Safe car sharing: components, main problems and Yandex competition
The Yandex.Drive launched in February, like any car sharing service, works thanks to a complex of unique systems - in the car, in the user's phone and on the server. The system, which was recently a novelty for the IT community, is located in the machine itself. It includes several devices - a telematics unit, CAN-bus and multimedia equipment. In more detail how all this communicates among themselves, I also want to tell you. In addition, I will explain why it is now that companies and security experts should give maximum attention to the protection of car sharing services. The fact is that this is not just yet another application on your phone, but a whole runway for the automotive industry of tomorrow.
We strive to build the most secure carsharing infrastructure, and we hope that you will also take part in this process. Until May 27, you have the opportunity to explore Yandex.Drive for vulnerabilities. Try to change the logic of the service, reduce the price of the trip, access information about users or, for example, open the car when the service prohibits it.
')
Those who discover the most serious problem will receive half a million rubles from Yandex. The prize for the second place is 300,000 rubles, for the third - 200,000 rubles. I will talk about the details below, but for now let's get back to the car sharing device.
A machine drive or similar service differs from the usual one in that it has a special telematics unit. On the one hand, it is connected to the control unit of the entire vehicle electronics - the so-called CAN bus . On the other hand, the unit is in constant communication with the telematics server. The server analyzes the data received from the unit and sends back control signals: open or close the car, turn on the ignition, complete the lease, etc. All of the above actions are coordinated with the main client backend where the billing works, as well as the database of all customers and orders. The application on your phone, in turn, also interacts with the client backend.
Using GPRS and EDGE
Until recently, car sharing companies - both in Russia and abroad - used telematics blocks that were not originally intended to control the movement of vehicles in the city. The pioneers of the industry have adapted to their needs already existing devices to accompany trucks, gasoline tank trucks, tractors and other heavy machinery. A firm that was engaged in, say, agriculture, could find out where the tractor was, estimate the speed of movement, and send a message to the tractor driver about the need to accelerate.
In the case of heavy technology, the telematics block did not read as much data from the CAN bus as it did in car sharing, and this happened with less frequency. As a result, a 2G modem was enough to send data. The 2G cellular channel is not only easily intercepted (for example, through a fake base station, which allows you to replace car control signals), but is also most vulnerable when the cellular network falls. Providers know that most customers have already switched to 3G and LTE devices, consider 2G rather as a technical channel and in case of problems restore it last. Convenient rentals impose other requirements - LTE support has appeared in the blocks.
In addition, the old units allowed us to observe the equipment, but not to control it. The ability to remotely control the machine also requires additional security mechanisms, and not only in terms of device protection, but also in various interfaces.
Lack of encryption
Blocks for heavy equipment are also imperfect because they have poor performance. They do not have a processor capable of maintaining an encrypted connection to the server - all control of the machine occurs through an unprotected channel. Modern blocks can solve this problem too.
The lack of reliability of large IT-companies
Google, Yandex and other players are accustomed to ensure the stability of the services. For example, replication is common: when one of the data centers stops responding due to an accident, users, thanks to copies of their data in other data centers, do not notice anything. Firms that are engaged only in car sharing are less likely to use replication.
Unmanned cars are too voluminous technology stack: it cannot be sent to production immediately and completely. The implementation of this stack in people's lives will occur gradually, and each next stage will be based on the results of the previous one. Carsharing will be part of this process.
This is one of the fundamental problems of car sharing: the so-called “problem of the first and last mile”. The first mile is when you leave your home or office and are forced to get to the car - seemingly close by. But "close" is a loose concept. As a rule, the car is located farther than you would park your personal transport. Taxi, in turn, would also come closer to you.
Well, the last mile is a situation where you used car sharing, got to the desired point, but cannot complete the rental because you did not find a parking space. With personal transport would be the same story, but a taxi and here it turns out to be more convenient: the driver does not need to park for a long time to disembark you.
Carsharing will be just as convenient as a taxi, only when the car itself arrives at the beginning and goes to look for parking itself at the end.
For this, it should not be unmanned in the full sense of the word. Unmanned cars will be able to drive at high speeds, and for the two tasks described (to arrive from the next quarter and drive to the nearest parking), the speed is not so important. The main thing is that the car did not need to travel without a driver for long distances, that is, that the cars were scattered in sufficient numbers around the city. And this, in turn, is an achievable goal.
Thus, car sharing is one of the first areas where it will be possible to break in drones, and a similar run-in will begin in the coming years. Therefore, carsharing protection systems will in many respects become the starting point for analogues in drones.
To participate in the competition, you need to enroll and come to the Yandex office (Moscow, Lev Tolstoy St., 16). You will be able to use the Yandex.Drive car twice for 2 hours in a row - or you can spend one 4-hour session. You can participate alone or in a team of up to three people. Disassembling the machine or connecting to it with a cable is prohibited. In addition, you will need a Drive account - one per team. Registration in the service under this account must be completed in full.
The winners will be chosen by Yandex.Drive employees and Yandex’s information security services. First of all, the choice will take into account the criticality of the problems found, and not the search time.
The winners will be awarded on May 29 in the Information Security hall of the annual Yandex Yet Yet Conference (YaC) conference. If you wish, you can show your exploits to the guests of the conference.
Around the use of technology in cars now there is a global HYIP, so there are enough competitions to find vulnerabilities. The most popular way of hacking is through multimedia systems. You can recall the reports of the section Car Hacking Village at DEF CON (here's a good example ). As part of Car Hacking Village, the Capture the Flag competition is held annually, where security professionals try to find vulnerabilities in automotive systems. This is not counting the long-term bug bounty programs of key market players: Uber , Tesla and others. But no one in the world has held any significant competitions related to car sharing.
Regardless of whether you take a prize in the competition or not, we invite you to the YaC section on security. The main topic of the section is voice interface protection. In recent years, virtual assistants, smart acoustics, and so on have become increasingly popular, but each new type of interaction entails new vulnerabilities. From the very beginning, the developers ensured that machine intelligence did not “eavesdrop” on anyone, and private data were not accessible to intruders. Experience is now enough - it is time to share best practices. Among the guests we expect to see data protection specialists, as well as all developers, administrators and managers who are interested in this topic.
In addition to the two reports on the privacy of voice interfaces, several more presentations await you: you will learn how to organize inter-service authentication and build fraud protection. We are glad that our colleagues from Naver (South Korea) and Rakuten (Japan) will join us. Rewarding the winners of the contest and, we hope, the demonstration of the finished exploits on the Yandex.Drive car will take place in the final part of the section. Here is a more detailed program , and here is a link to registration .
By the way, we constantly have our own bug bounty program - you can search for vulnerabilities not only on the days of the Drive contest and not only on the Drive itself.
We strive to build the most secure carsharing infrastructure, and we hope that you will also take part in this process. Until May 27, you have the opportunity to explore Yandex.Drive for vulnerabilities. Try to change the logic of the service, reduce the price of the trip, access information about users or, for example, open the car when the service prohibits it.
')
Those who discover the most serious problem will receive half a million rubles from Yandex. The prize for the second place is 300,000 rubles, for the third - 200,000 rubles. I will talk about the details below, but for now let's get back to the car sharing device.
A few words about carsharing
A machine drive or similar service differs from the usual one in that it has a special telematics unit. On the one hand, it is connected to the control unit of the entire vehicle electronics - the so-called CAN bus . On the other hand, the unit is in constant communication with the telematics server. The server analyzes the data received from the unit and sends back control signals: open or close the car, turn on the ignition, complete the lease, etc. All of the above actions are coordinated with the main client backend where the billing works, as well as the database of all customers and orders. The application on your phone, in turn, also interacts with the client backend.
What information can be collected and sent to the server using CAN-bus and telematics unit?There is one more component in Yandex.Drayve - the Yandex.Auto platform for multimedia systems with voice control. It has built-in Navigator, Music and Radio. Since the platform works with user data, we try to do everything possible to ensure that they are safe and correctly removed from the device between rental sessions.
The minimum set is the coordinates of the car, the status of each door and engine (closed-open, on / off), fuel level, and gearbox mode. However, the CAN bus reads many other data that can also be transferred to the telematics unit and further to the server. We are talking about the speedometer readings, engine speed and temperature, fuel consumption, the status of the need to repair certain units, the position of airbags - in a word, if desired, it is easy to log readings of almost all electronic sensors in the car.
The main problems in the safety of karsheringov
Using GPRS and EDGE
Until recently, car sharing companies - both in Russia and abroad - used telematics blocks that were not originally intended to control the movement of vehicles in the city. The pioneers of the industry have adapted to their needs already existing devices to accompany trucks, gasoline tank trucks, tractors and other heavy machinery. A firm that was engaged in, say, agriculture, could find out where the tractor was, estimate the speed of movement, and send a message to the tractor driver about the need to accelerate.
In the case of heavy technology, the telematics block did not read as much data from the CAN bus as it did in car sharing, and this happened with less frequency. As a result, a 2G modem was enough to send data. The 2G cellular channel is not only easily intercepted (for example, through a fake base station, which allows you to replace car control signals), but is also most vulnerable when the cellular network falls. Providers know that most customers have already switched to 3G and LTE devices, consider 2G rather as a technical channel and in case of problems restore it last. Convenient rentals impose other requirements - LTE support has appeared in the blocks.
In addition, the old units allowed us to observe the equipment, but not to control it. The ability to remotely control the machine also requires additional security mechanisms, and not only in terms of device protection, but also in various interfaces.
Lack of encryption
Blocks for heavy equipment are also imperfect because they have poor performance. They do not have a processor capable of maintaining an encrypted connection to the server - all control of the machine occurs through an unprotected channel. Modern blocks can solve this problem too.
The lack of reliability of large IT-companies
Google, Yandex and other players are accustomed to ensure the stability of the services. For example, replication is common: when one of the data centers stops responding due to an accident, users, thanks to copies of their data in other data centers, do not notice anything. Firms that are engaged only in car sharing are less likely to use replication.
Safety carsharing - the security of unmanned cars
Unmanned cars are too voluminous technology stack: it cannot be sent to production immediately and completely. The implementation of this stack in people's lives will occur gradually, and each next stage will be based on the results of the previous one. Carsharing will be part of this process.
This is one of the fundamental problems of car sharing: the so-called “problem of the first and last mile”. The first mile is when you leave your home or office and are forced to get to the car - seemingly close by. But "close" is a loose concept. As a rule, the car is located farther than you would park your personal transport. Taxi, in turn, would also come closer to you.
Well, the last mile is a situation where you used car sharing, got to the desired point, but cannot complete the rental because you did not find a parking space. With personal transport would be the same story, but a taxi and here it turns out to be more convenient: the driver does not need to park for a long time to disembark you.
Carsharing will be just as convenient as a taxi, only when the car itself arrives at the beginning and goes to look for parking itself at the end.
For this, it should not be unmanned in the full sense of the word. Unmanned cars will be able to drive at high speeds, and for the two tasks described (to arrive from the next quarter and drive to the nearest parking), the speed is not so important. The main thing is that the car did not need to travel without a driver for long distances, that is, that the cars were scattered in sufficient numbers around the city. And this, in turn, is an achievable goal.
Thus, car sharing is one of the first areas where it will be possible to break in drones, and a similar run-in will begin in the coming years. Therefore, carsharing protection systems will in many respects become the starting point for analogues in drones.
Competition
To participate in the competition, you need to enroll and come to the Yandex office (Moscow, Lev Tolstoy St., 16). You will be able to use the Yandex.Drive car twice for 2 hours in a row - or you can spend one 4-hour session. You can participate alone or in a team of up to three people. Disassembling the machine or connecting to it with a cable is prohibited. In addition, you will need a Drive account - one per team. Registration in the service under this account must be completed in full.
The winners will be chosen by Yandex.Drive employees and Yandex’s information security services. First of all, the choice will take into account the criticality of the problems found, and not the search time.
The winners will be awarded on May 29 in the Information Security hall of the annual Yandex Yet Yet Conference (YaC) conference. If you wish, you can show your exploits to the guests of the conference.
Competitions of other companies
Around the use of technology in cars now there is a global HYIP, so there are enough competitions to find vulnerabilities. The most popular way of hacking is through multimedia systems. You can recall the reports of the section Car Hacking Village at DEF CON (here's a good example ). As part of Car Hacking Village, the Capture the Flag competition is held annually, where security professionals try to find vulnerabilities in automotive systems. This is not counting the long-term bug bounty programs of key market players: Uber , Tesla and others. But no one in the world has held any significant competitions related to car sharing.
Information Security Section at YaC 2018
Regardless of whether you take a prize in the competition or not, we invite you to the YaC section on security. The main topic of the section is voice interface protection. In recent years, virtual assistants, smart acoustics, and so on have become increasingly popular, but each new type of interaction entails new vulnerabilities. From the very beginning, the developers ensured that machine intelligence did not “eavesdrop” on anyone, and private data were not accessible to intruders. Experience is now enough - it is time to share best practices. Among the guests we expect to see data protection specialists, as well as all developers, administrators and managers who are interested in this topic.
In addition to the two reports on the privacy of voice interfaces, several more presentations await you: you will learn how to organize inter-service authentication and build fraud protection. We are glad that our colleagues from Naver (South Korea) and Rakuten (Japan) will join us. Rewarding the winners of the contest and, we hope, the demonstration of the finished exploits on the Yandex.Drive car will take place in the final part of the section. Here is a more detailed program , and here is a link to registration .
By the way, we constantly have our own bug bounty program - you can search for vulnerabilities not only on the days of the Drive contest and not only on the Drive itself.
Source: https://habr.com/ru/post/358662/
All Articles