While V2X technology maximizes traffic efficiency and safety by enabling communication between vehicles and infrastructure or vehicles themselves, it also increases the attack surface that hackers can exploit. In March 2024, two cybersecurity researchers from Mysk, an independent cybersecurity research team, identified a security vulnerability that allowed them to generate a digital key to unlock a specific electric vehicle. Despite the presence of two-factor authentication, they successfully hacked the car using a $169 Flipper Zero device and a Wi-Fi board to open the vehicle’s doors. Source : https://www.bleepingcomputer.com/news/security/flipper-zero-can-be-used-to-launch-ios-bluetooth-spam-attacks By equipping the Flipper Zero with a Wi-Fi expansion module, attackers can create fake public Wi-Fi networks at service centers or charging stations. When unsuspecting users attempt to log in, their credentials—including email addresses, passwords, and two-factor authentication codes—can be intercepted. The hackers can then add a digital key to their app, allowing them to unlock the vehicle later.Beyond direct hacking methods like identity theft, other significant threats include interfering with On-Board Diagnostics (OBD) systems, disrupting Controller Area Network (CAN) message protocols, or exploiting vulnerabilities in Bluetooth Low Energy (BLE) to bypass digital locks without a key. ■ Increased Hacking Risks with IoT Advancements Source : WIRED : https://www.youtube.com/watch?v=MK0SrxBC1xs Source : adac : https://www.youtube.com/watch?v=0AHSDy6AiV0 In the past, cars were perceived as analog, mechanical devices. However, with rapid advancements in IoT technologies, vehicles have transformed into digital systems connected to surrounding infrastructure through Vehicle-to-Everything (V2X) communication. Consequently, hackers can now target not just the vehicle itself but also the broader traffic infrastructure and network protocols. ■ Technological Countermeasures for Enhancing V2X Contextual Security How can we respond to potential security breaches as digitalization progresses? Here are some key technological countermeasures to strengthen security in the V2X context: 1. Establishing V2X Security Credential Management Systems (SCMS)– Introduce systems like the U.S. Department of Transportation's SCMS to create secure communication environments.– Assign roles to multiple certification authorities to manage the issuance of registration and security certificates.– Develop and operate systems to issue, renew, and revoke certificates. 2. Privacy Protection Through Certificates– Use anonymized certificates to protect personal information, such as vehicle location, and periodically update temporary IDs to safeguard unique vehicle identifiers.– Issue separate types of certificates for special and general vehicles. 3. Development of V2X Security Modules and Protocols– Design and deploy hardware security modules to securely store encrypted communication, certificates, and private keys.– Develop and implement security protocols tailored for V2X communication. 4. Message Authentication and Integrity Verification– Authenticate the sender of messages received by vehicles and verify the integrity of the messages before accessing their content.– Ensure confidentiality through encrypted communications. 5. Intrusion Detection and Prevention Systems (IDS/IPS)– Monitor abnormal traffic in real time within vehicles and V2X communication networks using anomaly detection algorithms.– Detect and mitigate threats such as Denial of Service (DoS) attacks or data tampering early. To implement these measures, it is essential to expand V2X security platforms not only for vehicles but also for personal mobility devices like e-bikes and surrounding infrastructure. Furthermore, constructing Public Key Infrastructure (PKI)-based security authentication systems and establishing testing and certification infrastructures to verify compliance with authentication protocols are crucial. ■ Saesol Tech: From Connected Car Security to Integrated Mobility Security Saesol Tech is strengthening the V2X security platform with the following three product lines: 1. V2X Security Platform– Provides non-repudiation by ensuring the integrity of transmitted data and verifying the sender's identity.– Offers world-class performance in terms of speed, security, and reliability. 2. PKI-Based Security Authentication Server– Delivers various authentication methods and issues certificates at ultra-high speeds.– Ensures scalability, reliability, and high availability using cloud architecture, supporting integrated security per ISO 21177 standards. 3. V2X Mobility Testing/Certification Equipment– Offers testing and certification solutions to evaluate compliance with security authentication systems and platform security.– Identifies malfunctions, errors, and vulnerabilities in communication software through V2X fuzz testing tools attached to test devices. Using these product lines, Saesol Tech makes it difficult to compromise identity by securely managing private keys and authentication methods on PKI systems. Additionally, by leveraging fuzz testing, vulnerabilities in communication software can be identified and addressed preemptively. Saesol Tech remains committed to advancing the fields of micro-mobility, electric vehicles, autonomous vehicles, and traffic infrastructure to safeguard human lives and personal information. Learn More About Saesol Tech's V2X Security Solution Do you have any questions about Saesol Tech’s V2X security solutions? Contact the Saesol Tech team now! Contact Us
Countermeasures Against Hacking Risks for Connected Cars and Infrastructure: V2X Security Solutions
2025년 01월 15일