Intel Establishes Automotive Security Review Board

An anonymous reader writes: To help mitigate the cyber-security risks in connected automobiles Intel has established the Automotive Security Review Board (ASRB). Intel says: "The board will encompass top security industry talent across the globe with particular areas of expertise in cyber-physical systems. The ASRB researchers will perform ongoing security tests and audits intended to codify best practices and design recommendations for advanced cybersecurity solutions and products to benefit the automobile industry and drivers. Intel also published the first version of its automotive cybersecurity best practices white paper, which the company will continue to update based on ASRB findings."

Another boondoggle?

[zaft]

First post? It'll be interesting to see who else gets on board with this.

Re:Another boondoggle?

[epyT-R]

Yup. All wrong. No one's been able to secure much of anything these days. As a result, mission critical equipment like personal vehicles should not have unnecessary complexity or connectivity. Let owner's cellphone do that for auxiliary purposes only (music streaming, navigation etc).

Did they remember to

[Marxist+Hacker+42]

Only hire women and other URMs?

Re:Did they remember to

Obviously. Men are too stupid to do anything the way it should be done. Everything should be connected to everything else because convenience for women is more important than security, privacy, or rights.

Pot, Kettle

[phantomfive]

Intel should get their own game in gear before telling other people what to do. It takes special effort to create a system that's exploitable on both Mac and Windows, but Intel has done it.

The danger

[phantomfive]

The real danger here is that manufacturers can use this as an excuse to avoid liability.......they can say, "It's not our fault the car got hacked and rammed into the building, we followed industry standards!"

We don't want them to "follow industry standards," we want them to write secure software.

Re:The danger

[epyT-R]

..or avoid software altogether if they can't/won't write secure code.

Re:The danger

[Grishnakh]

Auto manufacturers don't need to write secure code.

There's plenty of companies out there that specialize in writing mission-critical, secure code. Any company that writes avionics code would probably be a good choice. The automakers can outsource the software work to these companies, and concentrate on designing nice cars and operating assembly lines.

Intel or a company they bought?

I think they bought McAfee (who about 10 years ago bought Foundstone, a VERY good security company.) Is this actually them or some other part of Intel?

Security experts only?

Will this board also include also include experts from the actual automotive industry or is this yet another bandwagon?
Everyone from outside the industry seems to treat automotive security like IT security on embedded processors and then reacts surprised when the automotive industry does not even want to talk to them.

Here's a hint to automotive security researchers who want to be taken seriously:
Try and learn how the development of a vehicle actually works. It is a complex process with tens of thousands of people spread over hundreds of companies. Even the smallest of architechture changes (yes, even your proposed "minor adjustment" to improve security) can take years to realize.
I often see claims like "security could be improved for only $2 per car!". This looks deceptively cheap, but you are effectily trying to coerce a big OEM like GM or Toyota who produce around 10 million cars a year to spend double digit millions per year on your solution. And that is without development cost.

I know that it is hip to claim that big companies do not want to talk to security researchers, but at least in part the researchers and their (from an OEM's perspective) overbearing attitude and displayed ignorance of the industry are responsible for this, too.

Re:Security experts only?

[buck-yar]

and isn't double digit millions and development costs nothing to a big OEM like GM or Toyota?

Re:Security experts only?

and isn't double digit millions and development costs nothing to a big OEM like GM or Toyota?

I guess that is what Intel is hoping

How about not connecting cars to the Internet

[jonwil]

The best place to start in making cars more secure is to stop connecting them to the Internet or cellular networks. It makes them vulnerable to remote exploits and increases the cost of the car.

But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features" (presumably stuff so when the car is involved in a serious crash, the car can notify emergency services automatically in case the occupants are pinned down or unconscious and cant make an emergency call themselves)

Get rid of the cellular connections, get rid of all this "infotainment" crap (whoever thought "apps" in a car is a good idea is an idiot). And spend some money on really strong encryption in things like the remote unlock keyfobs and engine immobilisers so hackers cant get in.

Re:How about not connecting cars to the Internet

[phantomfive]

But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features"

Wow, that's a horrible idea. First thing I'm going to do is disable that shit.

Re: How about not connecting cars to the Internet

You mean disable your vehicle?
Just wait, they'll pass a law. If law enforcement can't remotely interface with you car you are in violation. Since you disabled the security system you must have stole it and you won't be listened to until after booking when you get to see an actual judge the next day/week.
You will have no defense except against charges, being jailed was your fault and you won't get your time or job back. Employer already got someone. And you still have to pay for impound, where you will find your car with all it's panels stuffed in the back seat, and the security system back on.

Re:How about not connecting cars to the Internet

Its perfectly reasonable to have an open source audit-able and removable box in your car that has read only access to some of the car's data and a network connection for emergency purposes. Its even ok if cars have to come with them, and support them.

I don't know what they are proposing, but I suspect the problem is in the details (by that I mean things obvious to anyone who cares about any security or privacy issues), not in the actual concept. This isn't a case of features are bad, or usability vs privacy vs security trade-offs. Its just incompetence. A review board should help fix this shit, though I assume Intel has some other private motives here.

Re:How about not connecting cars to the Internet

[Likes+Microsoft]

A simple "emergency beacon" is a reasonable requirement. Having that same cellular radio be able to provide user input to critical vehicle systems? Bad idea. Nobody wants to thing they'll be the driver who runs off the edge of the road into a ravine in the middle of the night with no one around. But if it happened to be me, I'd be glad of the automatic emergency beacon.

Re:How about not connecting cars to the Internet

[Grishnakh]

You sound like a luddite.

The best place to start in making cars more secure is to stop connecting them to the Internet or cellular networks. It makes them vulnerable to remote exploits and increases the cost of the car.

It also increases safety by allowing drivers to talk on the phone hands-free using a built-in Bluetooth system. On my car, I press a button on the steering wheel, speak "call John Smith", it finds someone with that name in my phone's contacts, and calls him, all without my hands leaving the wheel or my eyes leaving the road. People are going to talk on the phone in their cars whether you like it or not, so it might as well be made safe. (Plus, on a long, boring highway trip, why not?)

But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features" (presumably stuff so when the car is involved in a serious crash, the car can notify emergency services automatically in case the occupants are pinned down or unconscious and cant make an emergency call themselves)

Again, what's the problem with that? Would you rather just sit there and die because you're unable to reach your phone and you're in the middle of nowhere? Honestly, this is probably a bigger issue here in the US where we have a lot more very rural and remote roads where there might not be any passersby for a while, or worse you go into a ravine or something and no one can see you.

Get rid of the cellular connections, get rid of all this "infotainment" crap (whoever thought "apps" in a car is a good idea is an idiot).

Anyone who thinks "infotainment" is all about apps is an idiot, and anyone who doesn't see the value of something like being able to play Pandora in their car is an idiot. More importantly, anyone who thinks AM/FM radio is at all listenable these days is a colossal moron; infotainment systems serve two important purposes: give us a nice stereo system so we can listen to the music we want (which these days means USB ports so you can plug in your music library with thousands of songs; you need a decent screen and UI to navigate that; also, things like Pandora are a good option too, if you want a more radio-like experience with stuff you haven't heard before, again, this requires a decent screen and UI to navigate, so you aren't fumbling with your phone plugged into an aux jack). Secondly, these systems give us navigation, which saves a lot of time and gas and improves safety a lot (since you aren't driving in circles looking for something that's not easily found on a map). Of course, you can add this stuff in with your phone and a mobile mount, but that's clumsy and not as well integrated.

The answer to all these from a security standpoint is simply having good security practices and a good architecture that makes it impossible to take control of a car remotely.

And spend some money on really strong encryption in things like the remote unlock keyfobs and engine immobilisers so hackers cant get in.

When was the last time you heard of this happening? All the latest exploits I've heard have been on American cars (namely Jeeps/Chryslers) over a cellular link. Obviously, poor security practices were used in architecting those systems.

Honestly, what I'd like to see for these infotainment systems are:
1) All code open-sourced, so security researchers can audit them, and so customers can modify and upgrade their systems if they choose. This is for the infotainment system itself (which these days usually runs on embedded Linux or similar anyway), not stuff like the engine controller or other critical systems. If they want to keep their ECU, ABS, EPS (power steering), etc. algorithms secret, I don't really care. Also, it's really more important that the base OS, bootloader, etc. be open-source; it doesn't matter that much if the music player application's source is available.
2) Specifications should be made public about how the electronic systems are architected

Re:How about not connecting cars to the Internet

[Toshito]

But now we have some jurisdictions (EU I think is one) mandating cellular connections in new cars so they can support "emergency features" (presumably stuff so when the car is involved in a serious crash, the car can notify emergency services automatically in case the occupants are pinned down or unconscious and cant make an emergency call themselves)

Again, what's the problem with that? Would you rather just sit there and die because you're unable to reach your phone and you're in the middle of nowhere? Honestly, this is probably a bigger issue here in the US where we have a lot more very rural and remote roads where there might not be any passersby for a while, or worse you go into a ravine or something and no one can see you.

So you don't care being tracked whenever you go just so it could maybe someday save your life?

Whatever happened to "Live Free or Die"?

Re:How about not connecting cars to the Internet

[Grishnakh]

Do you have a cellphone? If so, you're being tracked. What does it matter if the car makes use of that data connection?

You want to live free, go find some land in rural Alaska, buy a doomsday survival kit, and shack up there.

Re:How about not connecting cars to the Internet

[Toshito]

Secondly, these systems give us navigation, which saves a lot of time and gas and improves safety a lot (since you aren't driving in circles looking for something that's not easily found on a map). Of course, you can add this stuff in with your phone and a mobile mount, but that's clumsy and not as well integrated.

The fact that it's fully integrated with everything else in the car IS the major problem with those gadgets.

What can you do with a 10 years old car where the manufacturer doesn't offer updates anymore for the navigation system? You do like most people who had this problem, you go buy yourself a cheap 100$ GPS and stick it on the dash, ignoring the onboeard navigation. Out of date maps are worse than no map at all.

These things should be modular, like car radios where before. Industry should define a standard for size and connections, and you could choose which radio/navigation/mp3/blutooth module you want to put in there. Then you can upgrade them, replace them and update the software independently, as you wish.

Maybe it would stirr up a little competition and we could have better systems and interfaces (I have the Dodge uconnect 4.3, and boy is this interface fucked up and hard to use. 4 clicks on a touch screen to send heat to the feets instead of the face? Who tought of that????)

Re: How about not connecting cars to the Internet

[Toshito]

Sorry, forgot the /sarcasm tag

Re:How about not connecting cars to the Internet

[Grishnakh]

Maybe it would stirr up a little competition and we could have better systems and interfaces (I have the Dodge uconnect 4.3, and boy is this interface fucked up and hard to use. 4 clicks on a touch screen to send heat to the feets instead of the face? Who tought of that????)

Why'd you buy it then? My new Mazda3 is loaded with tech features and an infotainment system, and it still has a fully separate HVAC system (albeit a dual-zone automatic one), so changing that setting is a simple dedicated button. Integrating HVAC with infotainment is just a cost-cutting move; if my Mazda, which is definitely not aimed at the luxury segment, can afford to have separate HVAC controls, any car can.

Modularity sounds nice, but no one wants their dashboard to look like a military aircraft cockpit with drab square and rectangular parts bolted in with visible fasteners. They tried modularity a while back with the "DIN" sized car stereos, and they got super-tiny stereos with teeny-tiny little buttons, because they stupidly based the standard on the previous sorta-standard, which was the crappy old dual-knob car radios of the 60s-70s. When you only have two knobs, one for volume and one to adjust the frequency on an analog scale, you don't need a lot of space, but then they were trying to stick CD players and lots of controls into that same tiny amount of space, and it was terrible. This is the problem with standards like that; you get stuck with some crappy standard because everyone else uses it you have no room to improve. That's why no one uses DIN any more; it sucked and they finally got tired of designing dashes around it and not being able to make them better.

What we really need is open source code for these systems; then enthusiasts or small companies will be able to make alternative or updated versions, much like DD-WRT and OpenWRT have done for WiFi routers. And if they also published some hardware specs, there's probably be a whole new industry of companies making both hardware and software upgrades for these cars. We already have this to an extent: my wife's mid-2000s Volvo for instance has a USB/MP3 add-on system available from a European company named GROM, but because the system's interface specs are secret, it's reverse-engineered and basically a hack (it tries to make MP3s look like CD tracks), and really doesn't work that well from what I've read.

Re:How about not connecting cars to the Internet

[Toshito]

Why'd you buy it then?

Because it's litterally the only 7 passenger vehicle we could buy... that was not a minivan.

You see, fitting our 6 kids in a comfortable yet affordable vehicle was a more important factor than the shitty interface of the HVAC.

I know standards cannot predict the future and that's why we were stuck with those tiny buttons. Maybe my solution is not the best, but I cannot fathom how those shitty interfaces could be approved and put into production.

Why Intel?

That's a random company to be doing this. Might as well be Nike or WalMart.

Re:Why Intel?

1. They own McAfee, a widely derised security company, but nonetheless having a large market share of the desktop market, and perhaps looking to expand. 2. They also own Wind River, who sell software and development services into the automotive market (among other markets). 3. They've been pushing their processors to the automotive market for some time now, and already have some reference customers.

Re:Why Intel?

4. They wrote the whitepaper.

Re:Why Intel?

[Grishnakh]

McAfee makes the worst software on the planet. I'm not kidding or exaggerating: Mr. John McAfee, founder of the eponymous company, says so himself. If you can't believe him, then why would you believe someone else (including another company that's so stupid they continue to hang onto the name of the founder who now calls their products garbage)?

This ploy seems pretty lame to me really. Intel may be have been trying to push into the automotive market, but I doubt they've made much progress. The CPUs used in cars don't come from Intel, they come from other places; they're usually either some kind of ARM chip or maybe some kind of POWER chip from Freescale. Intel is a joke in the embedded market; they don't make any kind of microcontrollers at all. Wake me when they start making chips with 100-200 GPIOs, ADCs, etc.

And how McAfee shitware would have any relevance in automotive products, I have no idea. The security automotive systems need has to be designed in, as these are all small, low-power microcontroller-based systems, most of them running bare-metal; they don't need a stupid virus scanner.

This move of their seems like Microsoft suddenly trying to create some industry group (which is really just them and a couple of lackeys) and positioning themselves as "leaders" in the FOSS industry.

Consumer Reports

[Spazmania]

Just need consumer reports to start ranking reviewed cars on their information security.

Entertainment system has a network connection with the life-safety network without a one-way transfer? D. And a connection to Bluetooth or the Internet? F.

Note that this means Tesla would get an F.

Re:Consumer Reports

[Grishnakh]

Just need consumer reports to start ranking reviewed cars on their information security

How the hell is Consumer Reports going to rank cars based on this stuff? It's not like they have a panel of computer security experts on hand. Their reviews are based on feedback from their customers, which gives them reliability info. No one knows that a vehicle is insecure until suddenly some hacker figures out how to take it over remotely.

Entertainment system has a network connection with the life-safety network without a one-way transfer? D. And a connection to Bluetooth or the Internet? F.

You can't have a hands-free phone and dialing system built into the car without Bluetooth. People want these services, and they're useful services to have. If you want to drive around some 30-year-old piece of shit, go ahead, but modern car buyers (the people who actually buy new cars and keep these companies in business) aren't like you, they want these features.

Re:Consumer Reports

[Spazmania]

They have panels of other experts on hand to evaluate cars on other metrics. Consumer satisfaction is only one measure they use. Why can't they put together a panel of computer security experts?

Re:Consumer Reports

[Grishnakh]

Because a panel of people who know how to drive cars and who have basic knowledge about how cars work isn't going to help much with computer security. In fact, even a panel of computer security experts isn't going to help any: how are they going to evaluate the system, unless they can find a bunch of serious hackers (like the guys who hacked into the Jeep and drove it remotely)? Most of these systems are closed-source and proprietary, so you can't just poke around in there to see if it was written correctly or not. It's not like a car engine, where you can easily take it out, take it apart, and see how it was designed and put together. On top of all this, even if they did give out access to the source code to "computer security experts", that probably wouldn't help either, because these "experts" would probably be a bunch of morons who want to install McAfee or something, and would have no clue about how embedded systems should be architected for security and reliability. A bunch of avionics engineers would probably be a good start, but even here, security hasn't been much of a focus or a concern because they haven't had to worry about this stuff before, only making the software provably correct to avoid bugs causing any kind of problems in-flight. Seriously, the number of people on the entire planet who would be qualified to really evaluate this is very, very, very small.

Re:Consumer Reports

[Spazmania]

Dude, it's really simple. You don't need the source code to see which physical components do which jobs and how they're interconnected.

Assume that any sufficiently complex component has errors. Can a hacker send crafted data to each component? If he breaches one of them, what does he have access to now?

What do the claimed features tell you about the system structure? Remote updates to the drive train? That means that after finding the errors a hacker can insert arbitrary data in to the drive train.

Poke at the interface. How does it feel? If it's slapdash and buggy, the underlying software will be too.

And you ask the manufacturer questions. I see the entertainment system displays your current speed and tachometer. How does it get that information?

When done you haven't found all the errors but you have more than enough information to assign a grade on the four-point scale.

Networked car will never be secure

[EEPROMS]

The reality is as soon as you add apps and a network connection you need a login. As soon as you have a login you have a huge security problem. Imagine some mechanic saving all the login details for cars he has on a system then hackers break into the poorly secured computer and before you know it they can now break into a few hundred cars network interface. So unless you have some complex multi layered security setup securing a car connected to a public network is pure fantasy. At the end of the day the best security is no connection at all with no local or remote login allowed. So if the hackers want to break into the car they will have to physically connect to the cars management system.

Step one:

[Macdude]

Step one: No connection between the EMU (Engine Management Unit) and the entertainment system or the outside world.
Step two: There is no step two.

Re:Step one:

[stooo]

hmm.
What do you do about the braking system ? airbags ? speed regulator ? etc etc etc...
There is useful communication between these systems and "insecure" systems like infotainment.
You can't just cut that communication. It needs a redesign of the whole network HW architecture first (with each little change costing millions on one platform)

Re:Step one:

[gnupun]

What do you do about the braking system ? airbags ? speed regulator ? etc etc etc...

These systems may be connected to the engine system as needed, however, none of them should be connected to the entertainment system or the internet.

Do you need the internet to run a car? No, so stop adding useless tracking/spying computers to everything.

Get over it

[sjbe]

The best place to start in making cars more secure is to stop connecting them to the Internet or cellular networks.

Never going to happen. Seriously. Waste of time to even discuss it. If you want to discuss best practices for it then you might have a worthwhile discussion. But the internet is going to be a part of our driving experience whether we like it or not.

Get rid of the cellular connections, get rid of all this "infotainment" crap (whoever thought "apps" in a car is a good idea is an idiot).

Wasting your breath and frankly a lot of smart people disagree with you. If customers want it then it will happen. If they don't then it will go away. The fact that you don't find such things valuable is irrelevant.

And spend some money on really strong encryption in things like the remote unlock keyfobs and engine immobilisers so hackers cant get in.

Encryption isn't some magic pixie dust that you sprinkle on things to make them secure. Security is a process, not a product. And no security is impenetrable especially since the car cannot be physically secured. Physical access = vulnerability. Engine immobilizers have been around for ages and they don't prevent car thefts and certainly wouldn't prevent hacking.