By Omar Yang (Senior Threat Researcher, Automotive)
Vehicle-to-everything (V2X) communication is a vital component in transforming transportation. V2X enables real-time and reliable data that helps improve the convenience, mobility, and safety of modern vehicles. But while the advantages of V2X have long been discussed and continue to be explored, research has also been investigating the security implications of this technology.
In this article, we discuss a study conducted by Mohammad Raashid, Jonathan Petit, Jean-Philippe Monteuuis, and Cong Chen that investigates how V2X is vulnerable to an attack platform they have called V2X Application Spoofing Platform (VASP). We also discuss the likelihood of success of the attack scenarios they have described on the different V2X generations seen today.
V2X refers to communication between a vehicle and everything in its surrounding environment. This includes other vehicles, connected infrastructures, and the cloud. V2X technology enables vehicles to share real-time data with other vehicles and infrastructures in its ecosystem. With the status of peer vehicles and ambient infrastructures, vehicles hold actionable information that enables them to, say, prevent accidents or suggest better routes to take to avoid traffic and save time.
To use V2X, vehicles are equipped with radio modules to exchange messages, such as a vehicle’s location and kinematic data. More specifically, these devices gather the necessary data in-vehicle and modulate it into a radio signal that is then broadcast within a certain distance. The most common type of broadcast signal or message is the basic safety message (BSM).
Basic safety message (BSM)
Basic safety message (BSM) is a standardized message format used in vehicle-to-vehicle (V2V) communication to share real-time information on the status and movements of vehicles. As such, a BSM from a vehicle contains the following data:
- Basic information: This includes the vehicle’s speed, heading, and position.
- Vehicle safety status: This indicates the status of the vehicle’s safety systems, including its brakes, stability control, and airbags.
- Vehicle identification: This includes the vehicle’s unique identifier. The vehicle’s V2X system generates a random ID for vehicles to recognize nearby vehicles.
- Vehicle emergency status: This indicates if the vehicle is in an emergency situation, such as if its emergency lights are on or if it has been involved in a collision.
Aside from the ones listed here, a BSM also includes other information such as vehicle size and the message’s identifier. BSMs themselves are collected by the V2X applications of ambient vehicles such as the electronic emergency brake light (EEBL) system and the intersection movement assist (IMA).
To get a full grasp of the attack scenarios described by the researchers, we further discuss what the EEBL system and the IMA do.
Electronic emergency brake light (EEBL) system
When a driver applies the brakes suddenly, the EEBL system sends an electronic signal to nearby vehicles to warn them that the vehicle is slowing down or stopping. This signal can help prevent rear-end collisions, particularly in situations where the driver may not have enough time to react, such as sudden stops or emergency braking.
Figure 1. The EEBL system shares data with nearby vehicles on whether the brakes have been applied.
Intersection movement assist (IMA)
The IMA has more to do with preventing collisions, especially at intersections. When a vehicle is approaching an intersection, the vehicle will calculate the time-to-collision (TTC) and distance-to-collision (DTC) with respect to any other vehicle approaching the same intersection. With this piece of information, the vehicle can make informed decisions to avoid a collision.
Figure 2. The IMA involves messages that focus on preventing collisions at intersections.
Attack scenarios that target V2X
The researchers maintain that spoofing V2X messages can lead to grave consequences. They propose the following attack models that compromise the safety of the members (vehicles) in the network depending on how the vehicles handle an incoming message:
- Ghost node: In the ghost node–based attack, an attacker creates a fake node on the V2X network to cause unwanted behaviors. The ghost vehicles created by this attack can mimic plausible mobility patterns, making this a high-risk attack scenario. The ghost node can be crafted by an attacker in the V2X network through software-defined radio or by an attacker who is far away by broadcasting V2X messages over the internet via road infrastructure or telecom infrastructure.
- Self-telemetry manipulation: By manipulating its own telemetry data, such as position, speed, and brake status, a vehicle can send misleading messages that might cause traffic congestion or even serious accidents.
In addition to BSMs, other V2X messages like ones from the EEBL system can also be exploited to compromise the V2X system’s security. For instance, a fake EEBL message can cause a vehicle following the attacker’s vehicle to brake suddenly, potentially triggering a series of rear-end collisions. An example of this attack is described here:
- Channel denial of service (DoS): In channel DoS, malicious actors intentionally jam the electromagnetic channels used for V2X communication. Since V2X technology relies on telecommunication protocols to transmit data such as BSMs, this type of attack can disrupt the transmission of important safety information, leading to a loss of situational awareness for vehicles.
Attack scenarios on different V2X generations
Since now is a time of transition from traditional vehicles to modern connected vehicles, it is also interesting to examine how likely these attack scenarios are in the context of the V2X generations used today.
Figure 3. The simplified timeline of V2X evolution
Source: Level-5 Autonomous Driving—Are We There Yet? A Review of Research Literature
The ghost vehicle attack scenario is highly likely for the first generation of V2X, DSRC (dedicated short-range communications), because it relies largely on 2G communication, which lacks authentication features and is more vulnerable to cyberattacks. With the introduction of cellular V2X (C-V2X), messages in V2X technology need to be signed before issuance. However, LTE-based C-V2X has weaker cryptographic keys. In comparison, 5G-V2X technology requires stronger authentication keys, such as RSA-4096, to prevent cyberattacks and forgeries, although it might still be vulnerable to quantum-based attacks.
In the self-telemetry manipulation scenario, malicious actors have complete control over the telemetry data, making it difficult to prevent them from falsifying their data. However, they are limited to attacking using their own vehicle, which can make it easier to identify the attacker. To prevent this type of attack, better analysis of V2X messages can be done. For instance, if the vehicle’s trajectory is deemed unlikely, the attack can be partially prevented.
Lastly, for the channel DoS scenario, again we see it as being more likely for the older two generations of V2X. Telecommunication protocols have advanced significantly with the adoption of 4G and 5G, which use better modulation methods such as orthogonal frequency-division multiplexing (OFDM). This provides resistance against channel jamming. While malicious signals with certain 4G/5G headers can still disturb the channel, it does so with less impact.
|Ghost node||Highly likely||Likely||Not likely|
|Self-telemetry manipulation||Likely||Likely||Not likely|
|Channel DoS||Highly likely||Likely||Not likely|
Table 1. The plausibility of the attacks’ successfully being conducted on each generation of V2X
V2X technology is one of the major components that defines connected cars as compared to traditional vehicles. However, it is also the reality that V2X significantly expands the attack surface of vehicles and introduces new threats. V2X threat research also highlights the importance of a driver’s own judgment, especially for road safety. People cannot rely solely on messages from machines when it comes to something as critical as driving. Human judgment is still invaluable on the road, especially when it is possible for vehicles to operate on information that might not match reality and facts.
Research such as this on VASP is essential in identifying threats and finding ways to prevent them from materializing. Based on our comparison of how effective these attacks will be on different V2X generations, we can see that newer generations of V2X technology will have improved security and unlikely carry over the risks from earlier generations through stricter encryption and more advanced telecommunication protocols.
To help mitigate risks from attacks such as the ghost node-based attack and self-telemetry manipulation, VicOne recommends:
- xNexus, an extended detection and response (XDR) platform for vehicle security operations centers (VSOCs), can help build awareness mechanisms and early warning for incoming attacks.
- xCarbon, an intrusion detection and prevention system (IDPS) for electronic control units (ECUs), provides superior detection and protection in vehicles, allowing VSOCs to quickly understand the nature of a potential attack.