Scribd
Upload
100 views9 pages

Automobile Computer Security: Kyle Gehrman Adam Hodges

The researchers were able to fully control two 2009 model cars through their onboard computer networks (CAN) by simply plugging a device into the diagnostics port, allowing them to disable brakes, control steering, and more while driving 40 MPH. The CAN uses unencrypted wireless communication between electronic control units, presenting serious security risks. Auto manufacturers must implement authentication, encryption, and firewalls to restrict access and secure increasingly automated vehicle systems from potential remote hackers targeting components like electric steering or acceleration controls through Bluetooth or other wireless means.

Uploaded by

mharitms
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
100 views9 pages

Automobile Computer Security: Kyle Gehrman Adam Hodges

The researchers were able to fully control two 2009 model cars through their onboard computer networks (CAN) by simply plugging a device into the diagnostics port, allowing them to disable brakes, control steering, and more while driving 40 MPH. The CAN uses unencrypted wireless communication between electronic control units, presenting serious security risks. Auto manufacturers must implement authentication, encryption, and firewalls to restrict access and secure increasingly automated vehicle systems from potential remote hackers targeting components like electric steering or acceleration controls through Bluetooth or other wireless means.

Uploaded by

mharitms
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

Automobile Computer Security

Kyle Gehrman
Adam Hodges
The Modern Car
Electronic Control Unit (ECU)
Controller Area Network (CAN)
o Found in virtually all modern cars since ~2003

Some modern cars have over 80 ECUs in the CAN


Accessing the CAN

Early CANs were wired


o Assumed closed network

More recent CANs contain wireless components


o Massive security implications

Just how safe is a modern CAN?


o Experimental study done in 2010 by researchers at
Univeristy of Washington and University of California
Experimental Security Analysis

Researchers used two identical 2009 model cars

Wrote a packet sniffer/injection tool, introduced into the CAM


by simply plugging a device in to the car's federally
mandated universal OBD-II diagnostics port

Used "fuzzing" to enumerate the commands that the car


responds to

Using the commands they discovered, performed live tests


to see how much of the car they could control
Results
Researchers could not only fully control the car using their
device, they could do it while the car was going 40 MPH
Among the things they could control:
o Disable brakes
o Engage brakes
o Disable wipers and continuously spray fluid
o Permanently activate horn
o Kill engine
o Unlock all doors
Also found that they could write programmatic commands, or
"viruses", that would activate under certain conditions
o Disable all lights when driving over 40MPH
Even though they had physical access to the CAN, they
noted that the same commands could potentially be
executed wirelessly
The Problem

CAN is an insecure low-level protocol

Every message is an unencrypted plain-text broadcast to


every device on the CAN

Possible messages and communication procedures are


often documented and made available freely

No component authentication

Any device can send a command to any other devices.


o Atttacker could use tire pressure gauge to turn off brakes
The Solution

Auto manufacturers need to recognize this security flaw in


the CAM if they are using wireless ECU communication

Controller authentication
o Only valid controllers can communicate on the CAN
Encrypted communication
o Must be high performance, so use symmetric key
o Distribute symmetric key using asymmetric encryption
during authentication
Firewall
o Restrict a components commands to only those essential
to its function
Conclusion

Auto makers need to understand the seriousness of having


networked car components and take security measures
accordingly

These security flaws are growing in seriousness as cars


automate more and more things
o Electric steering and acceleration

With the emergence of bluetooth connected ECUs, this is a


serious security issue that cannot be ignored any longer.
References

Experimental Security Analysis of a Modern Automobile


http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5504804&
tag=1

Security in Automotive Bus Systems


http://weika.eu/papers/WolfEtAl_SecureBus.pdf

Hacking Cars
http://dl.acm.org/citation.cfm?id=2018396 (pg 18)

Highway Robbery: Car Computer Controls Could Be Vulnerable


To Hackers
http://www.scientificamerican.com/article.cfm?id=wireless-car-
hacking

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy