaf’s mobile app. The hack exploited a vulnerability in the API. The hacker's methodology was to reverse engineer the responses from various requests to different endpoints. The API allowed anonymous requests, and no form of auth token was used. Even in that case of bad API design, Approov could help by preventing the reverse engineering of the API. Reverse engineering approaches use scripts to launch requests to the API. Without an Approov token these requests will fail, and the hacker wouldn't be able to read the responses and reverse engineer the app.
CAN bus attacks
There have been a lot of attacks that target the CAN bus that all the microcontrollers of a car are attached to. An insecure mobile app along with badly implemented security on API endpoints might be the entry point in the kill chain to get malware on the car and into safety critical systems.
The above were only a couple of examples related to automotive apps being hacked. In every case the Achilles heel was the mobile app. This shows how important it is to attest your app along with your request. By doing this you make sure that the request is coming from a genuine app. Approov provides a neat way of doing that with minor modifications in your app and server code that won't impact your overall architecture and design.
It's an obligation of vehicle manufacturers to improve their security. Since they operate in a Business-To-Consumer marketplace they should not rely on customer devices not being compromised. Approov integration can help defending against many known and demonstrated attack vectors. With the rise of autonomous cars and the increasing complexity of the functions that automotive apps provide, the need for robust security will continue to increase.