Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Automobile Computer Security

advertisement 
Automobile Computer Security
Kyle Gehrman
Adam Hodges
The Modern Car
• Electronic Control Unit (ECU)
• Controller Area Network (CAN)
o Found in virtually all modern cars since ~2003
Some modern cars have over 80 ECUs in the CAN
Accessing the CAN
• Early CANs were wired
o Assumed closed network
• More recent CANs contain wireless components
o Massive security implications
• Just how safe is a modern CAN?
o Experimental study done in 2010 by researchers at
Univeristy of Washington and University of California
Experimental Security Analysis
• Researchers used two identical 2009 model cars
• Wrote a packet sniffer/injection tool, introduced into the CAM
by simply plugging a device in to the car's federally
mandated universal OBD-II diagnostics port
• Used "fuzzing" to enumerate the commands that the car
responds to
• Using the commands they discovered, performed live tests
to see how much of the car they could control
Results
• Researchers could not only fully control the car using their
device, they could do it while the car was going 40 MPH
• Among the things they could control:
o Disable brakes
o Engage brakes
o Disable wipers and continuously spray fluid
o Permanently activate horn
o Kill engine
o Unlock all doors
• Also found that they could write programmatic commands, or
"viruses", that would activate under certain conditions
o Disable all lights when driving over 40MPH
• Even though they had physical access to the CAN, they
noted that the same commands could potentially be
executed wirelessly
The Problem
• CAN is an insecure low-level protocol
• Every message is an unencrypted plain-text broadcast to
every device on the CAN
• Possible messages and communication procedures are
often documented and made available freely
• No component authentication
• Any device can send a command to any other devices.
o Atttacker could use tire pressure gauge to turn off brakes
The Solution
• Auto manufacturers need to recognize this security flaw in
the CAM if they are using wireless ECU communication
• Controller authentication
o Only valid controllers can communicate on the CAN
• Encrypted communication
o Must be high performance, so use symmetric key
o Distribute symmetric key using asymmetric encryption
during authentication
• Firewall
o Restrict a components commands to only those essential
to its function
Conclusion
• Auto makers need to understand the seriousness of having
networked car components and take security measures
accordingly
• These security flaws are growing in seriousness as cars
automate more and more things
o Electric steering and acceleration
• With the emergence of bluetooth connected ECUs, this is a
serious security issue that cannot be ignored any longer.
References
Experimental Security Analysis of a Modern Automobile
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5504804&
tag=1
Security in Automotive Bus Systems
http://weika.eu/papers/WolfEtAl_SecureBus.pdf
Hacking Cars
http://dl.acm.org/citation.cfm?id=2018396 (pg 18)
Highway Robbery: Car Computer Controls Could Be Vulnerable
To Hackers
http://www.scientificamerican.com/article.cfm?id=wireless-carhacking
Related documents
Car Hacking
Car Hacking
Abacus WorkLite Sales PresoJan2014Bangladesh
Abacus WorkLite Sales PresoJan2014Bangladesh
A GLOBAL VIEW OF OPERATIONS EXAMPLE OF A BUSINESS
A GLOBAL VIEW OF OPERATIONS EXAMPLE OF A BUSINESS
Basic vi Commands Presentation
Basic vi Commands Presentation
American Muscle Cars
American Muscle Cars
MANDATOS FORMALES
MANDATOS FORMALES
Design for Human Computer Interaction
Design for Human Computer Interaction
PACE Lesson Example with formal commands
PACE Lesson Example with formal commands
Using Data to Inform Instruction
Using Data to Inform Instruction
File
File
Lecture 3.2
Lecture 3.2
Total Car Management “TCM”
Total Car Management “TCM”
Pronoun antecedent
Pronoun antecedent
risk management matrix - Student Life at UMHB
risk management matrix - Student Life at UMHB
ESPM10Lecture
ESPM10Lecture
Using Show Commands Instructions IG
Using Show Commands Instructions IG
Affirmative Tú Commands
Affirmative Tú Commands
File
File
Document
Document
Affirmative "Tú" Commands
Affirmative "Tú" Commands
EFRA 1/8 GT / Rally Game Rules. DEFINITION of the CAR GT / Rally
EFRA 1/8 GT / Rally Game Rules. DEFINITION of the CAR GT / Rally
File - BSC Economics
File - BSC Economics
Download
advertisement