"Vatican" stops hacker attacks on cars

September 11, 2017 // By Christoph Hammerschmidt
For hackers, the Connected Car offers many digital entry gates that can lead to devastating scenarios, so scientists from the Competence Center for IT Security at Saarland University (CISPA) have developed a technology that can detect such attacks and render them harmless. With the freely available software "vatiCAN", car manufacturers can retrofit their programs.

In today's vehicles there are dozens of computers installed, the installed software in a modern car adds up to 100 million lines of code and more. These computers make it easier for the workshop to diagnose faults or warn drivers of a serious lane change, for example. The computers, however, only follow given control commands without thinking about it like a human being. If a stranger confuses the command hierarchy, uncontrolled control commands can suddenly hit the devices in the car and abruptly slow down the vehicle or cause it to spin," says Stefan Nürnberger, head of the research group for automotive security at the Competence Center for IT Security CISPA in Saarbrücken (Germany). Only a few years ago, such scenarios were virtually impossible because criminals had to physically gain access to the vehicle in order to manipulate it. 

Today, more and more vehicles have a permanent internet connection. It allows, for example, to include current traffic jam information in route planning or to activate auxiliary heating remotely. However, if such Internet-capable ECUs contain security gaps, attackers can send their commands to thousands of vehicles, "warns the computer scientist with a doctorate. Together with Christian Rossow, Professor of IT Security at Saarland University, Nürnberger is working on the idea that components such as an emergency brake assistant can check the authenticity of the commands addressed to them at any time. The "vatiCAN" software developed for this purpose ensures that only the real transmitter can attach the necessary authentication codes to messages.