对于安全专家而言，网联系统就像是一种取之不尽的馈赠，但随着一些具备网联功能的汽车数量不断增加，相关汽车网络安全隐患的数量随之急剧爆发。此外，一些老款车型的安全漏洞也随之暴露，这也需要进行持续不断的升级。

事实上，这些一级供应商和汽车厂商对黑客的担忧绝非空穴来风。另外，一些利用汽车进行的恐怖袭击也进一步升级了相关问题的严肃性。尽管目前从现实世界来看，针对网联车辆的成功攻击案例暂时并不多，但很多观察者均认为这种情况可能很快会发生改变。

“我认为，黑客并不会给我们逐步适应的时间。”美国国土安全局的网络安全项目经理Dan Massey表示，“最好的情况是，我们可能会最初发现1到2个攻击个例，然后留给我们一点准备的时间。但黑客可能并不会这么想，可能未来某一天，突然就有成千上万的网络攻击直接摆在我们面前了。”

在WCX 2017 - SAE 2017年全球汽车年会的“汽车网络安全与物联网”专家座谈会上，Massey及其他专家组成员介绍了多起足够唤起大家警觉的汽车网络安全事件。美国交通运输部沃尔普(Volpe) 国家交通运输中心的Kevin Harnett指出，美国边境巡逻队及其他相关机构购买的一些车辆已经具备了网联功能，这会增加这些公务车辆被非法跟踪的几率。

Stinger Ghaffarian Technologies公司Graham Watson介绍了供应链上各级供应商的设备遭受网络袭击的可能性，并称如果这些恶意软件没有被检测出来，就会给车辆带来巨大的安全隐患。此外，大型车队可能特别容易受到攻击，部分原因可能在于这些车辆的服役寿命更长。

“卡车的使用寿命通常为20年，你现在还可以在路上看到一些可能已经过时的‘老古董’。”李尔公司的Andre Weimerskirch表示，“这些车并不会对不同网络进行分级隔离，而且还在采用统一的标准化CAN通信。黑客就曾成功侵入车辆的远程信息处理系统并获得了控制汽车网络的权限，这也就是说，黑客完全可以让卡车加速或刹车。”

目前，大量针对汽车网络安全的预防性工作正在进行之中。2015年，汽车行业专门成立了汽车信息共享和分析中心（Auto ISAC），推进汽车网络安全方面的相关工作。中心CEO Faye Francy表示，中心已经建立了一套全面的“最佳做法”标准，将为供应商的研发设计提供指导。小组成员还指出，SAE、IEEE和NHTSA等组织也在努力推动汽车行业在网联汽车安全方面取得进展。目前，供应链上下各个环节的公司均在为了这项事业而共同努力。

“半导体产业已经开始直面挑战，”采埃孚天合（ZF-TRW）公司的Brian Murray表示，“一些公司已经开始为芯片配备安全硬件模块了。”

目前，安全测试系统领域仍需进行更多工作。专家组成员均认为，行业应当进行渗透测试。具体来说，渗透测试通常由第三方人员，而非设计该系统的研发人员负责开展。虽然有人建议可以起草一套标准化的渗透测试流程，确保各家公司都在最大范围内解决更多潜在安全漏洞，但并非所有人都持同样的观点。

密歇根大学的Russ Bielawski表示，“这种渗透测试必须非常具备创造力。”他还指出，空中升级是保证车辆网络安全的一个重要因素。当新的威胁出现时，马路上跑的汽车也同样需要针对这些新威胁进行系统更新。然而，由于这些更新可以改变汽车的固件，因此可能成为黑客攻击的目标，我们必须再三确保此类升级的安全性。此外，针对汽车系统深处的攻击尤为难以解决。

“想象一下，假设一家四级供应商在自己的模块中加入了一段恶意代码，而厂商很有可能在不知情的情况下直接对其给予了授权放行，那汽车公司又该怎样面对这部分‘已经过认证’的威胁代码呢？”李尔公司的Weimerskirch沉思道，“大多数公司可能什么也做不了。”

For security experts, connectivity is the gift that keeps on giving. The number of threats will increase rapidly as more vehicles are connected, and vulnerabilities on older vehicles will be in constant need of updating.

Tier 1s and OEMs have many reasons to worry about hackers, and the use of vehicles in terror attacks makes them a concern for security agencies at many levels. While successful real world attacks are still quite rare, many observers fear that things could change quickly.

“I don’t think we’ll have a gradual change,” said Dan Massey, Cybersecurity Program Manager at the U.S. Dept. Of Homeland Security. “I’d love to see a slow progression starting with one or two one-off attacks. I fear we won’t have the opportunity – that it will go from seeing nothing but a few cyber-attack demonstrations to tens or hundreds of thousands of vehicles to be concerned about.”

Massey and other panelists at the SAE WCX 2017’s “Vehicle Cybersecurity and the IoT” session cited a number of instances where connectivity has the potential for considerable problems. Kevin Harnett of the Dept. of Transportation’s Volpe Center noted that new vehicles acquired by the FBI, U.S. Border Patrol and other agencies have factory-installed connectivity, raising the dangerous possibility that their movements and locations can be tracked.

Graham Watson of Stinger Ghaffarian Technologies expressed concern that equipment from various levels of the supply chain could be compromised, creating vulnerabilities in vehicles if malware is not detected. Large fleet vehicles may be particularly vulnerable to attacks, partially because of their long lifetimes.

“Trucks are often 20 years old; the architectures you see on the road now are quite outdated,” said Andre Weimerskirch of Lear Corp. “They do not have separation between networks, and they use standardized CAN messages. Once there’s a successful hack into the telematic system, hackers have access to the vehicle network, they can speed up the truck or control the brakes.”

There’s a lot of work aimed at preventing attacks. In 2015, the industry formed the Automotive Information Sharing and Analysis Center (Auto ISAC) to focus on cybersecurity. Executive Director Faye Francy described an extensive Best Practices project that was created to provide guidelines for suppliers. Panelists also noted that SAE, IEEE and NHTSA are also working diligently to help the industry ramp up its security efforts. Efforts span the entire supply chain.

“The semiconductor industry has risen to the challenge,” said Brian Murray of ZF-TRW. “They put hardware security modules on chips.”

Testing systems for security is an area that still requires more work. Panelists agreed that penetration tests should be performed, often by outsiders rather than staffers who helped create the system under test. While some suggested standardizing penetration testing to ensure that companies address a wide number of potential vulnerabilities, that was not a consensus opinion.

Penetration testing has to be a very creative process,” said Russ Bielawski of the University of Michigan. He also noted that over the air updating will be an important factor. As new threats emerge, vehicles already on the highway will need to be updated. However, these updates must be extremely secure, since they alter the firmware that controls the vehicle. That will make updates an attractive target for hackers, panelists agreed. Attacks that are deep within the vehicle may be particularly difficult to address.

“If a Tier 4 inserts compromised code in a module and the OEM authorizes it, how will companies deal with compromised code that’s been certified?” Lear's Weimerskirch mused. “Most companies aren’t able to do anything about that.”

Author: Terry Costlow
Source: SAE Automotive Engineering Magazine