Contents Show
Conceal,
threaten,
sit out.
The bad news in terms of software security in the auto industry
The attack on a widespread immobilizer, known as the “Volkswagen hack”, has now been published after a year of legal delays on the part of VW. And in this news summary sentence everything that has gone wrong for decades in the software security of the automotive industry condenses.
Brief summary: In 2012, three researchers found some weaknesses in the immobilizer with the Megamos Crypto ID48 Magic I and II transponders, one of the most widespread systems of this type. They reported the problems to the affected manufacturers nine months before they even planned to publish anything for the first time. Volkswagen thought it would be a good idea to sue the publication in the UK. They were initially right, but in the end the group only ensured that it would remain synonymous with the Megamos hack, which has since been known as the “Volkswagen hack”. Because now the researchers are allowed to publish. Here is an outline of the weaknesses with recommendations also for end customers [1].
bestkey.de
Many writers viciously accused VW of the allegations they wrote off at Ars Technica. I do not want to join that. At that time, VW took the best system available from suppliers. All three major competitive systems were broken earlier. I want to reproach VW and the entire auto industry with a completely different one: for decades you have nailed down your own crooked huts in the dark against the best recommendations of the most accomplished experts and if someone directs a flashlight at your favelas, then you want to slaughter the messenger and his prohibit unbelievably perfidious flashlight technology. This approach is the reason that you let your car customers safety continue to live in favelas, although even the dog cake saleswoman on the Internet technoallegorisch written long ago in a concrete bungalow with sturdy doors and a telephone call to help. And not because the dog biscuit saleswoman would be smarter, but because she uses open technology with certifiable security levels and cooks her own ghetto soup, as if 1978 were still on the tits calendar.
The big difficulty of cryptology
In the twisting field of cryptology, rare people deal with Gordian knotted brains with certainty in information technology. Secure communication and unambiguous authentication today are based on elegant, yet difficult to implement, mathematical principles. In the past, they were based on trying to cover up how bad their own safety actually looks in the cold light of LED flashlights. Or one hoped that nothing would go wrong. Most people are usually very nice. However, since everyone and his grandmother communicate with each other in networks, the world has said goodbye to this principle, because it does not work for a long time. Actually, it has never worked. Only the car industry clings to this principle as if it were about their lives. The opposite is true: this way of dealing with network security can break her neck on the long haul.
A clever man named Auguste Kerckhoff already wrote 1883 a maxim that is still valid today: The security of an encryption process must be based on the secrecy of the keys and must not be dependent on the secrecy of the procedure. Because there is only one reason why a procedure should remain secret: it is inadequate. Therefore, banks or dog-cake vendors today use crypto methods for secure communication channels and unambiguous verification that are publicly known. Their security was long tortured by Gordian knot heads and found to be fit.
Even the auto industry uses the well-known cryptological principles, but as I said: Crypto-programming is a thorny way full of traps that you put yourself. That is why it is so important that at least some of the best knot heads try to find the weaknesses of the system in the planning, otherwise they will find someone, if millions of systems are already delivered. QED. Because of their rarity, these best minds seldom sit in their own company, and when they sit there they are not listened to because only the external expert knows everything; Employees do not know anything (old wisdom of managers booking consultants). Without an openness, at least a few, no manufacturer can judge whether he lived up to Mr Kerckhoff's maxim. That is why openness is best practice, yes: the only sensible way. The other way? Make mistakes secretly and then get upset if someone points them out when it's all too late. That's the way it works in the industry. For decades. Who could AHNEN that were in the then considered really valid Megamos system ERRORS and weaknesses and even real stupidities? Anyone who was honest with themselves.
People who are honest with themselves tend to be honest with their fellow human beings, often with the terrible reinforcement “open and”. Such people usually work at automakers where no one listens to them. What does a crypto engineer know about security? Nothing! Management has to take action: “Crypto? What should it be? What it COSTS! How, we should OPEN discuss how our immobilizer works ?! Sneak into the software basement, hideous creature, or I'll swing the resignation club! " That openness creates a kind of trust that could help customer-brand loyalty in the long term, especially in NSA times, well, something like that doesn't need to be suggested to middle management any more than best practices in cryptology.
It is dark and gets worse
Out of this problem area, we 2010 had these researchers hacking at the diagnostic interface [2]. At that time, I wrote that now all sit with their fingers in the ass and wait until there is the first case in which hackers gain access to the car from the outside via radio, and then shout loudly. That has happened recently [3], Keyless locking systems are even better for thieves than customers [4]. Even the diagnostic interface hacks were already relevant because insurers connect their tracking boxes there (here a hack [5]), and insurers work on the same principles as automakers: beforehand by no means listen to the experts, and afterwards yell and murder scream that these or other experts are silent, because where would we go if everyone on the emperor's new clothes is likely to show?
There is no prospect of improvement, although it is urgently needed, as software's share of the auto value chain is increasing every year. On the contrary, problems come to us that a manager does not want to imagine (here a help [6]). The next big task for the manufacturers are closely networked, self-propelled robot cars. The development of such machines is such a big part of software development that today's car screwdrivers get nightmares about it because they already consider electrical equipment to be a devil's work. You do not SEE those electrons! If they still dance invisibly to algorithms!
There was an opportunity to look into the code of an automobile giant when Toyota was negotiating its “unintended acceleration” in court. At some point they had to let outside experts read their code. It was a huge pile of spaghetti code [7], and if you are unfamiliar with the term, imagine a wiring harness that consists of a pile of spaghetti identical cables that is simply squeezed into a cavity behind the panels. Toyota probably didn't even lie when they said in court they couldn't understand the problems because by all known methods, Toyota's pile of shhh ... paghetti was untestable. Toyota had no way of knowing what kind of conditions might end up there, and apparently they weren't particularly interested in that either. The code looked like Toyota had read every code of good work on software and then did the opposite. And such companies are now working on cars that should automatically drive your child to school. In order to avoid problems in the future such as “the car drives through Ukraine with the child because a Russian car tractor is taking over Toyotas en masse into its Autobot network”, the manufacturers could use tried and tested methods of openness. Or they could continue stumbling in the dark as before. Who would like to guess what will happen?
Links:
[1] http://www.heise.de/autos/artikel/Volkswagen-Hack-veroeffentlicht-2778562.html
[2] http://www.autosec.org/pubs/cars-oakland2010.pdf
[3] http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
[5] http://www.heise.de/newsticker/meldung/Diagnose-Dongle-Forscher-hacken-Corvette-per-SMS-2777457.html
[6] http://www.mojomag.de/2010/05/grid-graffiti/
Partial picture: Remote central locking”By James086 - Own work, Licensed under GFDL via Wikimedia Commons.
