Protecting Vehicles and Automotive Servers from log4shell

TOMER PORAT

Lead Cyber Threat Researcher

December 14, 2021

Four days ago, the cybersecurity world was introduced to Log4Shell — one of the most profound vulnerabilities of 2021. We at Upstream were prepared for this day to come, with a holistic solution including detection capabilities meant to detect any attempt of misusing the vehicles’ communications and the vulnerability for malicious intents.

What is the Log4Shell Vulnerability?

Apache Log4j​​ is a Java-based logging library, which has made major headlines in recent days. As news and awareness of this threat spread, IT and cybersecurity teams were tasked with mitigating this newly discovered threat to protect their companies’ assets, data, and customers.

This vulnerability in Log4j, known as ‘Log4Shell’, was a zero-day vulnerability now assigned  CVE-2021-44228. This critical vulnerability in Log4j, allows an attacker to execute arbitrary code on systems using Log4j to write out log messages. For this reason, the vulnerability scored an alarmingly high 10 out of 10 on the CVSS score scale, a score to which not many have the “honor” of receiving.

On December 9th, the vulnerability was first introduced on GitHub. This first proof-of-concept exploit enabled unauthenticated remote code execution, leading to a complete system takeover. The next day, December 10th, usage of the exploit was reported, identifying massive scanning from multiple hosts for servers using versions of Apache Log4j vulnerable to the exploit. This showed not only the potential risks and impact of the vulnerability across industries but also why it was so critical to be patched.

What’s Log4Shell’s impact on the Automotive industry?

Connected vehicles collect information about every detail throughout the vehicle’s life, communicating with their OEMs’ telematics and application back-end servers. Beyond OEM servers, other services that communicate with vehicles might belong to aftermarket companies including insurance companies, fleets providers, commercial fleets, car rental and leasing companies, and more.

This connection between the vehicles and their open channel with the companies’ servers is exactly the spot where they are vulnerable to the Log4Shell vulnerability.

The servers that communicate with the vehicles are application servers. Ultimately, they are tasked with reading and writing data, making them vulnerable to attacks, such as injection attacks, just like many other servers.

The Log4Shell vulnerability is an example of a weakness that jeopardizes the security of any automotive-related server since the data traversing between the vehicle and server is collected, stored, and logged over a period of time in different systems or environments. This puts the vehicle data at risk of being impacted by the Log4Shell vulnerability.

By exploiting the connection between the vehicles and company servers, threat actors can access company assets. This can be achieved by communicating directly with the telematics data servers, to the back-end infrastructure and internal servers, bypassing many existing security controls in place.

As a matter of fact, this vulnerability can be exploited by inserting arbitrary code in a user-input field through applications, such as an infotainment system.

We witnessed how internal systems can be affected by these kinds of attacks as well as originate from the vehicle interface in 2019. In this incident, a hacker manipulated his Tesla model 3 by setting a nickname for his car, which led the OEM’s server into exposing private vehicle information. The hacker discovered a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain — and possibly modify — vehicle information. He was able to expose some internal Tesla application data.

Exploiting the vulnerability in different attack vectors.

 

Upstream’s Holistic Approach to Mitigation and Protection

Upstream’s products and services for automotive cybersecurity have worked together to create a full immediate response to the disclosure of the Log4Shell vulnerability.

Once an alert was triggered, our researchers learned and identified the problem, and its potential risks. After a thorough and fast evaluation, they worked with our VSOC operations team, to take protective steps and measures to allow our customers to have early detection and response capabilities.

Upstream’s platform monitors connected vehicle data and communications with the automotive application servers. The platform secures the dataflow and alerts on injection attacks, through purpose-built detection capabilities that flag these sorts of attacks.

In light of the disclosure of the Log4Shell vulnerability, our platform’s detection abilities for injections was extended to include the detection of the Log4Shell exploit in connected automotive data; be it vehicle data or companion-app back-end data. Adding a Log4Shell detection capability, The Upstream Platform provides early detection and response of any attempt to exploit this vector of communication, mitigating against any exploitation attempt of this vector.

Thanks to The Upstream Platform, combined with our AutoThreat® Intelligence and VSOC service, many CISOs learned about the patch before even learning about the Log4Shell vulnerability.

Newsletter Icon

The 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

Originally published on: April 11, 2024 The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is…

Read more

Korean OEM Hack Emphasizes the Urgent Need for Strong API Security in Connected Vehicles

The rise of connected vehicles marks a significant milestone in automotive innovation, providing advanced features such as remote start, real-time navigation, and diagnostics. These smart…

Read more

US Push for Cybersecurity: Banning Chinese and Russian Technology in Connected Vehicles

With the rise of connected vehicles, the line between the automotive and technology sectors has become increasingly blurred. Vehicles today are not just mechanical machines;…

Read more

As Cyber Risks Escalate, ISO/WD 24882 Sets New Standards for Safety and Availability in Agricultural OEMs

The digital transformation sweeping through the Automotive and Mobility ecosystem has also made its mark on the Agriculture sector. As a result, OEMs, suppliers, and…

Read more
Skip to content