LEVL ADDRESSES WIRELESS DEVICE SECURITY IN AUTOMOBILES
Protecting vehicles from wireless cyberattacks
Automobiles are becoming more and more connected and this will only continue moving forward. The more connected they become, the higher the chances for unauthorized access to these vehicles, either to the vehicle itself or to the vehicle computers through exploiting software vulnerabilities. LEVL can help protect vehicles under three main use cases the first being from Internet-based attacks, the second being from attacks through the keyless entry system and the third is the navigation platform.
SOLVING VEHICULAR INTERNET ATTACKS
Most of the cyber-attacks and malicious code infiltrating into vehicles today use the vehicles’ internet connectivity as the entry point. This can occur from a Wi-Fi access point or from the cellular network. In both cases, the attackers fake a legitimate AP/base station and manipulate the vehicle into connecting to them. Current security solutions are not suited to prevent these man-in-the-middle type attacks.
When implemented in vehicles, LEVL’s technology provides the required intelligence to vehicles to better identify every wireless device that attempts to connect to the vehicle and to stop unauthorized connections. By preventing rogue wireless connections, LEVL eliminates the main entry point for malicious code rather than dealing with it when it is too late.
SOLVING VULNERABILITIES OF VEHICLE ACCESS SYSTEMS
The existing Passive-Entry-Passive-Start (PEPS) technology, as well as the next generation smart key systems, are easy targets for relay station attacks. This explains why the number of vehicle theft cases has been steadily climbing in recent years. In a relay attack, which is a “two-person job”, two devices are used which maintain wireless/wired connectivity between them. The first impersonates the fob and communicates with the vehicle and the second impersonates the vehicle and communicates with the fob. This way attackers with signal relaying devices can unlock and start a car by relaying signals from the car to the owner’s fob/smartphone and back.
While this used to be a difficult attack, today the required equipment to perform this attack is available for less than $25 and all the software and instructions to do it are readily available online.
In other scenarios, attackers can also steal credentials to get access to a vehicle. For manufacturers, these two problems cannot be solved by using existing authentication solutions or by range bonding, yet LEVL’s wireless device identity platform solves such vulnerabilities in a simple and effective manner.
PROTECTING GNSS SYSTEMS FROM SPOOFING ATTACKS AND FRAUD
More and more businesses rely on location information to make critical decisions and generate revenue.
- Ride-hailing services such as Uber, Didi, or Lyft use it to calculate ride costs and the optimal r route.
- Autonomous vehicles use it for navigation.
- Cargo transit services use it to track valuable goods.
- Security systems use geofencing to arm/disarm or lock/unlock systems, buildings, and assets.
Having extremely reliable location data is vital for all these services. But GNSS position information is non-encrypted and thus very easy to spoof or outright fake. In fact, one of the major shortcomings of the current architecture is that anybody can lie about their location. Searching “fake GPS” on the google play store brings up nearly 100 apps that allow you to override your phone’s location data. This puts businesses that heavily rely on position information in danger of being defrauded or worse.
Malicious GNSS wireless attacks on automated systems
Heavily automated systems can be a victim of malicious GNSS wireless attacks which take advantage of the fact that the signals from navigation satellites such as GPS, Glonass, or Beidou are very easy to spoof and fake. The main reason behind this is that civil GNSS positioning systems do not use any authentication techniques and have not implemented any security measures to prevent such attacks. Additionally, due to the low strength of these signals, once they reach the receiver, the GNSS signals are also very easy to override by malicious wireless attacks, making the over-the-air attacks even simpler to perform. Of course, the cost of fixing these issues includes launching new technologies on satellites, which is prohibitive.
From using simple mobile apps which override real position data, to using Software-Defined-Radios to generate fake GNSS signals, these attacks are becoming easier to perform and harder to detect, eventually leading to revenue loss, goods theft, and other security risks.
LEVL protects businesses from the emerging effects of GPS/GNSS spoofing attacks by securely validating GNSS signals.
Let us help you secure your product
If you are an automobile manufacturer or supplier, you can easily eliminate your customers’ chances of a cyberattack and increase the marketability of your product by incorporating radio fingerprinting by LEVL. Learn how to incorporate LEVL’s agentless, software-only solution in your product by starting here on our developer page.
LEVL solution has been certified under a number of automotive quality standards:
ASPICE – an internationally accepted process model that defines best practices for software and embedded systems development for the automotive industry.
MISRA-C – a set of software development guidelines for the C programming language developed by MISRA (Motor Industry Software Reliability Association). Its aims are to facilitate code safety, security, portability, and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99.
ISO9001 – is defined as the international standard that specifies requirements for a quality management system (QMS).