Car recalls and MES/SCADA attacks
No doubt you have heard about Chrysler’s recall of affected cars. You’ll be even more surprised if you see how many recalls happened because of technical issues in recent months. But there is something that we may miss beyond the headlines, some important potential sabotage vectors may happen or are even happening now to increase these statistics. While it looks like a script for a new episode of Mr. Robot, I think this is much more realistic that you may expect. Let’s first look at the current situation.
When I started collecting information of vehicle recalls I expected to see a couple of examples in total, but I have found a dozen for several last months alone! Here are the major recalls happened this summer:
- July 08 – Japanese parts supplier Takata Corp. announced last month it is recalling 33.8 million vehicles in the U.S. for airbags that could explode and send metal pieces flying at drivers and passengers. The faulty driver- and passenger-side airbags have been linked to at least seven deaths, including six in the U.S., and more than 100 injuries.
- July 8 – Ford’s recall of more than 400,000 cars in North America to fix a software bug may be just the first of many for the motor industry as automobiles become increasingly complex.
- July 9 – Honda recalled another 4.5 million cars over exploding airbags.
- July 13 – General Motors recalled 1.55 lakh cars in India.
- July 14 – GM recalled 50K cars for seat belt cable issue.
- July 15 – Nissan recalled about 270,000 vehicles worldwide because the ignition start buttons can malfunction and unexpectedly shut down the engine.
- July 15 – Subaru recalled 32,400 compact cars to fix air bag problem.
- July 15 – Toyota recalled 625,000 hybrid cars worldwide because of a glitch that can shut down the entire system while driving.
- July 17 – Ferrari recalled 814 sports cars for airbag defect.
- July 24 – Harley-Davidson recalled 185,000 motorcycles because the saddle bags can come loose and fall off, increasing the risk of a crash.
Vehicle recalls are probably the most popular recalls in the manufacturing industry dating back to a long time. One of the first examples of the recall took place in 1969 when rubber parts in V-8-powered General Motors engine mounts would give out, causing the engine to come free, twist upward and pull open the throttle, resulting in rapid acceleration. It would often disable brake assistance, making it harder to stop the car. By 1971, 172 cases of engine-mount failure had been reported, leading to dire consequences (63 accidents and 18 injuries).
If you look at the 12 largest auto recalls in the history totally affecting nearly 100 million of vehicles, you find out some other major reasons. Here are the top 5 auto recalls in history:
- General Motors (2014) – GM issued 71 separate recalls in 2014 covering 26.5 million vehicles.
- Ford (2009) – More than 14 million vehicles recalled over a cruise-control switch prone to spontaneous combustion.
- Ford (1996) – 7.9 million vehicles recalled over a faulty ignition switch.
- Toyota (2012) – 7.43 million cars recalled over a driver’s side power window problem.
- General Motors (1971) – 6.7 million vehicles recalled over engine-mount failure.
The most popular recalls happened because of airbag issues, faulty seatbelt buckle, stone-guard assembly issues, and bolt failures.
What we can learn from those recalls
It’s absolutely clear that software bugs and errors in the manufacturing process are the major reasons for recalls. To make the long story short, if this can happen by mistake and nobody detects it, somebody, be it competitor committing a sabotage attack or an anonymous group of hackers driven by ideological motives, may use this flaw with malicious intent.
Traditionally, manufacturing, planning and designing processes are managed in enterprise business applications such as MES, PLM, or CAD systems. For a successful attack on company, a cybercriminal needs to get access to these applications and make some minor changes in the following systems: in CAD during construction side, in PLM system during product lifecycle management configurations or directly in the MES system during manufacturing. The level of MES and PLM integration and automation provides opportunities for attackers to easily implement some modifications into those highly connected systems. Siemens (one of the largest vendors providing solutions for automotive industry) tells that “PLM-MES integration allows you to continuously respond to shifting demands by distributing your latest product designs and assembly methods to a more connected, more efficient and more effective production value chain, assuring complete visibility between your production and engineering domains”. So, nowadays production and engineering fields are not something isolated, they are connected to corporate network vulnerable to traditional malware and attacks.
The story of Stuxnet has shown, that these attacks on some technology modules are real and have already been executed against SCADA systems and PLCs. Technically for hackers there is not a big difference in this attack and gaining access to those systems. Moreover, the security of these systems is even weaker than the security of SCADA/PLC systems. As SCADA systems, companies started implementing SDL and at least somehow monitoring the security of those devices using some vulnerability management and event management solutions. But in enterprises nobody takes care about MES/PLM security responsibly. We should not forget that those systems are traditionally connected with other applications such as ERP, where is also a large number of vulnerabilities, according to “SAP Security in Figures” report. So, finally, getting unauthorized access to PLM or MES is a quite easy process for hackers.
As for the potential attack vectors against automotive institutions, here is a simple example. What will happen if somebody changes the pressure of wheel bolt in PLM system during product lifecycle management configurations or directly in the MES system during manufacturing? Of course, there may be many additional checks to identify this problem during car usage, but in some cases this really may lead to car accident when you ride 120 mph on the highway and the wheel falls off. It was just the first idea, but I found the real example of the recall because of suspension bolt failure which affected almost 6 million Buick cars in 1981. Suspension bolt failure has much in common with this simple idea. “If any part of the rear suspension fails at speed, the probability of passenger drama is high. With this in mind, GM agreed to replace rear-control-arm bolts on a number of models in the early 1980s, when reports surfaced that the bolts could fracture or loosen, leading to a loss of control.” A real attacker may conduct something more critical and less visible, such as bugs in airbags that prevent their Inflation in some situations. Not every time, because it will be able to identify during a crash test, but it may occur randomly. These types of attacks are not only subject to car recalls but also can lead to human injuries, which can destroy the reputation of a victim company.
As a conclusion, I hope that you got my point and if it still doesn’t look very realistic, remember any of public incidents seemed unrealizable before, I think in current situation we have to accept the idea what everything can happen. A year ago a remote attack on cars seemed something impossible, and 3 years ago no one could imagine a local attack on a car, so it’s just a question of time. But the fact is that no one knows whether such attacks have been performed already or even one of these vehicle recalls was a consequence of a competitors’ attack.