Threat Intelligence for Bluetooth-enabled Systems with Automotive Applications: An Empirical Study

Hun Cheah; Jeremy Bryans; Daniel S. Fowler; Siraj Shaikh

Threat Intelligence for Bluetooth-enabled Systems with Automotive Applications: An Empirical Study

Hun Cheah, Jeremy Bryans, Daniel S. Fowler, Siraj Shaikh

Research output: Contribution to conference › Paper › peer-review

Abstract

Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligence
perspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

Original language	English
Number of pages	8
Publication status	Accepted/In press - 15 Apr 2017
Event	Workshop on Safety and Security of Intelligent Vehicles - Denver, United States Duration: 26 Jun 2017 → … Conference number: 3 https://www.lsec.icmc.usp.br/ssiv

Workshop

Workshop	Workshop on Safety and Security of Intelligent Vehicles
Abbreviated title	SSIV
Country/Territory	United States
City	Denver
Period	26/06/17 → …
Internet address	https://www.lsec.icmc.usp.br/ssiv

Keywords

automotive
Bluetooth
cybersecurity
infotaiment

Cite this

@conference{3348cf3078184590964c099851338c8c,

title = "Threat Intelligence for Bluetooth-enabled Systems with Automotive Applications: An Empirical Study",

abstract = "Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligenceperspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.",

keywords = "automotive, Bluetooth, cybersecurity, infotaiment",

author = "Hun Cheah and Jeremy Bryans and Fowler, {Daniel S.} and Siraj Shaikh",

year = "2017",

month = apr,

day = "15",

language = "English",

note = "Workshop on Safety and Security of Intelligent Vehicles, SSIV ; Conference date: 26-06-2017",

url = "https://www.lsec.icmc.usp.br/ssiv",

}

TY - CONF

T1 - Threat Intelligence for Bluetooth-enabled Systems with Automotive Applications: An Empirical Study

AU - Cheah, Hun

AU - Bryans, Jeremy

AU - Fowler, Daniel S.

AU - Shaikh, Siraj

N1 - Conference code: 3

PY - 2017/4/15

Y1 - 2017/4/15

N2 - Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligenceperspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

AB - Modern vehicles are opening up, with wireless interfaces such as Bluetooth integrated in order to enable comfort and safety features. Furthermore a plethora of aftermarket devices introduce additional connectivity which contributes to the driving experience. This connectivity opens the vehicle to potentially malicious attacks, which could have negative consequences with regards to safety. In this paper, we survey vehicles with Bluetooth connectivity from a threat intelligenceperspective to gain insight into conditions during real world driving. We do this in two ways: firstly, by examining Bluetooth implementation in vehicles and gathering information from inside the cabin, and secondly, using war-nibbling (general monitoring and scanning for nearby devices). We find that as the vehicle age decreases, the security (relatively speaking) of the Bluetooth implementation increases, but that there is still some technological lag with regards to Bluetooth implementation in vehicles. We also find that a large proportion of vehicles and aftermarket devices still use legacy pairing (and are therefore more insecure), and that these vehicles remain visible for sufficient time to mount an attack (assuming some premeditation and preparation). We demonstrate a real-world threat scenario as an example of the latter. Finally, we provide some recommendations on how the security risks we discover could be mitigated.

KW - automotive

KW - Bluetooth

KW - cybersecurity

KW - infotaiment

M3 - Paper

T2 - Workshop on Safety and Security of Intelligent Vehicles

Y2 - 26 June 2017

ER -

Threat Intelligence for Bluetooth-enabled Systems with Automotive Applications: An Empirical Study

Abstract

Workshop

Keywords

Fingerprint

Cite this