Off-highway vehicles are now loaded with an ever-growing array of software-driven, interconnected, semi-autonomous devices such as smart sensors, variable speed fan drives and monitors. Telematics has become more prevalent, and we have the issue of increasingly complex supply chains. Legacy systems (especially those found in military vehicles) are now being connected to the internet. And finally, there’s the issue of the open architecture of SAE J1939.
What would a hacking incident look like and why should you be concerned? It might be a situation where an HVAC system is shut down remotely, rendering harvester cabins uncomfortable but still operable. Or the tire pressure monitoring sensors send bad data to tractor drivers, requiring shut down. It’s also possible that a ransomware attack via the remote diagnostics module of a telematics system renders a fleet of excavators only able to move in reverse. A more serious scenario is data exfiltration from military vehicles, providing a nation-state hacker with GPS coordinates. The possible range of repercussions from cyberattacks could include negative press, the requirement to investigate internally, costs associated with alerting customers, possible legal action resulting from contractual breach, regulatory inquiries, injury to operators, and loss of life.
Software’s soft underbelly
In the race for more efficient operations, increased productivity and profitability, and competitive advantages through enhanced features, off-highway vehicles are being integrated with complex embedded software and smart devices. As more and more electronic controls, sensors, surveillance systems, operator assist modules, geo-fencing, and battery and energy management systems are tied to the internet, the cyberattack surface increases exponentially. The result is that these vehicles are vulnerable to unprecedented threats. Simply put, the attack surface of a software environment is the total number of points or vectors through which an unauthorized user could send or extract data. The “digital nervous system” of sensors and actuators, while providing reams of potentially useful management information, also exposes equipment and networks to cyberattacks that were not considered as recently as 10 years ago.
Telecommunications + informatics
Since the term telematics was coined by French authors in 1978, computer processors have continued to shrink. Telecom and wireless networks have grown exponentially and are able to transmit information between points regardless of where the host computer is, thanks to the cloud. That stream of real-time data includes GPS, performance information, and fuel burn rates, and can assist with asset allocation and maintenance. Off-highway vehicle telematics, depending on application, can incorporate radio-frequency communication, mobile data connections, cellular, satellite, and custom technologies. A hacker only has to exploit a single weak point in the security of a wireless device in order to gain access. In addition to the opportunity to control vehicles, the trove of proprietary data provides the potential for business disruption and ransom.
Older technology
So, if attackers can take over a car, truck, or backhoe, what happens when they set their sights on a tank? While not confined to military vehicles, the issue of legacy equipment deployed in the field should raise concern for OEMs and operators. The Marine Corps recently completed its first-ever adversarial cyber testing of the Light Armored Vehicle, looking for vulnerabilities. The Army’s Tank Automotive Research, Development, and Engineering Center – TARDEC – has issued a request for information, seeking a system to protect ground vehicles against cyberattacks. As older systems are connected to wireless communications, internet monitoring, and computing power, the issues of increased attack surface and interconnectivity arise.
Downloading malware
Software supply chain infiltration has already threatened critical infrastructure and is poised to move on to other sectors. Last year software from a South Korea-based firm was corrupted with a back door which allowed normal authentication to be bypassed. These type of cyberattacks have the potential to impact many vehicles through a single compromise. Essentially, hackers gain access to a software company's infrastructure: development environment and servers, and inject malware into new software releases or security updates. This results in users unknowingly downloading malware through “official” software distribution channels.
A standard’s pros and cons
Almost all off-highway vehicles use the Society of Automotive Engineers (SAE) J1939 protocol for sending and receiving messages across their Controller Area Network (CAN). The standard provides one language across manufacturers – theoretically a good thing. To disrupt a car’s network, a hacker would need to know the make and model to tailor the attack. However, because of J1939’s widespread use and published specifications, cyber criminals can create “one size fits all” exploits that are instantly scalable.
Traditional defenses can’t cope
Attacks can come from the outside (nation-state actors), insider threats (both malicious and unintended), and increasingly from a compromised supply chain. Unfortunately, traditional cybersecurity measures aren’t built to prevent malware from propagating. The most common defenses rely primarily on network and perimeter solutions like gateways, firewalls, intrusion prevention, and anti-virus agents.
In other words, these tools focus on identifying symptoms rather than addressing the underlying causes. While established tools have worked for decades on known attack types, their effectiveness continues to diminish against motivated adversaries skilled in designing new types of exploits. Detection offers no protection in cases where the supply chain itself is compromised, such as in file-less attacks like memory corruption exploits, stack and heap attacks, zero-day attacks or return oriented programming (ROP) chain attacks.
While detection monitoring is important, it isn’t an end-all solution, and it also requires time, investment and expertise to implement. Re-engineering code can also help enhance security, but to do so requires significant resources, and can trigger compliance risks, especially when the software stack is hundreds of thousands or millions of lines long.
Cyberhardening works
Memory corruption attacks try to trick a software program into running attacker-provided code, instead of programmer-written code. For this to work, the attacker must find vulnerabilities in the software binary code that allow the injection of code and/or the redirection of execution.
One of the latest and most effective means to reduce risk is to cyberharden systems using Runtime Application Self-Protection (RASP) technology, which prevents exploits from spreading across multiple devices and networks. RASP hardens software binaries by using techniques such as binary stirring, control flow integrity and stack frame randomization. The process insures that attackers can’t calculate in advance how to successfully execute their code. This can prevent an entire class of malware attacks.
RASP also uses runtime instrumentation to detect and block attacks via information from inside the running software. It differs from perimeter-based protection like firewalls, which can only detect and block attacks by using network information without context. When a threat is detected, RASP prevents exploitation and execution. In other words, it denies malware the uniformity required to propagate.
Importantly, RASP is easy to implement and requires no new investment, software, services or hardware, and only a one-time transformation with limited overhead. It doesn’t require access to source code and isn’t dependent on complier or operating systems. There are no alerts to monitor, and RASP is remotely deployable as binary code that can be cyberhardened via API. Cloud architecture providers, telecommunications, automotive OEMs, and other organizations which can’t afford to have a disruption in operations are turning to RASP as a proactive layer of defense against malware propagation.
Protect your customers
As further motivation, note that SonicWall Capture Labs recorded a total of 5.99 billion malware attacks during the first half of 2018, a greater than 100% increase over the same period in 2017. Moving from traditional detection security defenses to cyberhardening software binaries with RASP technology can reduce risk by stopping attacks before they can execute and spread. Doing so may well keep you, as an OEM, from fielding a jaw-dropping phone call about malware in your systems, devices or supply chain that has been discovered – and has spread.
