- Статьи
- Society
- With a new code: vulnerabilities to hacker attacks have been found in electric buses and trucks
With a new code: vulnerabilities to hacker attacks have been found in electric buses and trucks
Vulnerabilities have been found in electric buses and trucks that can make them the target of hacker attacks. Intruders can cause a battery fire or interfere with the operation of braking and steering systems. The problem was discovered by specialists from the GLONASS Motor Transport Safety Department during a preliminary assessment of the on-board equipment. Similar risks exist for special vehicles and for unmanned trucks. Based on the results of the tests, automakers will be required to develop security software and eliminate the identified weaknesses.
Cyber threats in transport
Electric buses and trucks carrying dangerous goods may be vulnerable to hacker attacks: attackers can cause a battery fire or interfere with braking and steering systems. This became known based on the results of a preliminary assessment of the on-board equipment of operated vehicles (TS) by specialists of the GLONASS Motor Transport Safety Department. There are similar risks for civil servants' cars, as well as for highly automated vehicles (VATS) — unmanned trucks plying the M-11 Neva highway.
"After our review of cyber threats in transport, ICK Automotive offered to test them in practice," Vladimir Pedanov, director of automotive cybersecurity at GLONASS, told Izvestia.
Four types of vehicles were selected to assess the extent of vulnerability: an electric bus from urban routes, trucks for transporting dangerous substances, a car for civil servants, and a highly automated vehicle. That is, one car was selected from each category of potentially vulnerable transport, the participant specified. During additional tests, a team of specialists will artificially hack into cars and record the possibility of this penetration based on telematics data, he added.
According to Vladimir Pedanov, all vehicles younger than 2007 are susceptible to cyber threats, especially those with software-defined functions of ADAS (Advanced Driver Assistance Systems). A significant part of them have integrated telematics systems. It is through them that attackers can remotely penetrate the onboard systems and gain a foothold in the vehicle for further development of the attack.
For example, in an electric bus, the data traffic of the electronic control unit (ECU) is visible during remote access. If false information about the battery temperature is transmitted there, the electric bus will forcibly heat it. A change in the temperature regime of traction batteries threatens their ignition, noted Vladimir Pedanov.
Other cyber threats relate to the management of vehicles, said Igor Bederov, Director of the T.Hunter Investigation Department. Machines with internal combustion engines are equipped with electronic control units and steering rails, accelerators and brakes, where the force on the pads is regulated by digital data.
According to Vladimir Pedanov, it is possible to monitor citizens and civil servants through on-board multimedia systems, collect information about objects and also block the car. Systems connected to the Internet or wireless networks are also dangerous, Igor Bederov said.
— Based on the telematics data collected from the CAN bus of the car, we can detect various kinds of anomalies in the behavior of the car components, — said Vladimir Pedanov. — Further, the owner may be notified of the danger.
The experiment, which involves NPP Gamma, the Central Scientific Research Automobile and Motor Engineering Institute (NAMI), GLONASS and other structures, will last until mid-2026. Its results will become the main basis for the creation of regulatory documents regulating transport safety, the expert added.
Izvestia sent requests to the Ministry of Industry and Trade, the Ministry of Transport, NAMI, as well as manufacturers of vehicles.
As told to Izvestia in KAMAZ, the topic of information security of modern vehicles, especially drones, is very relevant and has been raised more than once both within the company and among experts.
"We support the experiment and will participate in it," the company noted.
How to protect a car from cyber attacks
Cars can be compared to phones — at first they were analog, but then they turned into a complex personal computer, Ilya Popov, associate professor at the ITMO University Faculty of Information Security, told Izvestia. Machines with multimedia systems based on open operating systems such as Android are particularly vulnerable. Hackers are now targeting any transport equipped with electronic control units, telematics or communication modules, the expert added.
According to him, attackers can use not only a telematics system with a SIM card, Bluetooth and Wi-Fi, but also a standard diagnostic OBD-II connector for installing firmware. Owners are not recommended to mess with chip tuning, as dangerous "bookmarks" are often hidden in such software. Even a public charging point for an electric car turns into a loophole for malicious code, and all major standards are vulnerable: Tesla NACS, CCS, GB/T, IEC, he notes.
Today, any modern Chinese or European car can be blocked from abroad, says Igor Bederov from T.Hunter.
Vladimir Pedanov noted that in the case of cyber attacks from outside, about half a million foreign cars with modern electronics could be involved. There remains a risk of paralysis of urban life if a fleet of buses or utility vehicles is attacked in a coordinated attack, Ilya Popov believes.
According to Vladimir Pedanov, in order to protect the vehicle from threats, it will be necessary to change the requirements for both foreign and domestic manufacturers. They should open data about their electronics and implement a new management architecture with a central security gateway and separation of the internal network, Ilya Popov added. Encryption may be required for critical data, such as CAN bus messages, the expert notes. All this can be written into new regulations for the industry.
Переведено сервисом «Яндекс Переводчик»
