Open in app

Sign in

Write

Sign in

How Hackers Use Reverse Engineering and Tampering to Hack Connected Cars

Beth Kindig
4 min readJun 6, 2018

In order to understand threats to the connected car, we must understand what hackers are trying to achieve. Hackers will mount different kinds of attacks to achieve different kinds of goals. The most dangerous goal might be to bypass controls in safety critical systems, such as steering, brakes, and transmission. But hackers might also be interested in obtaining valuable pieces of data that are managed within the car software, such as personally identifiable information (PII) or car trip and performance statistics. While data can be protected with cryptography, this only shifts the problem from protecting the data directly to protecting the cryptographic keys.

In order to understand threats to the connected car, we must understand what hackers are trying to achieve. Hackers will mount different kinds of attacks to achieve different kinds of goals. The most dangerous goal might be to bypass controls in safety critical systems, such as steering, brakes, and transmission. But hackers might also be interested in obtaining valuable pieces of data that are managed within the car software, such as personally identifiable information (PII) or car trip and performance statistics. While data can be protected with cryptography, this only shifts the problem from protecting the data directly to protecting the cryptographic keys.

Hackers employ two fundamental techniques when attacking: reverse engineering and tampering. If the hacker tries to bypass the business logic, they have to find where in the application the business logic resides; that requires reverse engineering. Then they must tamper with the application to bypass that logic.

Reverse Engineering

If the hacker is trying to steal sensitive data or cryptographic keys, they have to know where to look in the application. Unless those secrets are obvious, hackers need to reverse engineer the application to find them.

Reverse engineering plays a central role to almost every hacker when attacking applications. Reverse engineering is extraordinarily hard work. The people who do it have a large toolset and focused mind. Their goals are totally different from the goals of software engineers. For example, they are not concerned with fixing bugs; instead, they introduce artificial bugs into the compiled code to see how it breaks. Hackers are familiar with common structures in compiled code. They might look for a string corresponding to an error message related to their objective (e.g. “Engine failure” or “Anti-lock brake system disabled”) and trace where that string is used. They leverage sophisticated techniques such as static analysis which helps them understand the overall structure of the code, where the functions are located and how they are called from other functions.

Tampering with Code

If hackers have physical access to a device, they can directly tamper with the application. Consider how you might bypass business logic. Often, the way this is done is by making one small change to the application. Consider the following code:

if (getTachometerRPM() > 4500) { implementVTECSwitchover(); }

If the hacker is able to identify this particular piece of code, then they can often bypass it by any number of ways, typically at the assembly language level:

  • Inverting the logic of the conditional jump:
  • if (getTachometerRPM() < 4500) { implementVTECSwitchover(); }
  • Replacing the test with a tautology:
  • if (true) { implementVTECSwitchover(); }

Hackers might also replace function calls to functions of their own design. For example, they might trick the application into calling their own version of implementVTECSwitchover(), which executes some part of code they are after.

Download our 2018 Intertrust Connected Car Security White Paper

Intertrust’s Products for Connected Car Security

whiteCryption is a leading provider of application shielding solutions to prevent hackers from reverse engineering and tampering with code. Our products are backed up by superlative support and professional services to help you achieve your business goals quickly and efficiently.

Our application shielding portfolio consists of two products:

  • whiteCryption® Code Protection™ provides application developers with a comprehensive suite of anti-reverse engineering and runtime application security protections to help protect your applications.
  • whiteCryption® Secure Key Box™ is an advanced white box cryptographic library that protects cryptographic keys for critical security functions such as device authentication, secure communications, and data encryption.

Founded over a decade ago by Intertrust Technologies Corporation, Seacert provides public-key infrastructure (PKI), specializing in large-scale key provisioning for device identities. Seacert’s services are used by leading media and entertainment companies, manufacturers of automotive, healthcare, and other types of IoT devices. Seacert credentials are embedded in hundreds of millions of devices and applications worldwide.

2018 Intertrust Connected Car Security White Paper

Download the white paper

This white paper describes the potential threats in modern connected cars, the ways hackers attempt to tamper with the data and software, and what are the solutions to these threats. Finally, this paper will focus on Intertrust’s robust solution to protecting connected cars — a set of software tools that are intended to increase application-level security and render hacker attacks extremely difficult and expensive to execute.

Sources:
1https://www…
2https://www…
3https://www…

Originally published at www.intertrust.com on June 6, 2018.

Security

--

--

Beth Kindig

Written by Beth Kindig

1.5K Followers

CEO and Lead Tech Analyst for the I/O Fund with cumulative audited results of 141%, beating Ark and other leading active tech funds over four audit periods in 2

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams