Detecting Vehicle-to-Everything (V2X) Cyber Threats

Article By : Maurizio Di Paolo Emilio

ArcRan is showing at CES its iSecV to monitor wireless signals (WiFi, Bluetooth, ZigBee, and C-V2X) in order to detect abnormal behavior in V2X environments. Integrated machine learning provides an early warning in case of unexpected incidents.

ArcRan, a cybersecurity company focusing on Vehicle-to-Everything (V2X), is showing at CES its iSecV to monitor wireless signals (WiFi, Bluetooth, ZigBee, and C-V2X) in order to detect abnormal behavior in V2X environments. Integrated machine learning provides an early warning in case of unexpected incidents.

ArcRan is focusing on Internet of Things & Vehicles. In an interview with EE Times, BG Lim, Advisor and Jessie Lin, Global Marketing Manager at ArcRan Information Technology Inc., highlighted some aspects of the new technology presented at CES. “Our core technology is wireless signal detection including but not limited to WiFi, Bluetooth, Zigbee, and C-V2X,” said Lim.

ArcRan pointed out that, based on testing, the number one cyber threat to V2X is ‘GPS Spoofing.’ This is an attempt to fool a GPS receiver by sending a false GPS signal over land. All navigators in the vicinity will show the wrong location. GPS spoofing can be used to hack cars and remotely piloted aircraft (UAVs), to confuse taxi drivers, drones and navigators. ArcRan is working with Hutoushan Innovation Hub (supported by Taiwan Government) to deploy V2X Cyber Security Joint Defense Solution.

V2X Technology

V2X generally refers to a set of standards and technologies that will enable vehicles to interact with public and other road users, not necessarily using state-of-the-art electronic hardware, but potentially through all network protocols and technologies. Despite their relative simplicity, V2X systems enable a multitude of interesting applications, including higher levels of driver assistance, more efficient use of the road and collision avoidance.

Anything connected in a network could be exposed to cyber-attacks of various kinds. There are software technology solutions dedicated to the cyber and digital protection of such vehicles and the networks to which they are connected.

Most of the known attacks so far have had mainly demonstrative purposes. Schemes related to vulnerability analysis of operating systems and of the most common components in on-board electronics have been followed. This is a very specialised ecosystem and requires high resources (including money) to identify vulnerabilities.

According to SAS, by 2025, there would 2 billion connected cars – cars with new car features and aftermarket devices. As vehicles are getting ‘smarter’ with these internet-connected devices, the risk of getting cyber attacked is more than ever.

The network connecting a vehicle faces several problems. For self-driving vehicles, all electronics, including entertainment electronics, are a possible prey for hackers.

However, once the target is reached, the potential damage is also very high from the point of view of people’s physical safety. Once access has been gained to the car’s control network, since most of the functions (such as braking) are controlled electronically, it is possible to try to tamper with the control systems and logics that regulate safety in a major way.

Different types of hackers can penetrate the system through WiFi/Bluetooth, GPS spoofing, etc. It is crucial to somehow keep track of the activity of the car in cyberspace.

“Hackers have more access points to personal info or business information. They have more ways to create phishing sites, and people won’t be able to react to those attacking skills better or in time,” said Lin.

A common form of GPS spoofing attack (also known as a “Carry-off attack”) starts with broadcasting genuine synchronised signals observed by the recipient, then subsequently modifying the coordinates by increasing or decreasing certain values to move the exact location.

ArcRAN Solution

V2X / IoV Joint Cyber Security Defense iSecV Detector is an isolated add-on box, used to detect DSRC / C-V2X signals, and to analyze unapproved signal sources using the whitelisting mechanism.

“How to assess and secure IoT devices will be our main concern in the near future. Many people don’t have this kind of awareness to prevent or react correctly, and to address these security issues,” said Lin.

Figure 1: Cyber Threats for V2X (Source: ArcRan)

Figure 2: Scenario of V2X Site (Source: ArcRan)

Lim highlighted the choice of the whitelisting mechanism. This is a technology designed to keep computer systems safe from unwanted software, including malware. It works in conjunction with blacklisting to prevent malware and other unauthorized software from running on a system (Figures 1 and 2).

“iSecV will be placed inside the Buses and RSUs,and communicate with the Traffic Center through an independent 4G Channel,” Lin added.

While the risks for autonomous vehicles are there for all to see, the risks associated with network attacks on connected electric vehicles should not be underestimated. The introduction of digital technologies amplifies the level of interconnection of electric networks. It also introduces additional dimensions of cyber risk, which stakeholders must manage together. Most of the vulnerabilities in these vehicles are related to battery management and the main digital interface. Although the cybersecurity industry is quite mature, there is a worrying lack of studies for the electric vehicle sector. As they are very complex devices, their vulnerabilities are also very complex.

Related articles:

Leave a comment