Snatching a Self-Driving Vehicle with an iPad
An exposition participant for an annual conference event on robotics and new technologies (We’ll call them ICORP) convened with Karamba to create a joint demo presentation.
ICORP is an engineering service company that creates demos and custom projects for car manufacturers, 100% electric vehicles, and the self-driving vehicles sector. They also invest their efforts in automotive app integrations.
Karamba specializes in creating cyber security software that prevents cyber-attacks on IoT controllers by seamlessly hardening them according to factory settings, and blocking any deviation from those settings.
ICORP has been working on a self-driving vehicle application that allows an individual to take control of the vehicle with the app. It is important for an app that has such robust connectivity to be hack-proof. ICORP asked Karamba Security to assist them with their demo.
ICORP had two requirements for Karamba. First, that they revise any vulnerabilities in ICORP’s code, with the end goal to show that there are vulnerabilities that could be exploited. Second, to secure ICORP’s vehicle and application from any possible hacks.
ICORP intended to have a joint demonstration where they would try to hack their iPad app’s capability to connect to the ECU in the vehicle that facilitates driving the wheel with Karamba’s cybersecurity technology protecting it. One of the conditions involved in the research process was to not change anything in the vehicle, as ICORP had already shipped the demo car to the event.
Taking on the first challenge, Karamba set out to find vulnerabilities on the vehicle. The research team’s strategy was based on Return-Oriented Programming (ROP); and after some trial and error, they found a bug on the connected controller that enhances the vehicle’s remote capabilities.
Taking over a self-driving car with an iPad
The demo took place in a parking lot with a drawn map of the USA. The vehicle had a pre-set route to follow starting in New York, traveling through Pennsylvania and Michigan and arriving back. The question was whether Karamba’s research team found the right vulnerability that would allow them to take control of the vehicle.
Karamba’s research team found an in-memory payload on the connected controller, guessed the password, and managed to connect to a port that received packages. This allowed them to break into the self-driving vehicle’s system.
The port was not the only vulnerability they found. The team could see multiple layers of connectivity inside the car that the wireless access point exposed. The team could potentially send commands to all those ECUs and affect various areas in the car.
The demonstrator showed how the lights in the car could go on and off. It could have also activated the speedometer and air conditioning and taken the wheel to change the direction the car was driving in. The first attempt of a cyber-attack on the vehicle was successful.
Protecting the self-driving vehicle
The second part of the demo would be similar to the first, but this time the goal was to protect the app connection to the self-driving vehicle from a possible cyber-attack. Karamba created a protection software image for the ECU that the iPad has a connection to. They then replaced the current unprotected ECU of the vehicle with the new protected version of it with minimal effort.
During the second demo, Karamba’s Product blocked the attempted hack, and also created a report of the attempt. The vehicle was able to continue its pre-set route on the map, arriving safely to its destination.
ICORP and Karamba demonstrated together how a driverless car app can be hacked and how to protect it from cyber-attacks successfully. Karamba not only showed how to protect the vehicle but also how to protect the lives that it carries.
Karamba Security managed to protect ICORP’s ECU controllers after production. ICORP hardened the self-driving vehicle’s controllers with no effort and managed to keep the car and the app safe from cyber-attacks.