As the world is heading towards a new era of wide IoT implementation in all different aspects of our lives, many industries are becoming more security-minded. The automotive industry is not an exception, as connected cars gradually become an integral part of the IoT transportation system. A recent security assessment of the Mercedes-Benz car infotainment system published by Tencent Security Keen Lab can provide us a great perspective on the importance of security hardening of embedded systems.
In this article, we will analyze the report to see how an embedded system manufacturer can effectively assess the security of its products and prevent future exploits.
The attack surfaces section is well aligned with our approach of IoT device security hardening as stated in our previous blog post. By analyzing the attack surfaces report section we can learn how hackers are approaching exploiting embedded systems. The security hardening approach should follow the same way, analyzing the system’s external interfaces and weak points.
We can see that the assessment of possible attack surfaces is performed on a variety of interfaces, e.g.:
- Web browser embedded into the system’s video interface. Possible vulnerabilities in this interface can be assessed by analyzing the software present on the system
- WiFi, Bluetooth and GSM chips. We should check for possibly vulnerable firmware of third-party hardware components, especially those used for communication. Third-party HW components should be assessed for known vulnerabilities, and their firmware should be updated accordingly
- Linux Kernel. The kernel is the core of the OS and therefore plays an important part and usually includes lots of known vulnerabilities (CVE), unless promptly patched. As a matter of a fact, one of such vulnerabilities is shown as effectively used to escalate privileges after hackers succeeded to get an unprivileged shell to the system
- Open network ports on Ethernet interfaces. By using port mapping, analyzing the software that is listening on those ports, and testing it for vulnerabilities, we can harden the system and avoid exploits through the network
- USB interface. Both USB stack in Linux Kernel, and upper-layer applications that implement handling of USB devices should be analyzed for vulnerabilities
The Head Unit exploit, as described in the report, starts by connecting to the Ethernet interface of the board, and performing port scanning.
Port scanning is a useful technique to be used as part of the security audit of the device, and it should be included in the ongoing effort of security hardening as part of the device’s firmware SDLC. As each open port is a potential entrance for the hacker to begin exploiting a remote target, each process that opens a port has to be checked:
- for known vulnerabilities, in case it comes from a third party vendor
- having the code scanned with a static code analysis tool, in case of a proprietary library or code
All shared libraries used by those processes should be assessed as well.
Linux Kernel is another software component that is critical for the security of the system. The security researchers utilized CVE-2017-6001 vulnerability to perform a privilege escalation attack and get a root shell one the target.
As the exploits are numerous we wouldn’t be able to cover all of them in this article, however it can be said that a combination of secure coding, existing vulnerabilities remediation, as well as OS hardening, would fix most of the issues mentioned in the report, and make the exploit not possible.
Linux OS hardening as part of SDLC combined with secure coding methodology can allow R&D teams to deal with the security of the product being developed, and by the end serve as an efficient way to protect embedded devices from cyber attacks.