世界上第一个基于云端的网联车安全解决方案诞生于以色列，目前正在各地的整车厂进行测试。

黑客究竟可以对一辆车做什么呢？答案是什么都能做。网络安全专家一边指着标有数十个攻击向量的汽车原理图，一边感叹道，如今的汽车简直就是待宰的肥羊。（译注：所谓的攻击向量，就是容易受到入侵的安全漏洞。）

对前老板怀恨在心，想要远程锁住他的F-150，给他制造点“惊喜”？小菜一碟。来点难度更高的？例如锁上全国范围内的F-150，1个小时后再解锁？这可能会让恼怒的车主对福特群起而攻之。不过，和其它一些黑客攻击所具备的破坏力相比，这些都还只是小打小闹——黑客还可以远程操控车辆的刹车和转向，甚至大范围植入勒索软件。

Upstream Security是一家总部位于以色列的网络安全公司。Upstream的副总裁Dan Sahar表示，“我们和很多‘白帽’黑客（坚持正道的黑客）合作，其中一位号称是汽车黑客中的勒布朗·詹姆斯。” Sahar本人也是一名计算机科学家，他说，“你如果问这位黑客该怎么保障车辆的安全，他会说没有办法。电子节气门控制器、动力总成ECU的编码都不知道用了多少年了。整车厂没有控制权，而且他们的供应商和零部件都是共用的。”

Sahar还说，“这意味着如果有一家一级电子系统集成商犯了安全错误，所有人都会遭殃。过去，汽车行业几乎没有什么网络安全问题，但是情况在迅速恶化，现在可能会发生极其严重的安全事件。这不仅会危及车企和科技公司，也会对普通大众造成实质性的伤害。”

无限的处理能力

Sahar在接受SAE《汽车工程》杂志的采访时表示，未来十年，网联车的数量有望达到2亿辆，自动驾驶汽车也会不断增多，但与此同时，汽车面临的风险也在与日俱增，甚至可能会出现越来越多新的威胁。Sahar等网络安全专家认为，出行服务（MaaS）供应商和快递公司的车队，以及企业或政府的租赁车队都将面临越来越多的网络攻击。

Sahar表示，“一旦连上网，汽车所面临的威胁就会急剧增加。这就是风险。”那么，企业到底应该如何保护自身安全呢？Sahar认为，把安全保护层建在车内只会让网联车离黑客更近，而且会让车辆更易受到新型威胁的攻击。最佳的解决方案是把安全保护层建在云端。这也是Upstream的两位创始人Yonatan Appel和Yoav Levy在近两年前创立公司时所秉持的观点。Appel和Levy都是前以色列国防军的资深网络安全专家。

Sahar还说，“在汽车网络安全公司里，只有我们没有把安全系统放在汽车、车联网服务器和移动应用程序服务器中。其它公司都还在研究车载安全设备。但就算你设了防火墙，两年后它就有可能失效，因为CPU会过时。”

“但如果把安全层保护部署在云端，你就会拥有无限的处理能力。如果需要提高处理能力，那就多加几台服务器。你也可以输入新的编码，远程更新防御系统。但如果是车载安全设备，你就不能靠输编码更新设备。”与此同时，未来网联车所具备的强大的数据收集能力，也会为整车企业带来不菲的收益。Sahar认为，这也会为Upstream带来巨大的商机。2018年，这家公司的员工数已增加到了40名。

防范欺骗攻击

Sahar说，“未来每辆车都会产生并收集海量的数据。汽车行业正在朝着5G时代迈进，这对我们来说是件好事。我们在云端对所有数据流进行集中监控，随着数据量和安全威胁在5G时代不断增加，输入云端的信息也在不断增多，我们的监控就会变得更加有效。”

Upstream将采用自主开发的人工智能、机器学习和高级数据分析工具，标记出正常流量和异常流量。

Sahar举了一个检测的实例，“如果我们看到车辆收到一个未经授权的OTA更新请求，车辆又随后发出‘OTA更新完成’的反馈，我们就会把它标记出来，去查究竟是谁发出的更新命令。我们以前也遇到过类似的事情，最后发现它们是欺骗攻击。我们的目标是在攻击到达网络之前就能检测到威胁并将其拦截。”

Sahar表示，监控的整车厂数据越多，Upstream的安全解决方案就越有效。“各地整车厂使用的零部件都是来自同样的1级供应商。很多车型的硬件也很相似。如果我们发现宝马的系统安全出现了异常，可能其它品牌也有一样的问题。”

Upstream的监控系统还可以检测到出行服务的异常状况，比如根据数据足迹侦测租车诈骗犯罪。Upstream目前拥有十几家整车厂客户，一些客户在最初阶段就纳入了Upstream的产品，另外一些则是北美、欧洲和以色列的出行服务公司。去年春天，Upstream和一家总部位于东京的、名为Asgent的网络安全开发分销公司建立了战略合作关系，一起为日本的整车厂和车队提供汽车网络安全解决方案。

Sahar表示，“离量产网联汽车的到来已经没剩几年了，汽车行业必须在此之前解决好安全问题。这是一场猫鼠游戏。汽车上的安全漏洞很大，很容易受到入侵。Upstream正在努力解决这个问题。”

The first cloud-based solution for connected vehicles was born in Israel and is now pilot-testing at global OEMs.

What can hackers do with a car? Just about anything they want. A typical vehicle today is a potential sitting duck, cybersecurity experts say. They point to ghosted schematics of cars showing dozens of ‘attack vectors’—the places that are in various ways vulnerable to security intrusions.

Lock the doors of your former boss’s F-150 remotely, for spite and kicks? Too easy. How about something a bit more ambitious—like locking the doors in F-150s across the state and keeping them locked for an hour? Angry owners might diss Ford, but the fallout would be minor compared to the damageand pain inflicted by a remote hack of vehicle brakes or steering. Or a mass hack involving ransomware.

“We work with a lot of ‘white hat’ guys, one of whom is ‘the LeBron James’ of car hackers,” noted Dan Sahar, VP of Product for Israel-based Upstream Security. “Ask him how to secure at the vehicle level and he’ll tell you it’s impossible. The electronic throttle control, the powertrain ECU—when was the code written for these? The OEMs often don’t have control, and they share many suppliers and components,” asserted Sahar, a computer scientist.

“If one of the Tier 1 electronic-systems integrators makes a mistake regarding security, everyone can get hit,” he said. “The industry has rapidly moved from having zero security problems to a world in which very bad things can happen, not only to an enterprise and an IT organization, but physical damage to people.”

Infinite Processing Power

The danger becomes exponential with an estimated 200 million connected and increasingly automated vehicles expected to be in use by early next decade, Sahar said in an interview with Autonomous Vehicle Engineering. They’ll be exposed to even more new threats. Security attacks on vehicle fleets including MaaS (mobility as a service) providers, delivery companies and those leased by businesses and government agencies are likely to increase, Sahar and other experts believe.

“The second you enable connectivity, you increase the threat level dramatically. That’s the risk,” he said. How, then, does an enterprise protect itself? Applying the security layer inside the car will always put connected vehicles steps behind the hackers and more vulnerable to the most recent threats, Sahar argued. The optimum place for security instead is in the cloud, reckoned former Israeli Defense Forces cybersecurity veterans Yonatan Appel and his colleague Yoav Levy when they founded Upstream nearly two years ago.

“We’re the only company in the automotive cyber space that places the security in the cloud—between the car, the telematics server and the mobile-applications server,” Sahar explained. “The others still pursue the in-vehicle path. If you firewall something it will be obsolete in two years. CPUs get old.

“But in the cloud, I have infinite processing. If I need more power I just add more servers. And the defenses can be updated remotely with new code. You can’t do that by putting code in the car.” The formidable data-collecting ability of future connected vehicles is a potential pot of gold for OEMs and Sahar sees significant opportunities for his company, which has grown to nearly 40 employees in 2018.

Preventing Rogue Attacks

“Data generation and collection per vehicle will be enormous. The industry moving to 5G is good for us—more data and more risk in terms of security threats. And this benefits the effectiveness of our centralized position in the cloud where we can monitor every bit of traffic that goes on there,” he explained.

“We map out what’s normal traffic and what’s not,” using Upstream’s artificial intelligence, machine learning and advanced data-analytics tools.

Sahar cites a real-world detection example: “If we see an OTA update sent to the car without authentication, followed by an ‘OTA update complete’ response from the car, we flag it. Who told it to do an update? We’ve seen these events—they’re rogue attacks,” he said. “The aim is to detect and prevent threats before the reach they network.”

More data from more OEMsthat Upstream monitors means more effective security solutions, according to Sahar. “The global makers all use components from the same Tier 1s. The hardware in many cases is similar. If we found a security anomaly in one area of a BMW, for example, we’d then apply it on others.”

Upstream monitoring also could spot anomalies in MaaS activities— for example, fraudulent use of rental vehicles based on the data footprint. Upstream currently has nearly a dozen OEM customers, some using the product in advanced-pilot stage, as well as MaaS fleets in North America, Europe and Israel. Last spring, the company entered a strategic partnership with Asgent, a Tokyo-based developer and distributor of network security to provide automotive cyber-security solutions to OEMs and vehicle fleets in Japan.

“The industry now has a deadline to ship connected cars within a few years. They have to get the security done,” Sahar opined. “Autos is a cat-and-mouse game and the security holes are big and easy to penetrate. We’re in the process of changing that,” he said.

Author: Lindsay Brooke
Source: SAE Automotive Vehicle Engineering Magazine